My protection try-out

LibX · #1 04-16-2008, 07:10 AM

Its pretty much alpha code so don't expect to much of it,
also i only tested it with windows xp so i realy don't know if its even running on vista

Regards
LibX

Marcello · #2 04-16-2008, 10:23 AM

Quote:

Originally Posted by LibX

Its pretty much alpha code so don't expect to much of it,
also i only tested it with windows xp so i realy don't know if its even running on vista

Regards
LibX

Hi LibX,

.Net is a vulnerable platform! Better wait a native compiler from Microsoft

I appreciate you because at least you try to find a solution to the problem of decompilation of our .NET application. Perhaps you can sell your "idea" to some company

You implements an your protection software but uses other tools to obscure your code?

See here

best regards,
Marcello Cantelmo
www.cantelmosoftware.com

LibX · #3 04-16-2008, 10:34 AM

And maby u should check the code for real this time and find out one of the functions is totualy converted to a VM stucture and u didn't unpack anything the code is still encrypted

The obfuscation is just there to prevent easy analyzing.

Basicly u didn't do anything yet :P

LibX · #4 04-16-2008, 10:55 AM

Ow and i forgot this:
<removed>

Its ur obfuscator totualy deobfuscated (control flow only renaming doesnt help anyway it just makes it easyer to save to a file) copy of ur obfuscator

Regards
LibX

Marcello · #5 04-16-2008, 12:06 PM

Quote:

Originally Posted by LibX

Ow and i forgot this:
<removed>

Its ur obfuscator totualy deobfuscated (control flow only renaming doesnt help anyway it just makes it easyer to save to a file) copy of ur obfuscator

Regards
LibX

good work mr. cracker!

regards,
Marcello Cantelmo
www.cantelmosoftware.com

LibX · #6 04-16-2008, 12:29 PM

Quote:

Originally Posted by Marcello

good work mr. cracker!

regards,
Marcello Cantelmo
www.cantelmosoftware.com

hehe thx

Now go and own my protection i wanna see code :P

bigmouse · #7 04-17-2008, 01:12 AM

seems to like what slm does, even simple .
slm use a vm to execute protected method,decrypted at instruction level.

your protector use System.Reflection.Emit.DynamicMethod to excute protected method.
after you construct DynamicMethod object, we can get back org methodbody from it.

rendari · #8 04-17-2008, 02:00 AM

Hmm, never knew about that protection method. Seems like I got a lot to learn. I'll take a look at it if I get time :S

LibX · #9 04-17-2008, 08:34 AM

Quote:

Originally Posted by bigmouse

seems to like what slm does, even simple .
slm use a vm to execute protected method,decrypted at instruction level.

your protector use System.Reflection.Emit.DynamicMethod to excute protected method.
after you construct DynamicMethod object, we can get back org methodbody from it.

Basicly they both use the same, but microsoft has the great advantage they have access to all internal sources ;p so they made a far easyer to handle DynamicMethod, but about the VM part its not realy a VM (at least for as far i got analyzing the protection)

About the methodbody, u wont get the original methodbody back

but u will find out soon enough

regards
LibX

bigmouse · #10 04-18-2008, 02:04 AM

DynamicMethod object is enough for me to get back the original methodbody .

i can't get your testsample run on the following OS.
Win98 + .Net V2.0.50727 [VMWare]
WinMe + .Net V2.0.50727 [VMWare]
Win2000 + .Net V2.0.50727 [VMWare]
Win xp + .Net V2.0.50727 [VMWare]
Win2003 + .Net V2.0.50727 [my pc]

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode