Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 12-14-2011, 12:31 PM
handy1234 handy1234 is offline
Member
 
Join Date: Sep 2011
Posts: 25
Default Help Me To Unpack Dotnet

i tried mostly SAE but cant find the string readable

can some1 plz unobfuscate this exe plz

_http://up.ht/vEFpx3
Reply With Quote
  #2  
Old 12-15-2011, 08:39 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Protected with Eazfuscator. Use de4dot to unpack.
Reply With Quote
  #3  
Old 12-18-2011, 06:26 AM
handy1234 handy1234 is offline
Member
 
Join Date: Sep 2011
Posts: 25
Default hello

strings are yet encrypted
Reply With Quote
  #4  
Old 12-18-2011, 01:38 PM
handy1234 handy1234 is offline
Member
 
Join Date: Sep 2011
Posts: 25
Default hello

Code:
{
        if ((i & 1) == 0)
        {
            num4 = (num4 * 0x343fd) + 0x269ec3;
            num5 = (ushort) (num4 >> 0x10);
        }
Code:
          }
                num5 += num5 << 6;
                num5 ^= num5 >> 0x16;
                num5 += num5 << 30;
                num = (long) num5;
                num ^= 0x39d0902b355d9d16L;
                class0_0.method_1(num);
            }
            return num;
        }
    }
    return 0x45eb680340f58ddaL;



the above image string are not found inside exe where the nag is created from exe itself

Last edited by handy1234 : 12-18-2011 at 01:53 PM.
Reply With Quote
  #5  
Old 12-18-2011, 02:13 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

I see 2 open brackets and 5 close brackets, I think your code got munged somwhere. Can you repost please?

Git
Reply With Quote
  #6  
Old 12-19-2011, 12:04 PM
handy1234 handy1234 is offline
Member
 
Join Date: Sep 2011
Posts: 25
Default hello

yup thats why i told that its not getting unpack
Reply With Quote
  #7  
Old 12-19-2011, 03:18 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Where did you get those two code fragments from then, and why is the middle part missing?

Git
Reply With Quote
  #8  
Old 12-20-2011, 12:53 PM
handy1234 handy1234 is offline
Member
 
Join Date: Sep 2011
Posts: 25
Default hello

here it is the de4dot fixed exe

http://www.mediafire.com/?gp9ydbt796z39pm
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.