Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #131  
Old 06-11-2007, 11:00 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Smile Unpacking codeveil again

check this tutor everybody

http://www.filesend.net/download.php...c8413fe2e257d4


:-)
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #132  
Old 06-11-2007, 03:10 PM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

thank tkc. Great tut.
Reply With Quote
  #133  
Old 06-14-2007, 07:04 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

@rongchaua: I hope it's ok to post my answer to u over here,
to make it clear for others, too

Quote:
Originally Posted by rongchaua
...This tool works. But the HEX ID is wrong...
I thought it's all written in the Help-Tab,
but I guess, I was a bit lazy at this point ?
With smartkill 0.3 u do NOT need to dump the resource anymore !
Just drag&drop the .EXE in - and u'll already get the right ID offsets !
It doesn't work with dumps, since there's NOTHING in this resource to calculate the ID offset.
Coz smartassembly v2 takes the public key token of the signed file to calculate it.
This also means, that after removing a strongname, it won't work,
coz smartkill won't find this token anymore.
So it works only with an original exe !

I hope it's clear now...

Greets
Reply With Quote
  #134  
Old 06-18-2007, 09:54 AM
adadlik adadlik is offline
Junior Member
 
Join Date: Jun 2007
Posts: 4
Default CodeVeil - IL Encryption Question

Hi,

I have read your tutorials of codeveil v1.2 and v1.3,
the problem i have, i can restore the file from the
memory dump, BUT the IL Code parts are still encrypted
(in memory), so the memory dump method is useless
when CodeVeil with IL Encryption is used.

do you have methods / tutorials decrypting the IL Code Parts ?

greets, a.

Quote:
Originally Posted by tKC View Post
Reply With Quote
  #135  
Old 06-18-2007, 02:40 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Question That's weird !

The method I used with CodeVeil 1.3 works fine even with that option on !! Try again
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #136  
Old 06-18-2007, 03:29 PM
adadlik adadlik is offline
Junior Member
 
Join Date: Jun 2007
Posts: 4
Default

Yes indeed, weird.

You can open the reconstructed file in reflector or ildasm
and can also go on a method and see the correct il code ?

My experiences with il encryption option on, are only
reconstructed files which can be open correctly in reflector
or ildasm, BUT the il code is broken / incorrect when i click
on a class method.

is it possible to post a example package with original,
dumped and reconstructed files ?

greets, a.

Quote:
Originally Posted by tKC View Post
The method I used with CodeVeil 1.3 works fine even with that option on !! Try again
Reply With Quote
  #137  
Old 06-18-2007, 05:51 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Lightbulb

Quote:
Originally Posted by adadlik View Post
is it possible to post a example package with original,
dumped and reconstructed files ?
Oki:
http://rapidshare.com/files/38004014/EasyOne.rar.html
Reply With Quote
  #138  
Old 06-18-2007, 07:24 PM
adadlik adadlik is offline
Junior Member
 
Join Date: Jun 2007
Posts: 4
Default

Nice Sample, but the original file (before codeveil) is missing.

With this sample i can get the correct il code from memory dump,
so i think, you haven't used the "MSIL Encryption" option with it.

greets, a.

Quote:
Originally Posted by UFO-Pu55y View Post
Reply With Quote
  #139  
Old 06-18-2007, 08:55 PM
adadlik adadlik is offline
Junior Member
 
Join Date: Jun 2007
Posts: 4
Default

ok, i check it all again, conclusion :

codeveil 1.2 - memory dump has incorrect / corrupted il code
codeveil 1.3 - memory dump has correct il code

so v1.2 is from protection better than newer version 1.3

as a sample i tried to memory dump the encoding library
from codeveil application :

Xheo.codeveil.encoder.v1.dll

weird. a.

Quote:
Originally Posted by UFO-Pu55y View Post
Reply With Quote
  #140  
Old 07-06-2007, 09:06 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default

Hi All,

I am a entry level member in Reverse engineering .NET controls. I have done .Net components for VStudio like DXperience, Janus Winforms, Telerik, etc. I am trying the Janus Webforms trial, but got stuck up. The assembly seems to be obsfucated. Shall i post my questions for this program here?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.