.Net Reactor Unpacker, (for library mode only)

bigmouse · #1 05-03-2008, 06:26 AM

after unpack, use my .Net Assembly Rebuilder to rebuild the unpacked assembly.

download:
http://momupload.com/files/92257/Rea...acker.rar.html

tankaiha · #2 05-03-2008, 07:04 AM

great job!

an advice, add log message function, so we know what's going on when the unpacker does not response.

Andu · #3 05-03-2008, 07:52 AM

Wow!

Bigmouse you did it again!

Now I have to look for another solution

Anyway, it's better to know beforehand than after, isn't it

Regards,

Andu

tankaiha · #4 05-03-2008, 08:21 AM

i get an half finished solution, by jit hook.
i use reflection+invoke, then catch the msil from jit. but i can only get all methods except .ctor and .cctor.
when invoke constructors and static constructors, always get exception.
still don't know how to solve this poblem. hope bigmouse can help

bigmouse · #5 05-03-2008, 08:24 AM

its library mode decrypted the whole assembly at once.
the only problem is , after decrypted, its also wiped some header values.
we can use disk image to fixthe memory image .
after fixed, dump memory section.

seems to .net reactor itself using a diffent protection type.
it only decrypt one type each time, but also can by easily unpacked.

here is the unpacked file of its latest version v3.7.9.1
http://www.filesend.net/download.php...7e8d91d8892519

bigmouse · #6 05-03-2008, 08:28 AM

Quote:

Originally Posted by tankaiha

i get an half finished solution, by jit hook.
i use reflection+invoke, then catch the msil from jit. but i can only get all methods except .ctor and .cctor.
when invoke constructors and static constructors, always get exception.
still don't know how to solve this poblem. hope bigmouse can help

System.Activator.CreateInstance will invoke .ctor internal.
and also .cctor will be invoked impliedly

Andu · #7 05-03-2008, 08:34 AM

Hey bigmouse,

maybe you want to give the developer of .Net Reactor some tips how he can harden his protection. I'm almost confident that he's aware of this discussion

Regards,

Andu

bigmouse · #8 05-03-2008, 08:45 AM

to be a obfuscator , its not so bad.
to be a protector , its a big joke.

Andu · #9 05-03-2008, 08:49 AM

On a scale from 1 to 10 (strongest), how good do you think is the remaining protection strength of an unpacked, but still obfuscated assembly

A) for not getting the original program code back

B) for protection against cracking the program (if strongly signed)

?

tankaiha · #10 05-03-2008, 09:31 AM

Quote:

Originally Posted by Andu

Hey bigmouse,

maybe you want to give the developer of .Net Reactor some tips how he can harden his protection. I'm almost confident that he's aware of this discussion

Regards,

Andu

jit-hook unpack is a general approach, not paticularly aim at .Net Reactor.

@:bigmouse
thanks for the tip about CreateInstance

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode