Results 1 to 11 of 11

Thread: Rebel.NET

  1. #1
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19

    Rebel.NET

    As promised, I'm hereby releasing the Rebel.NET software.

    http://ntcore.com/rebelnet.php
    http://ntcore.com/Files/rebelnet.htm

    Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams. It's possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

    As I have written the software and the article in this week when during my sickness (fever), I'm expecting bugs and typos. Please report them.

    Of course, I've tested the Rebel.NET with more advanced .NET assemblies than those presented in the guide.

  2. #2
    Thanks for your efforts Daniel
    you just keep coming with amazing stuff
    Its 2am here in my part of the world and am reading your Rebel.NET File Format
    will post comments after i have a good look at it tomorrow

    GEEK
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  3. #3
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks!

    Well, it's 11 pm here. I am so wasted...

    I admit that this reading is boring, but it is the premise for the next tutorial about JIT and code injection which is REAL fun. So, go through it! Your effort will be rewarded (at least I believe so) by the next article.

  4. #4
    Registered User
    Join Date
    Dec 2005
    Posts
    216
    Blog Entries
    5
    Awesome! Will look into it as I get the time! Superb work!

  5. #5
    King of Redonda
    Join Date
    Jul 2006
    Posts
    109
    Blog Entries
    4
    Nice. I think a tool like this is essential for more advanced string decryption, and not having to parse the .NET format yourself will make writing some tools certainly easier.
    <[TN]FBMachine> i got kicked out of barnes and noble once for moving all the bibles into the fiction section

  6. #6
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks rendari.

    Well, the string encryption is treated as "obfuscation" in the article, simply because it doesn't make much of a difference in terms of rebuiliding. In the worst case a little MSIL disassembler has to be used to look for ldstr instruction and change them according to the new #US stream. It's maybe annoying, but very simple.

  7. #7
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Extremely high-quality stuff as usual Daniel. Really looking forward to your upcoming writeups on JIT and code injection!

    CRCETL:
    http://www.woodmann.com/collaborative/tools/index.php/Rebel.NET
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  8. #8
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Thanks delta for adding it to the repository.

  9. #9
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    No problem, you are very welcome to help keeping it updated as new versions are released.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  10. #10
    Registered User
    Join Date
    Aug 2005
    Location
    Italy
    Posts
    133
    Blog Entries
    31
    Another Great Tool!

    Thanks for sharing it Daniel!

    Have a Nice Day

    http://evilcry.netsons.org (Repository)
    http://evilcodecave.blogspot.com
    http://evilcodecave.wordpress.com

  11. #11
    Registered User
    Join Date
    Jan 2008
    Posts
    163
    Blog Entries
    19
    Grazie evilcry =)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •