I'm quite interested as to how people will approach this A version with much stronger security is currently in the works, but frankly I do not know where security needs to be added, since there is so little info on .NET unpacking about. So, please unpack it and tell me what you think and/or write a tutorial

http://crackmes.de/users/tfb/cryxenet_0.01a/

Weak encryption is weak.

Plan to fix that ASAP. But hey, at least its on par with Xheo Codeveil, which costs $1600

CodeVeil is crap

Here is my solution, the dumped and patched file. It is easy to unpack with deprotect (Google it).

My generic unpacker was also working flawless on it, everything using Assembly.EntryPoint.Invoke is generically unpack able.

Well I'll have to think of some way to fix that now, won't I?

Good work both LibX, TQN. Expect a newer version soon where I shall try and close the Assembly.EntryPoint.Invoke hole.

Write a protector using JIT Hooking
But also thats possible to unpack :P

I am going to avoid JIT hooking completely because M$ might change something in the .NET CLR in later versions, leading to compatibility issues.

Speaking of which, a lot of the procedures in mscowks have no names. How am I supposed to find their offsets then? :/

Download the pdb (IDA can do this itself) from the microsoft symbol server, that should give u everything u need

Alright, cool will check it out

I'm not an EXPERT REVERSER by any means, but this one was unpacked via a hex editor and a C compiler, without running a single byte of your crackme's code. (I just read the bytecode and figured out the encryption algorithm, since compared to i386 the .NET VM is almost trivial. Descriptive function names also help quite a bit.)

In other words, try importing .NET functions by ordinal if you can

Alright, alright, I'll put a bit more work into it with the next version.
Don't think you can do much about .NET imports btw, since they have their own little system. Will look into it, as you can see I still have a lot to learn about .NET

Or why dont use M$ own tool ILDASM , commonly found in sdk directory

Well Dotfuscator does it like that and thats one of the best obfuscators at the moment
Not real code protection though

How to unpack pure .NET Packer with Reflexil:

1)I found the function which calls EntryPoint.Invoke: in this case


public void c()
{
Assembly.Load(this.d).EntryPoint.Invoke(null, null);
}


2) At this point I used the new plugin:
Into reflexil window: right click and select "Replece all with code".
Into the c# source I added using System.IO; and into the c() function this:


FileStream fs = new FileStream(@"C:\dump.exe",FileMode.Create,FileAccess.Write);
fs.Close();

Now click on "Preview IL" and if all is ok click on "OK"

3)Manual insertion of IL code:
now insert after the first stloc.0 these IL codes, in this way, we can use local variables and functions:

ldloc.0
ldarg.0
ldfld uint8[] a:biggrin.gif
ldc.i4.0
ldc.i4 0x927c1
callvirt instance void [mscorlib]System.IO.FileStream::Write(uint8[], int32, int32)


aka stream.Write(this.d, 0, 0x927c1);
For more info about doing it view the UFO-Pu55y video tutorial.

4)Save the file, and run it: a running dump will create at c:\

The patched file: hxxp://www.megaupload.com/?d=633TI0BN