Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #31  
Old 04-22-2008, 08:17 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by LibX View Post
Well basicly its not the biggest problem that u can get code back, as long as ur licensing system implementation combined with the protector is good it will be a insane job to crackit (i will post a crackme that needs patching later on )
DNGuard has been worked on for 2 years or more, my protector only 1 week its insane to put so much time into simple code protection when its easy to just patch a protected app afterwards.
my code protector isn't that good since its easy to use in memory reflection, but still it took u guys 3-4 days to come up with the solution and thats far longer than it would take to reverse obfuscated code

But thats just my optnion

regards
LibX
yes, your protector is better than obfucator, but also obfucation is necessary. without obfuscate, your protector can be easily reversed.

after i got your sample run on a xp machine, i spend several hours to get code back, it's much more hard than obfuscation.

waiting for your new crackme.

regards
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #32  
Old 04-22-2008, 11:32 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Hi bigmouse,

interesting analysis of current protectors. Thank you.

At the moment I'm trying out Themida respectively WinLicense and it seems running nicely. However, do you (or other members of this forum) know something about the protection strength of this packer or its weaknesses?
I'm especially interested if it does something to the .net code so that the original code is not reproducable. There seems to be no obfuscation in place, which could prevent this.

Any information on this protection and its strength is highly appreciated.

Regards,

Andu
Reply With Quote
  #33  
Old 04-22-2008, 11:38 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by Andu View Post
Hi bigmouse,

interesting analysis of current protectors. Thank you.

At the moment I'm trying out Themida respectively WinLicense and it seems running nicely. However, do you (or other members of this forum) know something about the protection strength of this packer or its weaknesses?
I'm especially interested if it does something to the .net code so that the original code is not reproducable. There seems to be no obfuscation in place, which could prevent this.

Any information on this protection and its strength is highly appreciated.

Regards,

Andu
The runtime is protected with Themida, not the il code
Reply With Quote
  #34  
Old 04-22-2008, 11:48 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
Hi bigmouse,

interesting analysis of current protectors. Thank you.

At the moment I'm trying out Themida respectively WinLicense and it seems running nicely. However, do you (or other members of this forum) know something about the protection strength of this packer or its weaknesses?
I'm especially interested if it does something to the .net code so that the original code is not reproducable. There seems to be no obfuscation in place, which could prevent this.

Any information on this protection and its strength is highly appreciated.

Regards,

Andu
themida/winlicense support .Net assemblies, but it use whole assembly encrypte protection.
so you know.......

but also like reactor's library mode.
it's wiped some peheader value.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #35  
Old 04-22-2008, 11:59 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

So it is as bad as .net Reactor or did I get something wrong...?
Reply With Quote
  #36  
Old 04-22-2008, 12:50 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
So it is as bad as .net Reactor or did I get something wrong...?
i'm not sure, maybe i remember something wrong.
at least, assemblies can be rebuild by using reflection.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #37  
Old 04-22-2008, 01:16 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by bigmouse View Post
themida/winlicense support .Net assemblies, but it use whole assembly encrypte protection.
so you know.......

but also like reactor's library mode.
it's wiped some peheader value.
My own generic .net unpacker dumps it just fine, .net protection from themida/winlicense sucks bigtime
Reply With Quote
  #38  
Old 04-22-2008, 01:18 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by bigmouse View Post
yes, your protector is better than obfucator, but also obfucation is necessary. without obfuscate, your protector can be easily reversed.

after i got your sample run on a xp machine, i spend several hours to get code back, it's much more hard than obfuscation.

waiting for your new crackme.

regards
Final version will have build in control flow obfuscation also
Reply With Quote
  #39  
Old 04-22-2008, 03:31 PM
karlranseier karlranseier is offline
Member
 
Join Date: Apr 2008
Posts: 12
Default

Quote:
Originally Posted by LibX View Post
Final version will have build in control flow obfuscation also
any plans about pricing or a free version yet?
Reply With Quote
  #40  
Old 04-22-2008, 06:16 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by karlranseier View Post
any plans about pricing or a free version yet?
Iam not going to awnser any questions about this sorry, when its done its done, if its free its free
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.