Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #41  
Old 04-22-2008, 06:59 PM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Quote:
My own generic .net unpacker dumps it just fine, .net protection from themida/winlicense sucks bigtime
Well, that was to be expected, but thank you anyway. If it's possible to unpack this protection with a generic unpacker then there is no protection.

Anyway I looked into DnGuard. Although they've worked on it for over two years, the interface looks really crapy and if I were them I would polish it in the first place. Also their site is obviously down and I had to test an older version from 2007.
But what counts is what it does, right? And so far I'm really impressed. It's working fast and all function-bodies are gone.

Is there a method or a tool to unprotect DnGuard protected assemblies or is it the only protection that has not been broken so far?

Regards,

Andu
Reply With Quote
  #42  
Old 04-22-2008, 07:17 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by Andu View Post
Well, that was to be expected, but thank you anyway. If it's possible to unpack this protection with a generic unpacker then there is no protection.

Anyway I looked into DnGuard. Although they've worked on it for over two years, the interface looks really crapy and if I were them I would polish it in the first place. Also their site is obviously down and I had to test an older version from 2007.
But what counts is what it does, right? And so far I'm really impressed. It's working fast and all function-bodies are gone.

Is there a method or a tool to unprotect DnGuard protected assemblies or is it the only protection that has not been broken so far?

Regards,

Andu
Err i don't think its about the interface, its about if the protection is working yes or no.
Even seen the Dotfuscator interface? well it looks like shit but the obfuscator itself works prefectly specialy if u enable advanced overloading.
BTW aspack has the same crapy interface and has been used for years by tons of people
Reply With Quote
  #43  
Old 04-22-2008, 09:21 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
Well, that was to be expected, but thank you anyway. If it's possible to unpack this protection with a generic unpacker then there is no protection.

Anyway I looked into DnGuard. Although they've worked on it for over two years, the interface looks really crapy and if I were them I would polish it in the first place. Also their site is obviously down and I had to test an older version from 2007.
But what counts is what it does, right? And so far I'm really impressed. It's working fast and all function-bodies are gone.

Is there a method or a tool to unprotect DnGuard protected assemblies or is it the only protection that has not been broken so far?

Regards,

Andu
for its trial version, not really encrypted ilcode, rongchahua have done a tool.
but for other edition, can not yet.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #44  
Old 04-22-2008, 09:24 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by LibX View Post
Final version will have build in control flow obfuscation also
very nice
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #45  
Old 04-28-2008, 12:44 PM
Hannibal Hannibal is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

Greetings all -

I stumbled across this thread while doing some google research on .NET reactor; I am trying to find a software which does some code protection, but more importantly, hardware based licensing (with a trial period) for a small .NET application that I've written. I thought I had pretty much settled on Eziriz; but after reading this thread... it would seem that isn't the best choice.

I'm a rather new C# developer; and I can't afford to spend thousands of dollars on a protector / licensing system. I was also considering Xheo DeployLX Express -- but I wasn't real wild about having to buy a second "sales only" edition to give another person the ability to generate keys.

Can you make any recommendations? I've read rongchaua's review of .NET Reactor 3.6, and since that release they've claimed they improved necrobit and obfuscation. The overall review gave it a 6 out of 12... but then again, none of the other completed reviews were any higher than that. I would appreciate any and all suggestions / feedback.

Thanks,
Hannibal

Last edited by Hannibal : 04-28-2008 at 12:51 PM.
Reply With Quote
  #46  
Old 04-28-2008, 02:20 PM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Hi Hannibal,

seems we're sitting in the same boat. As you may have read I'm also searching for a reliable .net protection.

Although my software is not ready yet I think it is a good point in time to look for a solution.

Well, what I have learned so far is that most approaches are not secure. Other's seem to have at least potential and are not broken until now. A protectot which belongs to the second category is DnGuard. However, it has two disadvantages. First: it's extremly pricy. Second: I would have no good feeling buying this software. There are several reasons for this:

-Strange: DnGuard (not cracked), CliSecure (cracked) and MaxToCode (cracked) all share parts of their descriptions. Look at their websites and you know what I mean.
- Also they seem to use nearly the same technology (if you believe their slogans) and all are from china. What is the point with that? Personally that gives me a strange feeling. Are they the same or did they start as a team or did they steal one from another.... just my personal thoughts, nothing more.
- Where is the free obfuscation feature in DnGuard? Is it really there or did they just copy the whole passage from CliSecure?
- What's about the licensing component in DnGuard? How do I integrate it in my source code?

