Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #51  
Old 04-28-2008, 11:00 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by rendari View Post
.NET reactor is too easy to crack. Might as well not protect your software if that's what you use. Same goes for Xheo Codeveil (Kurapica wrote a tut for it at beginning of this thread). DNGuard and Maxtocode both have:

a) Compatibility issues
b) Takes several months for them to make notable changes (took a couple of months for DNGuard to have Vista support, and even then you have to reprotect and redistribute your assemblies)
c) are Chinese (you might get stiffed)

Oh, and Clisecure and Maxtocode both crash outright on my Vista machine here.

Remotesoft Salamander protector has a security hole in it that allows people to recover original IL code from it when you to native compile. Even if you do remove IL code, the app is still possible to crack using Ollydbg (wrote a tut on that on my blog).

Only options I see for you guys are:
1) Something custom
2) Ask LibX nicely
3) Microsoft SLM Code protector (very pricey!)
4) I've been working on a .NET protector, but its still in beta, and a tut is coming soon on how to crack it. So, I have to see how my protector is getting cracked, fix that, and then rerelease it when I have time. It works on Vista, but not on x64 bit Vista. So I cannot recommend my own protector with a clear conscience.

I think you guys would be better off making complex serial routines with various tricks in them than using a protector.
Compatibility issues is the bigest problem for those protectors.
which can resovle this problem , it would be the good one.

frequently update is not necessary.stable is important.
to follow each update, you will need to reprotect and redistribute your assemblies.
especially, if protector's udpate period close to your product's , i will be very nice.

only protectors which offen been cracked need to update frequently.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #52  
Old 04-29-2008, 03:58 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Thanks fpr your comments and clarifing the interna bigmouse.

@rongchaua,

thanks for pointing to the video. I think I know it already (if it shows breaking application mode). It's shocking how easily it can be done.

It's nice you're investigating library mode. How difficult is it to break in your opinion?

What interests me most is if it is possible to unpack it statically and if a tool can be written to do this. Because if that would be the case the protection is completely gone.
On the other hand, if it has to be done by hand and one has to fix a lot of things it could be unpractical for normal projects (and not little crackme's ).
What do you think about the strong name removal protection? Can it provide any more security?

Yeah, and because im personally interested in protections myself it would be nice if you could share some details.

Seems like DnGuard is the way to go at the moment... I'll see if it still is uncracked as my release date comes closer.

I think the biggest problem is that there is (or seems at least) no cracked DnGuard version available with full protection so you guys can't test it...

Regards,

Andu
Reply With Quote
  #53  
Old 04-29-2008, 07:03 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

@Andu
you can post a library mode sample here.

if you want to try out dnguard.
here has dnguard Standard Editon V2.6 's sample.
http://www.tuts4you.com/forum/index.php?showtopic=14132

you can also try it newest trial version v2.9.
as its standard edition really encrypt the ilcode, so forgot to search ilcode from assembly module.

here i post a way to bypass DNGuard trial's 30 days limit
http://jithook.blogspot.com/2008/04/...ays-limit.html

in my opinion obfuscation is enough for most .net product.
for most large companys ,they even didn't need obfuscation.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.

Last edited by bigmouse : 04-29-2008 at 07:31 AM.
Reply With Quote
  #54  
Old 04-29-2008, 08:34 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Hi bigmouse,

Quote:
you can post a library mode sample here.
I'd certainly do it if it wasn't against license terms

Quote:
you can also try it newest trial version v2.9.
as its standard edition really encrypt the ilcode, so forgot to search ilcode from assembly module.
I did. But as you said, it doesn't encrypt the code and so it's protection has already been cracked.

But what's about this additional encryption anyway?
It can't be dumped as a whole from memory, ok, but it should be a symmetrical encryption and if you can find the key (which has to be somewhere) you can statically unpack it. Right?
So we can limit the problem on finding this key. Right?

Quote:
here i post a way to bypass DNGuard trial's 30 days limit
http://jithook.blogspot.com/2008/04/...ays-limit.html
Interesting blog, bigmouse!

Quote:
for most large companys ,they even didn't need obfuscation.
Why dou you think that? Without any protection at all, the're cracked in one day

Regards,

Andu
Reply With Quote
  #55  
Old 04-29-2008, 09:30 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
I did. But as you said, it doesn't encrypt the code and so it's protection has already been cracked.
you didn't understand what am i mean.
suppose the methodcode was encrypted, don't intend to search methodcode from assembly module.

Quote:
But what's about this additional encryption anyway?
It can't be dumped as a whole from memory, ok, but it should be a symmetrical encryption and if you can find the key (which has to be somewhere) you can statically unpack it. Right?
So we can limit the problem on finding this key. Right?
theoretically speaking, no protection is safe , right?

you can try to static unpack maxtocode protected assemblies.
as they used many encryption algorithms, choose random one to encrypt each method.
static unpack is not as easy as you think.

there program are native exe, also been protected.
it's very hard to analyse all it's encryption algorithms.

why .Net Reactor, xenocode studio protected assemblies been static unpacked?
1. themselves are .net program.
2. themselves been unpacked first.
a protector's soucecode is available to crackers, you can imagine what does its protection mean.

Quote:
Why dou you think that? Without any protection at all, the're cracked in one day
they use law to protect there right.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #56  
Old 04-29-2008, 10:32 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Hi bigmouse,

Quote:
why .Net Reactor, xenocode studio protected assemblies been static unpacked?
1. themselves are .net program.
2. themselves been unpacked first.
a protector's soucecode is available to crackers, you can imagine what does its protection mean.
That makes sense.

Quote:
they use law to protect there right.
They may be able to protect some routines by law, but they can't do anything against people using cracks...
Reply With Quote
  #57  
Old 04-29-2008, 11:03 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by Andu View Post
I'd certainly do it if it wasn't against license terms
That doesn't matter, they can't sue u anyway if they do i have a shitload of proof they stole and used GPL and other free code while thats not alowed according to the license :P
Reply With Quote
  #58  
Old 04-29-2008, 11:21 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

.net reactor 3.7.1.0 unpacked
http://momupload.com/files/91593/dp_...actor.rar.html

itself can be easily unpacked.
if the library mode is more security, why they didn't use this to protect itself.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
  #59  
Old 04-29-2008, 11:54 AM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Quote:
That doesn't matter, they can't sue u anyway if they do i have a shitload of proof they stole and used GPL and other free code while thats not alowed according to the license :P
Yeah, you're right

Quote:
if the library mode is more security, why they didn't use this to protect itself.
Afaik they use it to protect itelf. If they'd use App. Mode you couldn't see anything in reflector.
Reply With Quote
  #60  
Old 04-29-2008, 11:59 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by Andu View Post
Afaik they use it to protect itelf. If they'd use App. Mode you couldn't see anything in reflector.
that means its library mode also can be easily unpacked.
__________________
interest in .NET Reverse Engineering.
Blog: http://jithook.blogspot.com/

.Net Assembly Rebuilder - a tool to rebuild dumped assemblies.
Re-Max - a tool to unpack maxtocode protected assemblies.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.