Reversing .NET application

[UFO-Pu55y]

@tracky: Ahhhhhhh, thanks so much !!!
That was veeery important for me !
Because then I remembered, that I had problems before with using 'special' APIs. With special APIs I mean the ones, which got to return a value into ur own variable (got to have access to ur code). I've never had problems with all other APIs. I was searching for days and days for a solution, and only found some statements, that it's sometimes hard to do so (with my Visual Studio version ?).
Anyway now I can compare and track it down !!!
I've only tested ur code - and it works fine....

Greets

[Kurapica]

First of all I wanna apologize to UFO coz I thought he sent me the IrisSkin serial !

Well done Tracky ,.... very good job.

Now This is why UFO keygen doesn't work ...

http://www.filesend.net/download.php...d5bf8f7f8010dc

[UFO-Pu55y]

Quote:

Originally Posted by tKC

Now This is why UFO keygen doesn't work ...

OMFG, a tut on my fault
Sry for my blindness. Next time I should check the code character by character, before I start acting like a hysterical little girl
Thanks, tKC, u saved my f* day !!!

At this point, if somebody is interested... why not throwing in some older (and very easy) .NET-CrackMes by me:
_http://www.pirateshare.net/?id=7303626
Have fun...

[UFO-Pu55y]

SWF-Tutorial for CrackMe3:
_http://www.tuts4you.com/forum/index.php?act=attach&type=post&id=1385


@tKC: If u're still interested in new targets for tuts...
A CrackMe -> _http://rapidshare.com/files/28727548/SampleCrackme.zip
Protected with -> _http://www.maxtocode.com/
Seems to be hard sh!t

Greets

[Kurapica]

Thanks for the links

Will try my best ...

[Kurapica]

I agree with you, It's kindo hard but still crackable...
nothing can be seen in reflector,All code is ripped from methods but later process memory is written back after decryption.

still looking...

[Kurapica]

My first notes on MaxtoCode ....

tell me what u think..

[rongchaua]

Great job tKC,
here is something i've found in net.

Quote:

using System;
using System.IO;
using System.Reflection;
using System.Runtime.InteropServices;
using System.Text;

public class InFaceMaxtoCode
{
static InFaceMaxtoCode()
{
InFaceMaxtoCode.started = false;
}

[DllImport("MRuntime3.dll", EntryPoint="CheckRuntime", CharSet=CharSet.Unicode, SetLastError=true, ExactSpelling=true)]
private static extern int A______();
[DllImport("KERNEL32.DLL", EntryPoint="GetModuleHandleA", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern int B______(string x13d52f7d8e232e61);
private static string ByteToString(byte[] x5fc6100148519126)
{
return Encoding.ASCII.GetString(x5fc6100148519126);
}

[DllImport("MRuntime3.dll", EntryPoint="MainDLL", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern bool C______(int x19218ffab70283ef, int xe7ebe10fa44d8d49);
[DllImport("KERNEL32.DLL", EntryPoint="SetEnvironmentVariableA", CharSet=CharSet.Ansi, SetLastError=true, ExactSpelling=true)]
private static extern bool D______(string x427bb0e14ed9e9b1, string x84ee6c5b88919f4c);
public static void Startup()
{
if (!InFaceMaxtoCode.started)
{
string text1 = "";
string text2 = "MRuntime3.dll";
if (AppDomain.CurrentDomain.RelativeSearchPath != null)
{
if (AppDomain.CurrentDomain.RelativeSearchPath.IndexO f(@":\") != -1)
{
text1 = AppDomain.CurrentDomain.RelativeSearchPath;
}
else
{
text1 = AppDomain.CurrentDomain.BaseDirectory + AppDomain.CurrentDomain.RelativeSearchPath;
}
}
else
{
text1 = AppDomain.CurrentDomain.BaseDirectory;
}
string text3 = Environment.GetEnvironmentVariable("path");
if (text3.IndexOf(text1) == -1)
{
InFaceMaxtoCode.D______("path", text3 + ";" + text1.Replace("/", @"\"));
}
if (text1.Substring(text1.Length - 1, 1) == @"\")
{
text1 = text1;
}
else
{
text1 = text1 + @"\";
}
if (File.Exists(text1 + text2) && !File.Exists(Path.GetTempPath() + text2))
{
File.Copy(text1 + text2, Path.GetTempPath() + text2);
}
if (text3.IndexOf(Path.GetTempPath()) == -1)
{
InFaceMaxtoCode.D______("path", text3 + ";" + Path.GetTempPath().Replace("/", @"\"));
}
int num1 = 5;
num1 = InFaceMaxtoCode.A______();
if (num1 == 0)
{
int num2 = InFaceMaxtoCode.B______(text2);
int num3 = InFaceMaxtoCode.B______(Assembly.GetExecutingAssem bly().Location);
InFaceMaxtoCode.started = InFaceMaxtoCode.C______(num2, num3);
}
else
{
//Garbage
}
}
}


private static bool started;
}


Startup Function：
public static void Startup()
{
if (!InFaceMaxtoCode.started)
{
int num1 = 5;
num1 = InFaceMaxtoCode.A______();
if (num1 == 0)
{
int num2 = InFaceMaxtoCode.B______(text2);
int num3 = InFaceMaxtoCode.B______(Assembly.GetExecutingAssem bly().Location);
InFaceMaxtoCode.started = InFaceMaxtoCode.C______(num2, num3);
}
else
{
//Garbage
}
}

[tracky]

I know someone was made the MaxtoCode Unpacker,But not release!

[LibX]

Work on a MaxToCode upacking will start as soon as i finished the Eziriz .NET Reactor unpacker, i think its not that hard to code once u know where all encrypted code is stored.
Once the loader menthod is fully de-obfuscated and decompiled its only a matter of a few hours to code a fully working unpacker.

Regards,
LibX // RETeam