Reverse Engineering Team Board

Reverse Engineering Team Board (http://www.reteam.org/board/index.php)
-   .NET Reverse Engineering (http://www.reteam.org/board/forumdisplay.php?f=28)
-   -   Patch .NET app please help me (http://www.reteam.org/board/showthread.php?t=2728)

lns2000 07-06-2010 01:45 PM

Patch .NET app please help me
 
Hi bro,

I see a software which encoded by Dotfuscator. So how to find a string "Unregisted copy" in this app? Thanks in advance,



Kurapica 07-06-2010 02:05 PM

Use the search function in Reflector, but if you are unlucky the strings will be encrypted.

lns2000 07-11-2010 02:09 PM

As you see in the 2nd image, text strings are encrypted. Any solutions for this situation?

bball0002 07-11-2010 04:32 PM

Post the exe please?

lns2000 07-19-2010 01:44 PM

@bball0002: Yes, this is one of enormous examples.

Code:

http://www.mediafire.com/download.php?cli88v5uydbv2vp
You need to "bypass" the step checking a license. It check through the Internet (it use IP address, not domain nname). So I think you must patch this soft to use it.

Thanks for your help,

bball0002 07-19-2010 02:46 PM

Quote:

Originally Posted by lns2000 (Post 22110)
@bball0002
You need to "bypass" the step checking a license.

Well, "you" need to bypass the license check ;) .

Here is your exe with all strings decrypted, and most control flow restored:
Code:

http://www.sendspace.com/file/qi9nfu
I also attached an exe with just strings decrypted, that should be perfectly runnable. Good luck.

lns2000 07-20-2010 12:32 AM

@bball0002. It's perfect. Thank you very much.

I'm interested to know how you decrypt those strings or how you make FaceWizard.stringsDecrypted_runnable.exe file? Can you share documents or websites or topics to help me do that?

Thanks a lot,


All times are GMT -4. The time now is 05:28 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.