Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #81  
Old 05-10-2007, 07:42 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Smile CrackME #9

Check this new one ,... at least it opens in refletor

http://www.filesend.net/download.php...3dc693ddb61ace

If you have some time and .NET framework 1.1 maybe you should check my new mp3 player and tell me what you think..

http://www.filesend.net/download.php...2d4c7adc25079d


Greetings...
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #82  
Old 05-10-2007, 11:13 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Thumbs up

Regarding MaxtoCode:
Definitively interesting stuff. I like this .net+.dll thingy. I'm planing to write a tutorial about keygenning another .net target, which checks the serial outside in a dll. I've found an easy way to break at the right place with Olly
But it doesn't work for MaxtoCode... too low... no way :/
Keep it on, dudes, I'm curious, how u'll own it !

Quote:
Originally Posted by tKC View Post
Check this new one ,...
Oh noes, he's seriously going crypto... oO
I was thinking like 'Wait a minute, I'll pwn it with a Lic.ini-FileMaker !',
but I got stuck again, since I've got no experience with crypto...
I failed when trying to turn it around:
Code:
...
Dim signature As Byte() = Convert.FromBase64String(Me.Fun1("Signature", ""))
'Dim buffer As Byte() = Convert.FromBase64String(Me.Fun1("Key", ""))
Dim buffer As Byte() = provider.SignData(signature, "SHA1")   <-- :/
...
VS keeps telling me some sh!t about 'only the public half of a key pair'...


Quote:
If you have some time and .NET framework 1.1 maybe you should check my new mp3 player and tell me what you think..
Framework 1.0, 1.1, 2.0 over here.
Goodlooking and nice size, but Drag&Drop's always cool for lazy asses like me
Maybe it's just a problem on my box, but it plays opened music very oddly.
I've tested several .mod and .mp3 - absolutely distorted sound.
I'll check it on another box...

Cheers
Reply With Quote
  #83  
Old 05-12-2007, 05:48 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Quote:
I know someone was made the MaxtoCode Unpacker,But not release!
I think this is an unpacker for MaxToCode you said.
http://rapidshare.com/files/30567002...deUnpacker.zip
Reply With Quote
  #84  
Old 05-12-2007, 08:28 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Question Asymmetric Keys ? WTF ?

@ tKC:
Erm, is ur latest CrackMe at all intendend to be like a PatchMe or more like a KeyFileMe
Ima utter crypto noob, but I'm really interested, so I did some more reading about asymmetric keys. Maybe I'm still wrong, but as far as I read, it seems, that I actually can NOT sign data with the used XmlString , coz it only holds the public key.
And I'd need the private key to do the job. Is that right ?
Just say, that I'm a dumpy b!tch and don't know, what I'm talking about, and I'll simply go on reading. This is interesting sh!t...

Thanks
Reply With Quote
  #85  
Old 05-14-2007, 11:39 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default You'r damn right UFO

First of all I wanna thank you for your efforts, although I read your first reply to this one, yes since its an RSA then keep in your mind that you can't keygen it ! simply because you need the private key also to create a valid license file for this babe, I only included the public key in the CrackME, I didn't want to tell you first because I wanted you to find that by yourself , This technique is used to protect several commercial software like smartassembly and .net reactor, so keep in mind that you will need both keys the private and the public here, but the only way to crack it is to patch the code when it calls Verify method.
It checks for a license key too before so be careful.
I think it was a good crackme though since it made you read about Assymetric shit.

soon I will post the source code and the License file maker so that you can compare your work with it.

regarding the Drag and drop feature in The MP3 player, I finally added it and it works for folders too, thanks for the tip too, I tried to find the ug that causes the sound to be distorted and I hope this patch works ....

http://www.filesend.net/download.php...792ee028a4775d

Greetings.
tKC
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #86  
Old 05-14-2007, 12:27 PM
zilot zilot is offline
Member
 
Join Date: May 2007
Posts: 6
Default

Hello people,

I have some questions regarding .NET unpacking. I'm delaing with one target that looks like maxTocode (according to what I read here about maxtocode) but actually is little bit different.

First of all CLI header is not visible in reflector=>it is not present. When dump application with PeTools at _corexemain function, after loading dump in reflector all names are obfuscated in manner there are only squares (hence not redable). You mentioned use of virtualprotect function, indeed it is called several times with some area code protecting deprotecting, when inspect that piece of code with SoftIce I cant conclude what it does, it encrypts/decrypts that code, and after decription it use it for calculating some keys I thing, but even when I fill decrypted piece of code with zeros in some range program runs normally (for that decrypted keys pair), that keys have some strange values for examle AABBCDEGR, I mean only some junk letters (no other characters).

I cant find nowhere in memory some other place with PE header information except those I dumped. So have you some other knowledge of how does these new protectors work at all. Do they hook some API, and CLR when runs them actually does decryption on the fly. I dont know very well how FRAMEWORK functioning so can not make proper suggestion.

I cant provide target for now, because of poor internet connection here where I am, maybe in day or two, when change location.

Thank for any hit.
Reply With Quote
  #87  
Old 05-14-2007, 03:51 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@Ufo:
I didn't see the crackme of tkc. But he says that it's RSA. Then you must see if this is 1024 Bit RSA or less. When it's encrypted with more than 1024 bits, then we can't make a keygen. But when it's less than 1024 bits, then you can use RSA Tools to decrypt the private key and make keygen with this key.
And one hint: One of my friends had to let his computer 4 days running when he wants to break a 512bits RSA. .

@Zilot:

Quote:
First of all CLI header is not visible in reflector=>it is not present. When dump application with PeTools at _corexemain function
Can you tell me more clearly how you do that?



Regards.
rongchaua

Last edited by rongchaua : 05-14-2007 at 03:58 PM.
Reply With Quote
  #88  
Old 05-14-2007, 04:02 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

When its possible to crack RSA512 on ur personal computer its not a good implementation normally it takes a very large computer cluster months to factorize a key like that
Its just not possible to break a RSA512 key with a good random generator generated on ur home computer.

Regards,
LibX // RETeam


Quote:
Originally Posted by rongchaua View Post
@Ufo:
I didn't see the crackme of tkc. But he says that it's RSA. Then you must see if this is 1024 Bit RSA or less. When it's encrypted with more than 1024 bits, then we can't make a keygen. But when it's less than 1024 bits, then you can use RSA Tools to decrypt the private key and make keygen with this key.
And one hint: One of my friends had to let his computer 4 days running when he wants to break a 512bits RSA. .

@Zilot:


Can you tell me more clearly how you do that?



Regards.
rongchaua
Reply With Quote
  #89  
Old 05-14-2007, 07:18 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

Quote:
Originally Posted by rongchaua View Post
...you must see if this is 1024 Bit RSA
It is
But that's no problem: Since 2 days I've already got 5 friend's boxes running simultaniously to do the job. -> just kidding <-

@tKC: Ur patch made the player work like a charm. In dead earnest - I like it. Looks like a sh!tload of coding hours. Very nice job - motivated me to go on with VB.NET
And I'll definitively test it a bit more...

Cheers
Reply With Quote
  #90  
Old 05-15-2007, 01:41 PM
zilot zilot is offline
Member
 
Join Date: May 2007
Posts: 6
Default

Quote:
Originally Posted by rongchaua View Post

@Zilot:


Can you tell me more clearly how you do that?
bpmb at _corexemain

Si Pops Up,

type a eip
jmp eip

then exit Si, and dump

@tKC
what was with your further explanation about virtualprotect, you've stopped your last tut at that point. I'm curious.......come on
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.