Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: .NET unpackme

  1. #1
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5

    .NET unpackme

    I'm quite interested as to how people will approach this A version with much stronger security is currently in the works, but frankly I do not know where security needs to be added, since there is so little info on .NET unpacking about. So, please unpack it and tell me what you think and/or write a tutorial

    http://crackmes.de/users/tfb/cryxenet_0.01a/

  2. #2
    Weak encryption is weak.

  3. #3
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Plan to fix that ASAP. But hey, at least its on par with Xheo Codeveil, which costs $1600

  4. #4
    CodeVeil is crap
    Regards,
    LibX // RETeam

  5. #5
    Here is my solution, the dumped and patched file. It is easy to unpack with deprotect (Google it).
    Attached Files Attached Files

  6. #6
    My generic unpacker was also working flawless on it, everything using Assembly.EntryPoint.Invoke is generically unpack able.
    Regards,
    LibX // RETeam

  7. #7
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Assembly.EntryPoint.Invoke is generically unpack able.
    Well I'll have to think of some way to fix that now, won't I?

  8. #8
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Good work both LibX, TQN. Expect a newer version soon where I shall try and close the Assembly.EntryPoint.Invoke hole.

  9. #9
    Write a protector using JIT Hooking
    But also thats possible to unpack :P
    Regards,
    LibX // RETeam

  10. #10
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    I am going to avoid JIT hooking completely because M$ might change something in the .NET CLR in later versions, leading to compatibility issues.

  11. #11
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Speaking of which, a lot of the procedures in mscowks have no names. How am I supposed to find their offsets then? :/

  12. #12
    Download the pdb (IDA can do this itself) from the microsoft symbol server, that should give u everything u need
    Regards,
    LibX // RETeam

  13. #13
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Alright, cool will check it out

  14. #14
    I'm not an EXPERT REVERSER by any means, but this one was unpacked via a hex editor and a C compiler, without running a single byte of your crackme's code. (I just read the bytecode and figured out the encryption algorithm, since compared to i386 the .NET VM is almost trivial. Descriptive function names also help quite a bit.)

    In other words, try importing .NET functions by ordinal if you can

  15. #15
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Alright, alright, I'll put a bit more work into it with the next version.
    Don't think you can do much about .NET imports btw, since they have their own little system. Will look into it, as you can see I still have a lot to learn about .NET

Similar Threads

  1. 2nd .NET unpackme
    By rendari in forum Mini Project Area
    Replies: 22
    Last Post: April 25th, 2008, 14:53
  2. .NET unpackme
    By rendari in forum Blogs Forum
    Replies: 3
    Last Post: January 29th, 2008, 12:40

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •