Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #361  
Old 02-21-2008, 01:35 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default

Since i am a newbie here, this question. Can we discuss here commercial applications security and cr@cking stuff here or do we contact by PM.

I have done a few commercial .net programs and applications so far and would like to learn a lot in .Net reversing.

Last edited by kesk : 02-21-2008 at 01:36 AM. Reason: .net
Reply With Quote
  #362  
Old 02-21-2008, 12:36 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Quote:
Originally Posted by kesk View Post
Since i am a newbie here, this question. Can we discuss here commercial applications security and cr@cking stuff here or do we contact by PM.

I have done a few commercial .net programs and applications so far and would like to learn a lot in .Net reversing.
I'm not 1337 in .NET and I'm not one of the moderators of this board, but I think that we can discuss the protection schemes in commercial software and how to break them, maybe a tutor or a flash movie would be nice too, anyway you must avoid posting any Patch or Crack for a commercial targets.

Many boards prevent discussing commercial software but RET board is a bit lenient and that's what makes me always post here

gReetz
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #363  
Old 02-21-2008, 03:00 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Wink DeObfuscator 0.4.1

What's new

1 - Fixed a bug so that It works fine with Vista
2 - User interface uses XP themes

http://rapidshare.com/files/93750635...a_Fix.rar.html
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #364  
Old 02-22-2008, 08:53 AM
tankaiha tankaiha is offline
Member
 
Join Date: May 2007
Posts: 30
Default

Quote:
Originally Posted by Kurapica View Post
What's new

1 - Fixed a bug so that It works fine with Vista
2 - User interface uses XP themes

http://rapidshare.com/files/93750635...a_Fix.rar.html
the best name deobfuscator for .net
thx
Reply With Quote
  #365  
Old 02-26-2008, 01:13 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default

This is with regard to mCore .NET SMS library. I have a tough time writing a keygen for the dll since its heavily obsfucated. Without a proper license key, it displays a icon in the systray, all sent SMS have a 'Powered by Logix Mobile' appended, when the inbox is read, after 5 msgs 'mCore - Trial Version' is shown.

Instead of writing a keygen, i modified the IL code not to show the systray icon and removed the 'Powered by Logix Mobile' text. But i cant find where the inbox is read & how it shows the 'mCore - Trial version' after 5 msgs.

The installation file is only 1.1MB and can be downloaded from
hxxp://rapidshare.com/files/94986036/mCoreLib.rar

and my cracked dll can be downloaded from
hxxp://rapidshare.com/files/93331216/mCore_1_2_4_0_Cracked.rar

Would any body would help me. TIA.
Reply With Quote
  #366  
Old 02-26-2008, 02:09 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default

Well,

After posting the above, i could solve the 5 msg limit also. The only thing left is to make a keygen. I can point to the right place where the key is checked, and here is where i need help from experienced people.

The recent corrected dll is here

hxxp://rapidshare.com/files/94991835/mCoreLib_1_2_4_0.rar

kesk
Reply With Quote
  #367  
Old 02-27-2008, 10:21 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

I wish that the help you need had been more general and not specific to some commercial software !! maybe then I could have had enough motive to dig and help...

Good luck
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #368  
Old 03-03-2008, 05:46 AM
drake7707 drake7707 is offline
Junior Member
 
Join Date: Mar 2008
Posts: 4
Default

Hi,

I was trying to reverse engeneer some parts of notebook hardware control, but it seems the executable is obfuscated.

I can open it with Reflector, but every method, class is just a square :/ (that's why i guess it's probably obfuscated)

I've tried your deobfuscator, Kuparica, but it gives me the following error:

Quote:
Can't open assembly for DeObfuscation !!
This error is usually raised because of invalid PE files so try to fix the assembly and try again !

Object reference not set to an instance of an object.
So i used Simple Assembly Explorer by WiCKY Hu, and tried to do a peverify from there and i get md5 structure errors:

Quote:
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x00000016, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x00000017, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x00000018, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x00000019, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x0000001c, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x0000001d, has coded rid out of range.
[MD](0x80131205): Error (Structural): Table=0x0000000c, Col=0x00000000, Row=0x0000001e, has coded rid out of range.
...
Using the deobfuscator in simple assembly explorer gives me a null pointer exception (the same error deobfuscator gave me):

Quote:
System.NullReferenceException: Object reference not set to an instance of an object.
at Mono.Cecil.AggressiveReflectionReader.ReadCustomAt tributes()
at Mono.Cecil.AggressiveReflectionReader.VisitTypeDef initionCollection(TypeDefinitionCollection types)
at Mono.Cecil.ReflectionReader.VisitModuleDefinition( ModuleDefinition mod)
at Mono.Cecil.StructureReader.TerminateAssemblyDefini tion(AssemblyDefinition asm)
at Mono.Cecil.AssemblyDefinition.Accept(IReflectionSt ructureVisitor visitor)
at Mono.Cecil.AssemblyFactory.GetAssembly(String file)
at SimpleAssemblyExplorer.frmDeobf.btnOK_Click(Object sender, EventArgs e)
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventAr gs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.O nMessage(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.W ndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
I have no idea what kind of obfuscator is used, but i'm also quite new at reverse engeneering so you guys/gals might want to take a look if you're interested

I've uploaded it here: http://webs.hogent.be/~701217dk/nhc/nhc.zip

Thanks in advance ^^

Last edited by drake7707 : 03-03-2008 at 05:49 AM.
Reply With Quote
  #369  
Old 03-03-2008, 01:31 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

I checked the Assembly and it seems to be protected with XENOCODE Obfuscator.

It needs a "Name-Serial-Company" info and then saves a file named "nch.dat" in the same EXE directory, then It restarts to verify the license file data seved in this file, but since It's a Pre-release I stopped there and maybe in the future I will have a deeper look.

Greetz
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #370  
Old 03-03-2008, 05:25 PM
drake7707 drake7707 is offline
Junior Member
 
Join Date: Mar 2008
Posts: 4
Default

Quote:
Originally Posted by Kurapica View Post
I checked the Assembly and it seems to be protected with XENOCODE Obfuscator.
Thanks for your reply

Judging from the fact that XeCoString also gives the same error, the exe is using a newer version of Xenocode that cecil is not compatible with ? Are there any other tools that might be able to deobfuscate it so i can browse in it (and actually understand something) with reflector ?

Edit: However it seems that xenoDEcode has no problems opening it and decrypting every string :/, too bad it can't parse the strings together with readable method/class names

Last edited by drake7707 : 03-03-2008 at 07:54 PM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.