Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 10-24-2008, 01:43 PM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

hmmm ! Why reinvent the wheel !?

I always use Daniel Pistelli great tools for scanning PE and other stuff, anyway I recommend using this tool for detecting .NET protectors.

http://www.ntcore.com/pedetective.php

I will upload the .NET protectors signatures soon so that you can add them to the tool database.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #12  
Old 10-26-2008, 07:02 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Smile

Here are the signatures of the common .NET protectors.

You must have installed CFF explorer and PE-detective first.

Over-write the file in
"C:\Documents and Settings\All Users\Documents\Explorer Suite Signatures"
and you are done.

http://www.zshare.net/download/5043830233085ca2/
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #13  
Old 10-27-2008, 04:48 AM
sirp sirp is offline
Senior Member
 
Join Date: Apr 2008
Posts: 76
Default

very nice tip .. will try it out ... but i have to get sume hours of rest first hehe it was a 3days awake weekend ..hardly can manage to stay awak in work hehe
Reply With Quote
  #14  
Old 11-06-2008, 05:32 AM
sirp sirp is offline
Senior Member
 
Join Date: Apr 2008
Posts: 76
Default

works nice ,m) ... but suddenly i stumbled bout a app
its not packed nor its obfuscated .. and it showes up as a new Reactor version ...
http://rapidshare.com/files/161131910/wrongsig.rar.html
Reply With Quote
  #15  
Old 10-06-2009, 02:29 PM
webpat webpat is offline
Junior Member
 
Join Date: Oct 2009
Posts: 4
Default

Hi, first I want to thank the community for these amazing tutorials. Can you please tell me, where can I find updated signatures file for PE detective, the rapidshare link is dead. I'm stuck with on packed dll, I don't know where to start since I don't know the protection.
Do you have any idea about the usage frequency distribution of each packer ?

Last edited by webpat : 10-06-2009 at 02:30 PM. Reason: grammar + meaningless sentence
Reply With Quote
  #16  
Old 10-06-2009, 04:55 PM
sirp sirp is offline
Senior Member
 
Join Date: Apr 2008
Posts: 76
Default

try rongchaua's netid it rox ,)
and this for just checkin the compiler
http://www.ntcore.com/pedetective.php
Reply With Quote
  #17  
Old 10-06-2009, 05:23 PM
webpat webpat is offline
Junior Member
 
Join Date: Oct 2009
Posts: 4
Default

This tool kiks ass ! It has detected a .NetReactor obfuscation type on my target.

Thx.
Reply With Quote
  #18  
Old 09-11-2010, 02:22 PM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Quote:
Over-write the file
@Kurapica - could you upload the PEDetective .NET signature again please?

Git
Reply With Quote
  #19  
Old 09-17-2010, 04:01 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

Hi Git

sorry but it looks like I don't have that file any more, I use the organic way !!! I mean by looking :P

anyway the signatures are obsolete now and I don't think they are useful any more, you can create a new signature using CFF suite.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #20  
Old 09-17-2010, 06:25 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

Lets be honest here, *you* can create a new signature with CFF, I don't have the knowledge

Git
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.