Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 04-16-2008, 07:10 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default My protection try-out

Its pretty much alpha code so don't expect to much of it,
also i only tested it with windows xp so i realy don't know if its even running on vista

Regards
LibX
Attached Files
File Type: zip TestRun.zip (55.8 KB, 47 views)
  #2  
Old 04-16-2008, 10:23 AM
Marcello Marcello is offline
Member
 
Join Date: Apr 2008
Location: Lizzanello (Lecce) - Italy
Posts: 6
Send a message via MSN to Marcello
Default

Quote:
Originally Posted by LibX View Post
Its pretty much alpha code so don't expect to much of it,
also i only tested it with windows xp so i realy don't know if its even running on vista

Regards
LibX
Hi LibX,

.Net is a vulnerable platform! Better wait a native compiler from Microsoft

I appreciate you because at least you try to find a solution to the problem of decompilation of our .NET application. Perhaps you can sell your "idea" to some company

You implements an your protection software but uses other tools to obscure your code? See here

best regards,
Marcello Cantelmo
www.cantelmosoftware.com
__________________
[url]http://www.cantelmosoftware.com[/url]
  #3  
Old 04-16-2008, 10:34 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

And maby u should check the code for real this time and find out one of the functions is totualy converted to a VM stucture and u didn't unpack anything the code is still encrypted
The obfuscation is just there to prevent easy analyzing.

Basicly u didn't do anything yet :P
  #4  
Old 04-16-2008, 10:55 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Ow and i forgot this:
<removed>

Its ur obfuscator totualy deobfuscated (control flow only renaming doesnt help anyway it just makes it easyer to save to a file) copy of ur obfuscator

Regards
LibX
  #5  
Old 04-16-2008, 12:06 PM
Marcello Marcello is offline
Member
 
Join Date: Apr 2008
Location: Lizzanello (Lecce) - Italy
Posts: 6
Send a message via MSN to Marcello
Default

Quote:
Originally Posted by LibX View Post
Ow and i forgot this:
<removed>

Its ur obfuscator totualy deobfuscated (control flow only renaming doesnt help anyway it just makes it easyer to save to a file) copy of ur obfuscator

Regards
LibX
good work mr. cracker!

regards,
Marcello Cantelmo
www.cantelmosoftware.com
__________________
[url]http://www.cantelmosoftware.com[/url]
  #6  
Old 04-16-2008, 12:29 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by Marcello View Post
good work mr. cracker!

regards,
Marcello Cantelmo
www.cantelmosoftware.com
hehe thx
Now go and own my protection i wanna see code :P
  #7  
Old 04-17-2008, 01:12 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

seems to like what slm does, even simple .
slm use a vm to execute protected method,decrypted at instruction level.

your protector use System.Reflection.Emit.DynamicMethod to excute protected method.
after you construct DynamicMethod object, we can get back org methodbody from it.
  #8  
Old 04-17-2008, 02:00 AM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Hmm, never knew about that protection method. Seems like I got a lot to learn. I'll take a look at it if I get time :S
  #9  
Old 04-17-2008, 08:34 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by bigmouse View Post
seems to like what slm does, even simple .
slm use a vm to execute protected method,decrypted at instruction level.

your protector use System.Reflection.Emit.DynamicMethod to excute protected method.
after you construct DynamicMethod object, we can get back org methodbody from it.
Basicly they both use the same, but microsoft has the great advantage they have access to all internal sources ;p so they made a far easyer to handle DynamicMethod, but about the VM part its not realy a VM (at least for as far i got analyzing the protection)

About the methodbody, u wont get the original methodbody back but u will find out soon enough

regards
LibX
  #10  
Old 04-18-2008, 02:04 AM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

DynamicMethod object is enough for me to get back the original methodbody .

i can't get your testsample run on the following OS.
Win98 + .Net V2.0.50727 [VMWare]
WinMe + .Net V2.0.50727 [VMWare]
Win2000 + .Net V2.0.50727 [VMWare]
Win xp + .Net V2.0.50727 [VMWare]
Win2003 + .Net V2.0.50727 [my pc]
Closed Thread


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.