.NET Reactor discussion

[karlranseier]

sounds good but what do you think about .net reactor? it seems to offer more protection techniques but costs less.

[LibX]

Quote:

Originally Posted by karlranseier

sounds good but what do you think about .net reactor? it seems to offer more protection techniques but costs less.

.NET Reactor is fully build on stolen on GPL code (code u can't use in a closed source project) on top of that its the most crappy packer i have ever seen.

[karlranseier]

could you proof it?
i am interested in the protection technique. you could you post links the the source code .net reactor is based of?

[Andu]

Hello folks,

my question also regards .net Reactor. First I agree that the application mode protection is crap because it has been shown many times that it is possible to circumvent the protection in less than 5 minutes!

I have also seen a paper which seems to describe the basic principle, which .net Reactor seems to be based on (don't know if you refer to this paper with the gpl code, a link is very much appreciated).

But the Reactor offers two protection modes: application (which is easy to crack) and library mode, which I'm not shure off.

As I haven't seen any crackmes regarding library-mode-protected assemblies or tutorials on that topic my question is if anyone has tried to break this protection with activated necro bit. It seems to be tougher at first glance.
And a second thing: .net Reactor also offers a strong name removal protection. What do the experts think about this?

Regards,

Andu

[LibX]

Quote:

Originally Posted by karlranseier

could you proof it?
i am interested in the protection technique. you could you post links the the source code .net reactor is based of?

Its using code from Mono.Cecil, old versions uses code from first releases of .NET Reflector, it has a copy of the hurricane cipher in it also opensource (its a delphi unit), also QuickLZ is used and more .

[LibX]

Quote:

Originally Posted by Andu

Hello folks,

my question also regards .net Reactor. First I agree that the application mode protection is crap because it has been shown many times that it is possible to circumvent the protection in less than 5 minutes!

I have also seen a paper which seems to describe the basic principle, which .net Reactor seems to be based on (don't know if you refer to this paper with the gpl code, a link is very much appreciated).

But the Reactor offers two protection modes: application (which is easy to crack) and library mode, which I'm not shure off.

As I haven't seen any crackmes regarding library-mode-protected assemblies or tutorials on that topic my question is if anyone has tried to break this protection with activated necro bit. It seems to be tougher at first glance.
And a second thing: .net Reactor also offers a strong name removal protection. What do the experts think about this?

Regards,

Andu

About the strong name protection i managed to remove it once, after that i lost interest in reversing since its more of the same every time with just minor changes

[Andu]

Thanks for your answers. What's about library mode contra the weak application mode?

[LibX]

Quote:

Originally Posted by Andu

Thanks for your answers. What's about library mode contra the weak application mode?

Its just as crappy specialy the so called necrobits protection is the biggest joke of all

[Andu]

Could you please expand on this? Is there a tutorial available?

What's the point with necroBit after all? How does it help to protect the assembly?

[LibX]

Quote:

Originally Posted by Andu

Could you please expand on this? Is there a tutorial available?

What's the point with necroBit after all? How does it help to protect the assembly?

I don't have time to write any tutorial sorry i hardly have some free time left for myself

and about the necrobits they restore function pointer at runtime, so basicly it doesn't help at all
its just a decoy