So there are concerns regarding DnGuard and these chinese protectors in general. However, I will look at it again when my program is finished.

Another protector (or better obfuscator) I consider is the spices obfuscator, which does a good job (in my opinion) for a reasonable price (if you choose the command line version). The licensing component is not too hard to write in .net and you can customise and harden it (not a single call like in .net reactor).

Back to .net Reactor: there still isn't a tutorial to unprotect library mode protected assemblies. Are the experts investigating it already?

Regards,

Andu
Reply With Quote
  #47  
Old 04-28-2008, 05:26 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@Andu: It seems very interesting when reversing a library protected by .net reactor. I'm trying to reverse it. Hope I will finish it in next days.

There is also a tutorial for unpacking .net reactor 3.7 here http://rongchaua.net/tip/how-to-unpa....6.html#josc52 . Look at comment section. Although it was written in vietnamese but it is a video tutorial. I think it is easy to understand.
__________________
My site: http://rongchaua.net

Last edited by rongchaua : 04-28-2008 at 05:29 PM.
Reply With Quote
  #48  
Old 04-28-2008, 09:32 PM
Hannibal Hannibal is offline
Member
 
Join Date: Apr 2008
Posts: 6
Default

It seems like standard protection in most protectors does nothing, as it's unencrypted in memory... That tutorial was pretty straight forward, it was the same as the 3.6 tutorial except for that version stuff at the end.
Reply With Quote
  #49  
Old 04-28-2008, 10:07 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

.NET reactor is too easy to crack. Might as well not protect your software if that's what you use. Same goes for Xheo Codeveil (Kurapica wrote a tut for it at beginning of this thread). DNGuard and Maxtocode both have:

a) Compatibility issues
b) Takes several months for them to make notable changes (took a couple of months for DNGuard to have Vista support, and even then you have to reprotect and redistribute your assemblies)
c) are Chinese (you might get stiffed)

Oh, and Clisecure and Maxtocode both crash outright on my Vista machine here.

Remotesoft Salamander protector has a security hole in it that allows people to recover original IL code from it when you to native compile. Even if you do remove IL code, the app is still possible to crack using Ollydbg (wrote a tut on that on my blog).

Only options I see for you guys are:
1) Something custom
2) Ask LibX nicely
3) Microsoft SLM Code protector (very pricey!)
4) I've been working on a .NET protector, but its still in beta, and a tut is coming soon on how to crack it. So, I have to see how my protector is getting cracked, fix that, and then rerelease it when I have time. It works on Vista, but not on x64 bit Vista. So I cannot recommend my own protector with a clear conscience.

I think you guys would be better off making complex serial routines with various tricks in them than using a protector.
Reply With Quote
  #50  
Old 04-28-2008, 10:27 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
Hi Hannibal,

seems we're sitting in the same boat. As you may have read I'm also searching for a reliable .net protection.

Although my software is not ready yet I think it is a good point in time to look for a solution.

Well, what I have learned so far is that most approaches are not secure. Other's seem to have at least potential and are not broken until now. A protectot which belongs to the second category is DnGuard. However, it has two disadvantages. First: it's extremly pricy. Second: I would have no good feeling buying this software. There are several reasons for this:

-Strange: DnGuard (not cracked), CliSecure (cracked) and MaxToCode (cracked) all share parts of their descriptions. Look at their websites and you know what I mean.
- Also they seem to use nearly the same technology (if you believe their slogans) and all are from china. What is the point with that? Personally that gives me a strange feeling. Are they the same or did they start as a team or did they steal one from another.... just my personal thoughts, nothing more.
- Where is the free obfuscation feature in DnGuard? Is it really there or did they just copy the whole passage from CliSecure?
- What's about the licensing component in DnGuard? How do I integrate it in my source code?

So there are concerns regarding DnGuard and these chinese protectors in general. However, I will look at it again when my program is finished.

Another protector (or better obfuscator) I consider is the spices obfuscator, which does a good job (in my opinion) for a reasonable price (if you choose the command line version). The licensing component is not too hard to write in .net and you can customise and harden it (not a single call like in .net reactor).

Back to .net Reactor: there still isn't a tutorial to unprotect library mode protected assemblies. Are the experts investigating it already?

Regards,

Andu
DnGuard , CliSecure, remotesoft protector and MaxToCode are similar ,but not same.
CliSecure and remotesoft protector 's runtime seems to implement with same technology.

if you look into maxtocode and dnguard, you will found, they really did a different way, and different from each other.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2019, Jelsoft Enterprises Ltd.