Anything goes. Read the readme and good luck. IMO much harder than the last ver


bleh

bleh

Compatibility issues fixed. Download new ver here:

http://www.filesend.net/download.php?f=b2d0635377f3de809238f8690e0d8619

Sorry for any problems.

Thanks rendari for providing our readers with a new "challenge."

Regards,

Pleasure is all mine JMI. I've learned so much while coding this unpackme, that I can safely say it was definitely worth it

Ooh, that looks killer Thanks rendari. Why don't you go ahead and upload it to this thread as an attachment so it's more readily available months or years from now?

Thanks for the suggestion Kayaker. Original post has been modified accordingly

Hello all,

partly due to my own idiocy(+ sloppy coding), and partly due to Microsoft's idiocy (M$ is always to blame ) I have found my first compatibility bug! It appears to manifest itself only in slow machines (Pentium 3), so if the crackme crashes for you please post your specs so that I can see if my hypothesis is correct. I don't think it will affect most people. If it does, I will stop procrastinating and hasten to post an updated version of the crackme. As for now, I must study for a calculus test >.<. Peace and good luck all!

issues fixed. See original post for new download.

It crashes for me with Vista x64.
Vista is supposed to use the .Net FrameWork 3.0 (x64) out of the box.

So far, 3 Vista users have tried this unpackme. 2 (you and one other) report problems. 1 Reports that it works fine. I unfortunately do not have an available Vista machine, so it will be some time before I can figure out what the problem is on that front. I suspect it is DEP

After using Vista x64 for a while, the surprise effect when something does not work is gone.

It won't stop me from looking at it in a VM under XP.

TiGa

And that's not "really" cheating anyway!

Regards,

Hello all. I have fixed the Vista problem. It now works on 32 bit Vista fine. I assume it works on WinXP, haven't tested it there yet but I'm pretty sure everything is fine Here's the new link:

http://www.filesend.net/download.php?f=67ccb0a87cc8f2f2f8d3776f9612f129

Cheers!
-rendari

This unpackme crashes on XP64 SP2 with .NET 3.5 :\

Well I doubt .NET 3.5 is the problem, since .NET 3.5 still uses the JIT of .NET 2.0, so it must be a 64 bit thing. I can't say til I find a 64bit system to test this on...

I just wanted to say that I solved your crackme, rendari. Expect the biggest article about code injection (it's not only about your crackme) and JIT internals ever =), along with a rebuilding tool that, in my opinion, will mean the end of most (if not all) .NET protections as we know them today.

Anyway, thanks for the crackme rendari.

Cool, really looking forward to that article and that tool Daniel.

Excellent work Daniel. I think you should hold off on your opinion that this tool is the end of all .NET protections. I think I may have something to trip you up, and LibX prolly does as well :P No time to update the unpackme tho, real life is busy busy busy for me now.

High school sucks

looking forward to it, and GJ again

It would really surprise me, since my tool is a very generic one. And can be used to remove obfuscation, injection. Everything.

The only real obstacle would be removing completely the MSIL and using only native code. And I don't want to say that this is not possible, but it's not very usual.

Well we'll see. This promises to be most interesting

when Daniel says that it has got to be something special
Add me to the curiously waiting list

GEEK

Thanks. The first thing which will be released is the rebuilder tool. I'm almost done and I would have been already done if I hand't got sick AGAIN. It's the 10th time this year I get sick (fever, cough etc): I have the immune system of a 4yo, or worse. Dammit. Anyway, I am now facing an annoying bug, to fix it with the fever will take me another day I guess. And another day will be entirely dedicate into writing the guide to the tool. So, release date, if everything goes alright, is fixed in 2 days. I'm talking about the tool, of course. The JIT and injection article is perhaps more interesting to read, but it's very easy stuff compared to the tool, which basically is a re-adaption of my .NET compiler. I wrote the tool because it was a good way to test the new CFF Explorer kernel.

Woah. Sounds interesting. Hope you get better soon

As promised:

http://www.woodmann.com/forum/blog.php?b=84

Comments are welcome.