Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #71  
Old 04-30-2007, 03:42 AM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

@tracky: Ahhhhhhh, thanks so much !!!
That was veeery important for me !
Because then I remembered, that I had problems before with using 'special' APIs. With special APIs I mean the ones, which got to return a value into ur own variable (got to have access to ur code). I've never had problems with all other APIs. I was searching for days and days for a solution, and only found some statements, that it's sometimes hard to do so (with my Visual Studio version ?).
Anyway now I can compare and track it down !!!
I've only tested ur code - and it works fine....

Greets
Reply With Quote
  #72  
Old 04-30-2007, 04:04 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Lightbulb This is WHY ?

First of all I wanna apologize to UFO coz I thought he sent me the IrisSkin serial !

Well done Tracky ,.... very good job.

Now This is why UFO keygen doesn't work ...

http://www.filesend.net/download.php...d5bf8f7f8010dc
__________________
Life can only be understood backwards but It must be read forwards.

Last edited by Kurapica : 05-01-2007 at 05:38 AM.
Reply With Quote
  #73  
Old 04-30-2007, 05:44 AM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

Quote:
Originally Posted by tKC View Post
Now This is why UFO keygen doesn't work ...
OMFG, a tut on my fault
Sry for my blindness. Next time I should check the code character by character, before I start acting like a hysterical little girl
Thanks, tKC, u saved my f* day !!!

At this point, if somebody is interested... why not throwing in some older (and very easy) .NET-CrackMes by me:
_http://www.pirateshare.net/?id=7303626
Have fun...
Reply With Quote
  #74  
Old 04-30-2007, 07:57 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

SWF-Tutorial for CrackMe3:
_http://www.tuts4you.com/forum/index.php?act=attach&type=post&id=1385


@tKC: If u're still interested in new targets for tuts...
A CrackMe -> _http://rapidshare.com/files/28727548/SampleCrackme.zip
Protected with -> _http://www.maxtocode.com/
Seems to be hard sh!t

Greets
Reply With Quote
  #75  
Old 05-01-2007, 03:27 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Thumbs up Thanks

Thanks for the links

Will try my best ...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #76  
Old 05-02-2007, 03:46 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Angry It's something new !

I agree with you, It's kindo hard but still crackable...
nothing can be seen in reflector,All code is ripped from methods but later process memory is written back after decryption.

still looking...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #77  
Old 05-09-2007, 08:30 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Post Unpacking

My first notes on MaxtoCode ....

tell me what u think..
Attached Files
File Type: zip MaxtoCode.zip (42.0 KB, 61 views)
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #78  
Old 05-10-2007, 03:33 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Great job tKC,
here is something i've found in net.

Quote:
using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;

public class InFaceMaxtoCode
{
static InFaceMaxtoCode()
{
InFaceMaxtoCode.started = false;
}

[DllImport("MRuntime3.dll", EntryPoint="CheckRuntime", CharSet=CharSet.Unicode, SetLastError=true, ExactSpelling=true)]
private static extern int A______();
[DllImport("KERNEL32.DLL", EntryPoint="GetModuleHandleA", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern int B______(string x13d52f7d8e232e61);
private static string ByteToString(byte[] x5fc6100148519126)
{
return Encoding.ASCII.GetString(x5fc6100148519126);
}

[DllImport("MRuntime3.dll", EntryPoint="MainDLL", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern bool C______(int x19218ffab70283ef, int xe7ebe10fa44d8d49);
[DllImport("KERNEL32.DLL", EntryPoint="SetEnvironmentVariableA", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern bool D______(string x427bb0e14ed9e9b1, string x84ee6c5b88919f4c);
public static void Startup()
{
if (!InFaceMaxtoCode.started)
{
string text1 = "";
string text2 = "MRuntime3.dll";
if (AppDomain.CurrentDomain.RelativeSearchPath != null)
{
if (AppDomain.CurrentDomain.RelativeSearchPath.IndexO f(@":\") != -1)
{
text1 = AppDomain.CurrentDomain.RelativeSearchPath;
}
else
{
text1 = AppDomain.CurrentDomain.BaseDirectory + AppDomain.CurrentDomain.RelativeSearchPath;
}
}
else
{
text1 = AppDomain.CurrentDomain.BaseDirectory;
}
string text3 = Environment.GetEnvironmentVariable("path");
if (text3.IndexOf(text1) == -1)
{
InFaceMaxtoCode.D______("path", text3 + ";" + text1.Replace("/", @"\"));
}
if (text1.Substring(text1.Length - 1, 1) == @"\")
{
text1 = text1;
}
else
{
text1 = text1 + @"\";
}
if (File.Exists(text1 + text2) && !File.Exists(Path.GetTempPath() + text2))
{
File.Copy(text1 + text2, Path.GetTempPath() + text2);
}
if (text3.IndexOf(Path.GetTempPath()) == -1)
{
InFaceMaxtoCode.D______("path", text3 + ";" + Path.GetTempPath().Replace("/", @"\"));
}
int num1 = 5;
num1 = InFaceMaxtoCode.A______();
if (num1 == 0)
{
int num2 = InFaceMaxtoCode.B______(text2);
int num3 = InFaceMaxtoCode.B______(Assembly.GetExecutingAssem bly().Location);
InFaceMaxtoCode.started = InFaceMaxtoCode.C______(num2, num3);
}
else
{
//Garbage
}
}
}


private static bool started;
}


Startup Function:
public static void Startup()
{
if (!InFaceMaxtoCode.started)
{
int num1 = 5;
num1 = InFaceMaxtoCode.A______();
if (num1 == 0)
{
int num2 = InFaceMaxtoCode.B______(text2);
int num3 = InFaceMaxtoCode.B______(Assembly.GetExecutingAssem bly().Location);
InFaceMaxtoCode.started = InFaceMaxtoCode.C______(num2, num3);
}
else
{
//Garbage
}
}
Reply With Quote
  #79  
Old 05-10-2007, 05:57 AM
tracky tracky is offline
Member
 
Join Date: Apr 2007
Posts: 14
Default

I know someone was made the MaxtoCode Unpacker,But not release!
Reply With Quote
  #80  
Old 05-10-2007, 07:40 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Work on a MaxToCode upacking will start as soon as i finished the Eziriz .NET Reactor unpacker, i think its not that hard to code once u know where all encrypted code is stored.
Once the loader menthod is fully de-obfuscated and decompiled its only a matter of a few hours to code a fully working unpacker.

Regards,
LibX // RETeam
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.