 |
 |
 |
 |
 |
 |
 |
 |
 |
 |
|
|
|
|
|
||||||||||
|
||||||||||||||
|
||||||||||||||
|
#111
05-24-2007, 08:38 AM
|
|||
|
|||
Quote:
1. You have to remove SN from B.dll 2. You have to remove SN from A.dll, and token related to B.dll 3. You have to remove SN from M.exe and token related to A.dll after all of that it will work. with modified B.dll. Recently I've dealt with activeX for NET that worked in this manner, A was main activeX dll, B was dll for time checking, and compiled application was M. 
|
|
#112
05-24-2007, 08:42 AM
|
|||
|
|||
|
tKC....
will you continue with your latest tutorial. You've stopped with virtual protect, come on man, write down here, or in tut about string decryption. As I see your Crackme #9 has exactly what I want to know. As soon as I can, I will upload target I spoke about.
|
|
#114
05-26-2007, 07:28 AM
|
|||
|
|||
|
Ok
this is the target I spoke about, try yourself. Original file is protected and there is license checking, it is Xheo license system. If you unpack original NET file, by removing calls to Xheo dll you should pass license protection. I couldnt unpack file  http://www.icefile.net/index.php?pag...e=Digimoto.rar
|
|
#115
05-27-2007, 05:34 AM
|
|||
|
|||
This is the managed resources pack
__________________
Life can only be understood backwards but It must be read forwards.
|
|
#116
05-27-2007, 09:39 PM
|
|||
|
|||
First LOL, then WTF
Quote:
 Well, smartkill works like a charm now - u can drag in anything u want... EXE or dump. It finds its way and decodes ur shit correctly  No dumping needed anymore. I've added other functions, too, but it needs some more finetuning before getting posted again. Only some mins ago, I've tried to open up ur player in reflector to see if smartkill gives me the right values, but... WTF ? I didn't know that option of smartass before ! "Incorrect MetaData" added... huh ? And I don't see a single piece of shit in reflector... This is interesting. It adds ~10 bytes to the MetaData, but I didn't understand, yet, what it really does... Aargh, it makes smartkill useless - should definitively be the next target to be cleared up...  Greets
|
|
#117
05-28-2007, 04:38 AM
|
|||
|
|||
|
Ok, I've played a bit with its options and got an overview...
Summary about SmartAss's anti stuff(so far): -Strings encoding... solved -StrongName signing... solved -Classes/Methods obfuscation... hum -MetaData alienation... hum So still lot of work left. Obfuscation doesn't really hinder us reversing, but maybe there's also a way to make things easier... @tKC: but u're right, it rox. I was looking for a .net packer. I did not know, that it also does a great job on that  But it doesn't like smartkill at all :/ It fails building - even with all options unchecked. Maybe I should send 'em smartkill, to see what's wrong with it ???  Greets Last edited by UFO-Pu55y : 05-28-2007 at 05:16 AM.
|
|
#118
05-28-2007, 05:50 AM
|
|||
|
|||
This is a good paper
It's actually one page but I have a hard copy of it attached to my monitor !
Link was removed but fixed at 127 UFO... Deobfuscation is hard shit but still doeable ... main problem I face is lack of documentation on .Net PE structure.  P.S : I forgot to include ntoskrnl paper ! but you can grab it from www.pmode.net
__________________
Life can only be understood backwards but It must be read forwards. Last edited by Kurapica : 05-29-2007 at 11:03 AM.
|
|
#119
05-28-2007, 07:16 AM
|
|||
|
|||
|
|
|
#120
05-28-2007, 08:18 AM
|
|||
|
|||
|
Quote:
I like it ! But C# again... hum. Will try to make a gui version Last edited by UFO-Pu55y : 05-28-2007 at 08:40 AM.
|
Linear Mode
