.NET Reactor discussion

[bigmouse]

Quote:

Originally Posted by rendari

.NET reactor is too easy to crack. Might as well not protect your software if that's what you use. Same goes for Xheo Codeveil (Kurapica wrote a tut for it at beginning of this thread). DNGuard and Maxtocode both have:

a) Compatibility issues
b) Takes several months for them to make notable changes (took a couple of months for DNGuard to have Vista support, and even then you have to reprotect and redistribute your assemblies)
c) are Chinese (you might get stiffed)

Oh, and Clisecure and Maxtocode both crash outright on my Vista machine here.

Remotesoft Salamander protector has a security hole in it that allows people to recover original IL code from it when you to native compile. Even if you do remove IL code, the app is still possible to crack using Ollydbg (wrote a tut on that on my blog).

Only options I see for you guys are:
1) Something custom
2) Ask LibX nicely
3) Microsoft SLM Code protector (very pricey!)
4) I've been working on a .NET protector, but its still in beta, and a tut is coming soon on how to crack it. So, I have to see how my protector is getting cracked, fix that, and then rerelease it when I have time. It works on Vista, but not on x64 bit Vista. So I cannot recommend my own protector with a clear conscience.

I think you guys would be better off making complex serial routines with various tricks in them than using a protector.

Compatibility issues is the bigest problem for those protectors.
which can resovle this problem , it would be the good one.

frequently update is not necessary.stable is important.
to follow each update, you will need to reprotect and redistribute your assemblies.
especially, if protector's udpate period close to your product's , i will be very nice.

only protectors which offen been cracked need to update frequently.

[Andu]

Thanks fpr your comments and clarifing the interna bigmouse.

@rongchaua,

thanks for pointing to the video. I think I know it already (if it shows breaking application mode). It's shocking how easily it can be done.

It's nice you're investigating library mode. How difficult is it to break in your opinion?

What interests me most is if it is possible to unpack it statically and if a tool can be written to do this. Because if that would be the case the protection is completely gone.
On the other hand, if it has to be done by hand and one has to fix a lot of things it could be unpractical for normal projects (and not little crackme's ).
What do you think about the strong name removal protection? Can it provide any more security?

Yeah, and because im personally interested in protections myself it would be nice if you could share some details.

Seems like DnGuard is the way to go at the moment... I'll see if it still is uncracked as my release date comes closer.

I think the biggest problem is that there is (or seems at least) no cracked DnGuard version available with full protection so you guys can't test it...

Regards,

Andu

[bigmouse]

@Andu
you can post a library mode sample here.

if you want to try out dnguard.
here has dnguard Standard Editon V2.6 's sample.
http://www.tuts4you.com/forum/index.php?showtopic=14132

you can also try it newest trial version v2.9.
as its standard edition really encrypt the ilcode, so forgot to search ilcode from assembly module.

here i post a way to bypass DNGuard trial's 30 days limit
http://jithook.blogspot.com/2008/04/...ays-limit.html

in my opinion obfuscation is enough for most .net product.
for most large companys ,they even didn't need obfuscation.

[Andu]

Hi bigmouse,

Quote:

you can post a library mode sample here.

I'd certainly do it if it wasn't against license terms

Quote:

you can also try it newest trial version v2.9.
as its standard edition really encrypt the ilcode, so forgot to search ilcode from assembly module.

I did. But as you said, it doesn't encrypt the code and so it's protection has already been cracked.

But what's about this additional encryption anyway?
It can't be dumped as a whole from memory, ok, but it should be a symmetrical encryption and if you can find the key (which has to be somewhere) you can statically unpack it. Right?
So we can limit the problem on finding this key. Right?

Quote:

here i post a way to bypass DNGuard trial's 30 days limit
http://jithook.blogspot.com/2008/04/...ays-limit.html

Interesting blog, bigmouse!

Quote:

for most large companys ,they even didn't need obfuscation.

Why dou you think that? Without any protection at all, the're cracked in one day

Regards,

Andu

[bigmouse]

Quote:

Originally Posted by Andu

I did. But as you said, it doesn't encrypt the code and so it's protection has already been cracked.

you didn't understand what am i mean.
suppose the methodcode was encrypted, don't intend to search methodcode from assembly module.

Quote:

But what's about this additional encryption anyway?
It can't be dumped as a whole from memory, ok, but it should be a symmetrical encryption and if you can find the key (which has to be somewhere) you can statically unpack it. Right?
So we can limit the problem on finding this key. Right?

theoretically speaking, no protection is safe , right?

you can try to static unpack maxtocode protected assemblies.
as they used many encryption algorithms, choose random one to encrypt each method.
static unpack is not as easy as you think.

there program are native exe, also been protected.
it's very hard to analyse all it's encryption algorithms.

why .Net Reactor, xenocode studio protected assemblies been static unpacked?
1. themselves are .net program.
2. themselves been unpacked first.
a protector's soucecode is available to crackers, you can imagine what does its protection mean.

Quote:

Why dou you think that? Without any protection at all, the're cracked in one day

they use law to protect there right.

[Andu]

Hi bigmouse,

Quote:

why .Net Reactor, xenocode studio protected assemblies been static unpacked?
1. themselves are .net program.
2. themselves been unpacked first.
a protector's soucecode is available to crackers, you can imagine what does its protection mean.

That makes sense.

Quote:

they use law to protect there right.

They may be able to protect some routines by law, but they can't do anything against people using cracks...

[LibX]

Quote:

Originally Posted by Andu

I'd certainly do it if it wasn't against license terms

That doesn't matter, they can't sue u anyway if they do i have a shitload of proof they stole and used GPL and other free code while thats not alowed according to the license :P

[bigmouse]

.net reactor 3.7.1.0 unpacked
http://momupload.com/files/91593/dp_...actor.rar.html

itself can be easily unpacked.
if the library mode is more security, why they didn't use this to protect itself.

[Andu]

Quote:

That doesn't matter, they can't sue u anyway if they do i have a shitload of proof they stole and used GPL and other free code while thats not alowed according to the license :P

Yeah, you're right

Quote:

if the library mode is more security, why they didn't use this to protect itself.

Afaik they use it to protect itelf. If they'd use App. Mode you couldn't see anything in reflector.

[bigmouse]

Quote:

Originally Posted by Andu

Afaik they use it to protect itelf. If they'd use App. Mode you couldn't see anything in reflector.

that means its library mode also can be easily unpacked.