.net reactor 3.7.1.0 unpacked
http://momupload.com/files/91593/dp_dot_Reactor.rar.html
all method been restored.
can be viewed in reflector ,but can't run.
you need to strip the strongname, and remove all publickey check code.
Tuesday, April 29, 2008
Monday, April 28, 2008
bypass DNGuard trial's 30 days limit
i found dnguard use GetSystemTimeAsFileTime to obtain current system.
we can write a loader or a wrap dll to hook this function,and return a fake time to cheat the runtime.
we can write a loader or a wrap dll to hook this function,and return a fake time to cheat the runtime.
Friday, April 25, 2008
RE-Max v3.35 unpacker for MaxToCode v3.35
[+]support for maxtocode professional v3.35
[+]auto correct #GUID size
[*]improved support for maxtocode professional
can full unpack all methods now.
i finally have made it works with the previous virtual .net framework envionment.
but not sure if it would work for all computer.
it should work fine for most of yours.
this is *only* the upgrade file. RE-Max v1.0 is needed
RE-MaxV3.35.rar (221.07 kB)
Download Link: http://www.filesend.net/download.php?f=0c61cc559d0f7215a900df0900858d7b
RE-Max_v1.0.rar (15.17 MB) http://www.filesend.net/download.php?f=92e5de1349125c941421f918bbd23f94
i'v received several emails about re-maxV3.35 can't unpack some assemblies.
i checked those samples. found maxtocode 3.35 have a special anti for re-max.
to bypass this anti, rename "Re-MaxV3.35.exe" to other else.
[+]auto correct #GUID size
[*]improved support for maxtocode professional
can full unpack all methods now.
i finally have made it works with the previous virtual .net framework envionment.
but not sure if it would work for all computer.
it should work fine for most of yours.
this is *only* the upgrade file. RE-Max v1.0 is needed
RE-MaxV3.35.rar (221.07 kB)
Download Link: http://www.filesend.net/download.php?f=0c61cc559d0f7215a900df0900858d7b
RE-Max_v1.0.rar (15.17 MB) http://www.filesend.net/download.php?f=92e5de1349125c941421f918bbd23f94
i'v received several emails about re-maxV3.35 can't unpack some assemblies.
i checked those samples. found maxtocode 3.35 have a special anti for re-max.
to bypass this anti, rename "Re-MaxV3.35.exe" to other else.
Wednesday, April 23, 2008
abount Flow-Control-Obfuscation of Dotfuscator
many obfucator using branch instructions in Flow-Control-Obfuscation.
this can be deobfuscate easily.
dotfuscator support using switch instruction to obfuscate flow-control.
how deobfuscate this type Flow-Control-Obfuscation?
maybe we can use 2 steps to do this.
step 1:
convert switch intruction to branch instructions.*
step 2:
deobfuscate normally.
look at this picture (from rongchaua)
the problem is how to convert switch to branchs.
first, analyse the ilcode and find out switch instruction and its condition variable.
so we can got
L_0016: ldloc num
L_001a: switch(L_0014, L_0075, L_008d, L_0050)
remove above instructions and log (L_0014, L_0075, L_008d, L_0050).
and then, find out all stloc num instructions.
replace this instructions with branch instructions.
but where is the branch's target?
this according to the previous ldc.i4 n instruction of each stloc num instruction.
if n ==0 then target is L_0014.
if n ==1 then target is L_0075.
if n ==2 then target is L_008d.
if n ==3 then target is L_0050.
this can be deobfuscate easily.
dotfuscator support using switch instruction to obfuscate flow-control.
how deobfuscate this type Flow-Control-Obfuscation?
maybe we can use 2 steps to do this.
step 1:
convert switch intruction to branch instructions.*
step 2:
deobfuscate normally.
look at this picture (from rongchaua)
the problem is how to convert switch to branchs.
first, analyse the ilcode and find out switch instruction and its condition variable.
so we can got
L_0016: ldloc num
L_001a: switch(L_0014, L_0075, L_008d, L_0050)
remove above instructions and log (L_0014, L_0075, L_008d, L_0050).
and then, find out all stloc num instructions.
replace this instructions with branch instructions.
but where is the branch's target?
this according to the previous ldc.i4 n instruction of each stloc num instruction.
if n ==0 then target is L_0014.
if n ==1 then target is L_0075.
if n ==2 then target is L_008d.
if n ==3 then target is L_0050.
Monday, April 21, 2008
RE-Max 3.35 available for test (maxtocode unpacker)
[+]auto correct #GUID size
[*]improved support for maxtocode professional 3.21can full unpack all methods now.
[+]add support for maxtocode professional 3.22
[+] support maxtocode 3.35[the latest version]
the unpacker only work on special system envionment yet.i'll try to make it work with the previous virtual .net framework envionment .
currently, i only got a few maxtocode 3.3x's assemblies.
if you have any, you can post here for test.
[*]improved support for maxtocode professional 3.21can full unpack all methods now.
[+]add support for maxtocode professional 3.22
[+] support maxtocode 3.35[the latest version]
the unpacker only work on special system envionment yet.i'll try to make it work with the previous virtual .net framework envionment .
currently, i only got a few maxtocode 3.3x's assemblies.
if you have any, you can post here for test.
RE-Max v2.0 unpacker for MaxToCode v3.2x
[*]fixed bug in listing assembly files.
[+]support for maxtocode professional v3.2x
RE-MaxV2.0.rar (138.30 kB)Download Link: http://www.filesend.net/download.php...77dbe7d224ffd5
this is *only* the upgrade file.RE-Max v1.0 is needed ,
Download Link: RE-Max_v1.0.rar (15.17 MB) http://www.filesend.net/download.php?f=92e5de1349125c941421f918bbd23f94
[+]support for maxtocode professional v3.2x
RE-MaxV2.0.rar (138.30 kB)Download Link: http://www.filesend.net/download.php...77dbe7d224ffd5
this is *only* the upgrade file.RE-Max v1.0 is needed ,
Download Link: RE-Max_v1.0.rar (15.17 MB) http://www.filesend.net/download.php?f=92e5de1349125c941421f918bbd23f94
.Net Assembly Rebuilder v1.0
Dumped Assembly can be viewed in reflector but can't run or can't be opened by cecil?
try using this tool to rebuild it
.Net Assembly Rebuilder.rar (127.04 kB)
Download Link: http://www.filesend.net/download.php?f=f4c228e741c7849ae06fe9b03c241ebb
http://bigmouse.net.googlepages.com/NetAssemblyRebuilder.rar
try using this tool to rebuild it
.Net Assembly Rebuilder.rar (127.04 kB)
Download Link: http://www.filesend.net/download.php?f=f4c228e741c7849ae06fe9b03c241ebb
http://bigmouse.net.googlepages.com/NetAssemblyRebuilder.rar
Subscribe to:
Posts (Atom)