Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #11  
Old 04-18-2008, 06:05 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by UFO-Pu55y View Post
Well..
Name: UFO-Pu55y
Serial: 35383B9D4C7F2E71B2FE7717B40B0776

It doesn't :? At least it did for me.. also on Vista in VM.

Anyway my current level of knowledge wouldn't allow me to keygen it.
I'm far off behind

And tracing the interesting baby in Olly..
Code:
L_0037: callvirt instance string ./::Invoke(string)
L_003c: callvirt instance uint8[] [mscorlib]System.Text.Encoding::GetBytes(string)
L_0041: stloc.2
.. is a farce. Without symbols and stuff you're lost at once. I think unless you're an alien,
this approach won't help anybody keygenning it

PS: I'm generally working on getting .net method lables into Olly....
Well it works on my computer also, but that doesn't mean anything yet :P
Reply With Quote
  #12  
Old 04-18-2008, 06:28 AM
rongchaua rongchaua is offline
Senior Member
 
Join Date: Apr 2007
Posts: 91
Default

Hi LibX,
how about my question? Is that the method for checking serial number?
__________________
My site: http://rongchaua.net
Reply With Quote
  #13  
Old 04-18-2008, 06:44 AM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by rongchaua View Post
Hi LibX,
how about my question? Is that the method for checking serial number?
Yes, at least its a part of it
Reply With Quote
  #14  
Old 04-18-2008, 09:59 AM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Serial Works fine on my computer too UFO. GJ. 2 questions:
1) How did you resolve mscorlib symbols in olly?
2) What plugin did you use for conditional BP?
Reply With Quote
  #15  
Old 04-18-2008, 12:35 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

Quote:
Originally Posted by rendari View Post
1) How did you resolve mscorlib symbols in olly?
Still manually :-/ Man, that sux. But once you've labeled them,
they seem to be valid for every loaded .net app. And this feels nice !
For example mscorlib.dll: The labels will stay in Olly's mscorlib.ni.udd (not mscorlib.udd !),
since this dll is loaded from GAC, unlike the other ones :?
Anyway.. atm I go like this: Assembling a DoNothing.IL, which contains nothing but a shitload of calls to methods.
Then I load it into Olly and brake on that method (via BP at compileMethod).
Well, and then once arrived in the jitted stuff, simply following the calls
and labeling them (SHIFT + ":"). Olly will remember them anyway..
(Btw, there's this LabelMaster plugin, but loading the required files each time sux.)

Quote:
2) What plugin did you use for conditional BP?
No plugin. Simply SHIFT + F2...
I'm also new to this. There's some info in olly.hlp ofc, but it needs some time figuring it out.
I think cond. BPs are atm the only way to go, when dealing with net in olly.
And I never liked the handling of PEBrowse (this keygenme kills it anyway
by checking for PEBrowseDotNETProfiler.dll or something ? I dunno)

But what sux most is, there are no symbols to share, yet.
Coz the RVAs for the methods will be different on another box anyway :/
But at least a portable script for braking at a desired method is doable.
I cool plugin needs to be finally written !!!

/EDIT
Sry SHIFT + F4 for cond. BP with log ofc

Last edited by UFO-Pu55y : 04-18-2008 at 12:52 PM.
Reply With Quote
  #16  
Old 04-18-2008, 04:03 PM
rendari rendari is offline
Member
 
Join Date: Aug 2007
Posts: 39
Default

Hmm, never would have thought of using the UDDs... I always wipe them from target to target, to keep my directory clean.

Unfortunately, on Vista the DLLs always load into different locations, so I dont think your method would work for me. Still have to find some way to resolve symbols on this bitch, but like I said I have next to no experience with that :S
Reply With Quote
  #17  
Old 04-18-2008, 05:31 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

Quote:
Originally Posted by LibX View Post
Well post a serial and see if it works for other people :P

But very nice tutorial i must say
Intel Cpu
Name: bigmouse
Serial: 70797F994C7A6B75F6BA7317F10E0372


Amd Cpu
Name: bigmouse
Serial: 7F619901477229E06A5AABF546911142
Reply With Quote
  #18  
Old 04-18-2008, 07:28 PM
UFO-Pu55y UFO-Pu55y is offline
Senior Member
 
Join Date: Jan 2007
Posts: 87
Default

Nice. I also noticed the "IntelGenuine" string today...

@bigmouse:
I guess you're on custom tools ?

Last edited by UFO-Pu55y : 04-18-2008 at 07:30 PM.
Reply With Quote
  #19  
Old 04-18-2008, 09:24 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Nice to see u people make progress
But i didn't see a keygen yet :P

Btw working on final version, it will be virtualy impossible to debug
Reply With Quote
  #20  
Old 04-18-2008, 10:55 PM
bigmouse bigmouse is offline
Senior Member
 
Join Date: Sep 2007
Posts: 125
Default

keygenLibx.rar (132.80 kB) :

Download Link: http://www.filesend.net/download.php...742604efccf2a3

could you explain the usage of "Math.IEEERemainder"?
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.