Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 06-22-2011, 05:27 PM
gazzijay gazzijay is offline
Junior Member
 
Join Date: Jun 2011
Posts: 3
Default unpacking xenocode 2009

hi guys, i have a big problem, can anyone unpack those files?
they seem to be encrypted with xeno2k9

http://hotfile.com/dl/121729646/e4dc...c_one.exe.html <-- 372k!!!


http://hotfile.com/dl/121729411/6e524af/ABC.exe.html


how can such a small file be that well protected??

FUCK
Reply With Quote
  #2  
Old 06-23-2011, 02:58 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Ahh, AbonacciPivot again! Some guy was already asking about it on February this year (can't find the thread, sorry).

abc_one.exe - just Xenocode. After unpacking, you'll be able to see the trading algorithm in it's entirety. Don't you worry, the algorithm is total crap.

abc.exe - After unpacking Xenocode, you'll find out that the main executable is packed by .NET Reactor. Also, there are 2 other files embedded (MetaTraderApi.dll and DundasWinGauge.dll). You won't be able to understand algorith, because .NET Reactor obfuscated all the names.

My suggestion to you - forget about this program. It's a snake oil.
Reply With Quote
  #3  
Old 06-23-2011, 03:32 AM
gazzijay gazzijay is offline
Junior Member
 
Join Date: Jun 2011
Posts: 3
Default

[Please DO NOT quote whole messages, it is unnecessary]

hi Kao,

many thanks for the fast response!
okay so i forget about the second one
but can you unpack abc_one.exe and show me the algo?
i know its crap i just want to see what calculations he is doing.

Thanks again

Last edited by Git : 06-23-2011 at 07:46 AM.
Reply With Quote
  #4  
Old 06-23-2011, 04:12 AM
gazzijay gazzijay is offline
Junior Member
 
Join Date: Jun 2011
Posts: 3
Default

Kao your inbox is full, cant send you a pm :-(

"kao has exceeded their stored private messages quota and can not accept further messages until they clear some space."
Reply With Quote
  #5  
Old 06-23-2011, 09:01 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

I know. Lots of people for some weird reason want to send me PM without asking for permission first.

Run the abc_one.exe, then start some process dumper (I used PeTools, but probably LordPE and others will work equally well). Choose process abonaccipivot.exe and dump it. Any decompiler should work on dumped file (I checked with Dis#, but Reflector should work too).
Reply With Quote
  #6  
Old 06-23-2011, 10:06 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

If it's spam, let me or an admin know, else permission is not needed to send somebody PM.

Git
Reply With Quote
  #7  
Old 06-23-2011, 10:27 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

@Git, while technically you're right, I really do not appreciate messages from people I don't know. Especially because 90% of messages are like "I would like to ask for help, please crack this app: {$url}" and "Make tutorial for {$myapp}, I can pay $5".

Having a full mailbox saves me from ever seing those ones.

Sorry for offtopic.
Reply With Quote
  #8  
Old 06-27-2011, 01:19 PM
LoCo LoCo is offline
Junior Member
 
Join Date: Jun 2011
Posts: 2
Default

Quote:
Originally Posted by kao View Post
My suggestion to you - forget about this program. It's a snake oil.
kao, does this mean that .NET Reactor 4.+ is hard to crack?
Reply With Quote
  #9  
Old 06-27-2011, 10:53 PM
yaufent yaufent is offline
Junior Member
 
Join Date: Jun 2011
Posts: 3
Default

there is no need to deobfuscate this program.

it's obfuscated by babel 3.5 free edition, you can easily use IL Diassemblers to find the patches.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.