Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > .NET Reverse Engineering
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #21  
Old 06-19-2009, 06:29 PM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

@ LibX: Although I appreciate you offering and would want to know what you have to say in that regard I'm - as I already said several times - the wrong person as I'm not the developer of .Net Reactor.

@ All: There seem to be major changes in the current version that justify another look at the protection and maybe you will realize that it's not as bad as some of you think. But maybe I'm totaly wrong with this as I don't have the skills to verify or falsify this assumption.

I don't expect that anybody of you is going to take the challenge but if you do please post your experience.
Reply With Quote
  #22  
Old 06-19-2009, 06:49 PM
LibX LibX is offline
Administrator
 
Join Date: Feb 2007
Location: The Netherlands
Posts: 118
Default

Quote:
Originally Posted by Andu View Post
@ LibX: Although I appreciate you offering and would want to know what you have to say in that regard I'm - as I already said several times - the wrong person as I'm not the developer of .Net Reactor.
Yeah you just happend to be some random software developer hanging around on this forum for about 2 years asking over and over again about one and the same protection system we labeled "crappy" for countless of time but you just keep trying

And you keep saying over and over again after every cracked sample that you need to get some other protection system.....but you never do.
Could you please explain why?
And maby its really time to move to something better i totally agree but why do you need us to prove that for you over and over again? Its plain boring.

I want to add to this that i cant think of *any* software developer that keeps looking at a protection system like you do and even promoting it after witnessing countless successful cracking attempts thats just insane weird.
Reply With Quote
  #23  
Old 06-19-2009, 07:25 PM
Andu Andu is offline
Member
 
Join Date: Apr 2008
Posts: 46
Default

Quote:
Originally Posted by LibX View Post
Yeah you just happend to be some random software developer hanging around on this forum for about 2 years asking over and over again about one and the same protection system we labeled "crappy" for countless of time but you just keep trying

And you keep saying over and over again after every cracked sample that you need to get some other protection system.....but you never do.
Could you please explain why?
Well... of course I can. I'm developing a program in my free time for about 3 years now (no, not .Net Reactor but the program I'm going to protect). As I'm also interested in this whole protection 'game' I like to read in forums like this one. So what's wrong about asking you people what you think about certain protections? I know that you crack programs for the sake of fun and not to ruin software developers and that soft targets are not very rewarding.
Maybe my search for a capable protecion system looked like advertising to you. Let me assure you that this was never my intention.

Quote:
Originally Posted by LibX View Post
And maby its really time to move to something better i totally agree but why do you need us to prove that for you over and over again? Its plain boring.
Yes maybe but maybe not. In the beginning .Net Reactor protected programs may have been easy to crack but as I said I think that there was an evolution going on.

So if it is that crappy and if it is that easy then why don't you simply demonstrate it to us? Shouldn't take too long, right

And if you do you can be sure that I'll remain quiet.

PS: It was not me that brought it to the table again
Reply With Quote
  #24  
Old 07-30-2009, 06:12 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Hey guys, 1 month has passed and I'm curious if anyone has spent any time with FarJump's crackme..

@FarJump: since you are member of beta test program, do you have any information when official .NET Reactor 4.0 is coming out? I checked their webpage but there's no specific date given.
Reply With Quote
  #25  
Old 07-30-2009, 11:05 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

kao :

It's not wise to spend any time on the beta version, at least we want a full stable version to try, anyway I find the new SmartAssembly 4.0 more interesting to try, you should check it out.
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #26  
Old 10-12-2009, 08:06 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Ok, now that final version of Reactor 4.0 is out, I can post my solution to crackme (hxxp://www.mediafire.com/?rtdnnxyjmoj)..

There are some changes in protection code from 4.0beta to 4.0final but they are not that important. Approach used in my solution still works.
I did not write a full tutorial and most likely never will. The guys who already know how Reactor works don't need a tutorial. The guys who don't know should study it themselves.

Have fun,
kao.

Last edited by kao : 10-13-2009 at 04:40 AM. Reason: Updated solution (thanks to Farjump for testing and commenting)
Reply With Quote
  #27  
Old 10-12-2009, 11:54 AM
Kurapica Kurapica is offline
Senior Member
 
Join Date: May 2006
Location: Archives
Posts: 357
Default

very nice solution.

respect
__________________
Life can only be understood backwards but It must be read forwards.
Reply With Quote
  #28  
Old 10-12-2009, 02:23 PM
FarJump FarJump is offline
Member
 
Join Date: Jun 2009
Posts: 14
Default

kao, is your patched exe intended to run? it crashes on all installed systems.
Reply With Quote
  #29  
Old 10-12-2009, 04:03 PM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

@Farjump: Of course, it's supposed to run.
I couldn't make it crash on any system I have available (32bit XP/Vista English, different service packs, different .NET versions and hotfixes). Please, could you give info about your OS/installed version of .NET framework and hotfixes/exception text?

What I can tell you already:
1) Most likely it won't run on 64-bit machine/OS. Blame .NET Reactor for not setting Assembly flags correctly. Bug seems to be fixed in final release of Reactor 4.0;
2) There are some anti-debug tricks used by .NET Reactor, therefore EXE may not run under your favorite debugger/unpacking tool. Try clean PC instead;
3) I ignored certain parts of .NET Reactor code that are never used on my test PC. If that's the case, I'll gladly fix my errors.

Cheers,
kao.
Reply With Quote
  #30  
Old 10-12-2009, 04:32 PM
FarJump FarJump is offline
Member
 
Join Date: Jun 2009
Posts: 14
Default

The exception message: "Unhandled Exception: System.AccessViolationException: Attempted to read or write protected memory. This is often an indication that other memory is corrupt."

As I only have x64 systems(XP/Vista/Win7-Beta) installed the problem could be related to the pre-jit feature which should convert small methods into native x86 code. I recognized not all small methods are converted to native code but probably enough to prevent ildasm-ilasm round trips. However, the original crackme works fine on my x64 systems.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.