Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #351  
Old 02-06-2008, 09:58 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Hi all,
today I use my free time to write again a tutorial about unpacking CodeVeil.

http://rongchaua.net/tip/how-to-unpa...eveil-1.3.html

Hope you'll like that.
__________________
My site: http://rongchaua.net
Reply With Quote
  #352  
Old 02-06-2008, 12:32 PM
mastershake mastershake is offline
Junior Member
 
Join Date: Feb 2008
Posts: 2
Default

Quote:
Originally Posted by rongchaua View Post
Hi all,
today I use my free time to write again a tutorial about unpacking CodeVeil.

http://rongchaua.net/tip/how-to-unpa...eveil-1.3.html

Hope you'll like that.
Rongchaua,

Thanks for the video tutorials. I enjoy them, especially the very first one that uses Olly to dump from memory. I have a trial of WinHex so I can't dump from WinHex, but I can open RAM in WinHex and then search for the starting bytes in Olly and dump from Olly.

However one thing I didn't like from your recent tutorials is the "i got lazy and wrote a tool that does this for me" part. Because I don't know what you(your program) is actually doing during that moment.

thanks.
Reply With Quote
  #353  
Old 02-06-2008, 03:38 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Quote:
Originally Posted by rongchaua View Post
Hi all,
today I use my free time to write again a tutorial about unpacking CodeVeil.

http://rongchaua.net/tip/how-to-unpa...eveil-1.3.html

Hope you'll like that.
Really nice work rongchaua but It would be really nice to post that unpacker for fixing the dumped assemblies :-)

Check your PM please

GreetZ
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #354  
Old 02-07-2008, 05:20 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

@mastershake : I know but it'll take a very long long time to explain all of what I must do to fix the assembly. You can see the log of tool to know what I did
@Kurapica: All of my tools which I introduce in my tutorials were posted on my site http://rongchaua.net . For example this is CoVei Unpacker http://rongchaua.net/software/covei-unpacker.html
__________________
My site: http://rongchaua.net
Reply With Quote
  #355  
Old 02-13-2008, 03:08 AM
jfx jfx is offline
Member
 
Join Date: Oct 2007
Posts: 12
Default

CliSecure unpacker:
tinyurl.com/yqcbbu
Try it.
Reply With Quote
  #356  
Old 02-19-2008, 02:30 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default

Dear Friends,

I am working on a .net assembly of mCorelogix mobile. There exists a old keygen for a specific version. The key is based on the version, name and type of license. The new version of the assembly is obsfucated using Dotfuscator. Since i really could not make a keygen for the new version, i thought why not change the version of the assembly to the old version. I changed the attributes in the section:

.custom instance void [mscorlib]System.Reflection.AssemblyFileVersionAttribute::.c tor(string) = ( 01 00 08 31 2E 30 2E 32 35 2E 30 00 00 )

was changed to the old version

and

.ver 1:0:25:0

was changed to the old version.

All this was done in the il code file and on ilasm, the output still shows the assembly version as the new version only. But in reflector, the assembly is shown as the old version only.

Where does the right click properties on file gets the version name, etc?
Reply With Quote
  #357  
Old 02-19-2008, 07:33 AM
jfx jfx is offline
Member
 
Join Date: Oct 2007
Posts: 12
Default

How you check assembly version? If you do it by right-click in explorer, just look inside .res file.
Reply With Quote
  #358  
Old 02-19-2008, 07:38 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default DeObfuscator 0.4

What's new

1 - Minor bugs were fixed
2 - Enhanced Type detection
3 - Methods are named depending on their type as "Procedures" OR "Functions"

http://rapidshare.com/files/93278070...or0.4.rar.html

Bug reports are appreciated.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #359  
Old 02-20-2008, 03:58 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

One of my friends made a tutorial of unpacking .net reactor 3.7.0.3. There is a mirror improvment in this version. You can take a look at here http://rongchaua.net/tip/how-to-unpa...actor-3.6.html

The tutorial was posted in comment section.
__________________
My site: http://rongchaua.net
Reply With Quote
  #360  
Old 02-21-2008, 01:32 AM
kesk kesk is offline
Member
 
Join Date: Jul 2007
Posts: 18
Default thanks

Hi,

This answered my question and thanks for it.

But the method i tried to employ failed with the keygen. Changing the version no to lower and using the old keygen did not work. So i went ahead and cracked the dll directly.

Once again thanks for your assist.

kesk

Quote:
Originally Posted by jfx View Post
How you check assembly version? If you do it by right-click in explorer, just look inside .res file.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.