PDA

View Full Version : dotNET Reversing tutors on demand


Kurapica
08-13-2008, 11:21 AM
Hi People

In order to spread the knowledge and attract more people into dotNET RCE I will receive requests from anybody who wants to learn how to reverse a dotnet application.

After you make the request I will see If I can make a tutor about it, of course I can't reverse everything but I will try my best, Please understand that I won't crack your software or help you get a free copy of some commercial software, the only goal is to gain knowledge about this new field and share my ideas with all of you.

My only condition regarding the requests is that they are not too large in size so that I and other people who wants to apply the tutor can download quickly.

The tutors will be in Flash format of course, the targets can be either executable applications or DLL Libraries known as Components.

greetz

badman
08-13-2008, 11:41 AM
Hey
Reversing/unpacking its easy (not in my case hehe :p) it would be much interesting to see tutor on patching IL code and adding small functionality without recompiling :D like using reflexil/netdasm

Kurapica
08-13-2008, 11:48 AM
it would be much interesting to see tutor on patching IL code and adding small functionality without recompiling :D like using reflexil/netdasm

Adding functionality using Reflexil means recompiling via MonoCecil library, the problem is that not all assemblies are loadable into MonoCecil DLL which can cause problems later.

anyway thanks for the tip.

citopr
08-18-2008, 09:53 AM
I need help so so bad... I've been working at this for like 2 weeks. I have a target that is protected by XHEO Code Veil v1.2. I can't unpack it for nothing. The tutorials that I found in google didn't work.(Including tuts4you.com) None of them. I would really like help with this if you guys can help. I've been all over Goolge and can't find the answer. Can someone help me?

p.s. the target is located HERE (http://www.flashingfashionphoto.com/uploads/Centrafuse.exe)

Thanks in advanced!

badman
08-18-2008, 10:47 AM
citopr
Read tutors better, and Im pretty sure you will find the way to unpack it :)

citopr
08-18-2008, 12:14 PM
Can somebody please post a link to one that they know for sure works. That way if it still doesn't work for me then I know I'm the dummy. :) Thanks guys.

Kurapica
08-18-2008, 01:12 PM
The tutor in Tuts4you which was written by UFO works perfectly fine with codeveil, you should try again.

citopr
08-18-2008, 09:11 PM
I'll try it again. Thanks guys...

citopr
08-19-2008, 09:04 AM
ok... I got a working dump.. Is there a program that does the auto dycrypting? Because that part is extremly hard and too advanced for me. I got the first part of that tutorial done.. the second part got me baffled.

badman
08-19-2008, 09:20 AM
Are you talking about MMX stuff? If so, I dont think its used in your case. Just try to open it with reflector and see if all methods bodies are ok

citopr
08-19-2008, 09:37 AM
yes. I'm talking about the mmx part. It says that I have to do it for codeveil 1.2 just not for 1.3. O.K. if I don't have to do it for 1.2... I really don't know where to go from here. I'm really sorry for being such a nOOb. When I get good I promise to help someone else. It has a time 30 trial. You know of any tutorials on how to remove it or of what's my next move?

eguan
08-25-2008, 02:58 PM
Hi Sir, could you please help me reverse something? I think the code is somehow encrypted and all I gets after reflection is

"Expression stack is empty at offset 0006."

or

"/*
Stack is empty at 0006
at x25adc2ca6f05c4e5.x2637e979e1ce20a0.x47c79a4d20718 3de() at x25adc2ca6f05c4e5.x2637e979e1ce20a0.xf7ed8b5d3a356 83b(Int32 xdadd3e52ec363720) at x25adc2ca6f05c4e5.x2637e979e1ce20a0.xcca310a929e46 a7c(Int32 x13d4cb8d1bd20347, Int32 x2832f35f9e73679f) at x25adc2ca6f05c4e5.x2637e979e1ce20a0.x4c429db7bb96c 78c(xe4f1947afbf9c52f x1306445c04667cc7) at xb03536b881c730ad.x80decb06b0b136f1.x4c429db7bb96c 78c() at xb03536b881c730ad.xc5f99dd440b2d1db.x1be9855bf968d ec6(BinaryReader xe134235b3526fa75)

*/"


Could you please help? Any ideas?

Thanks!

Hi People

In order to spread the knowledge and attract more people into dotNET RCE I will receive requests from anybody who wants to learn how to reverse a dotnet application.

After you make the request I will see If I can make a tutor about it, of course I can't reverse everything but I will try my best, Please understand that I won't crack your software or help you get a free copy of some commercial software, the only goal is to gain knowledge about this new field and share my ideas with all of you.

My only condition regarding the requests is that they are not too large in size so that I and other people who wants to apply the tutor can download quickly.

The tutors will be in Flash format of course, the targets can be either executable applications or DLL Libraries known as Components.

greetz

Kurapica
08-25-2008, 03:34 PM
Stack is empty at 0006
at x25adc2ca6f05c4e5.x2637e979e1ce20a0.x47c79a4d20718 3de() at x25adc2ca6f05c4e5.x2637e979e1ce20a0.xf7ed8b5d3a356 83b(Int32 xdadd3e52ec363720) at x25adc2ca6f05c4e5.x2637e979e1ce20a0.xcca310a929e46 a7c(Int32 x13d4cb8d1bd20347, Int32 x2832f35f9e73679f) at x25adc2ca6f05c4e5.x2637e979e1ce20a0.x4c429db7bb96c 78c(xe4f1947afbf9c52f x1306445c04667cc7) at xb03536b881c730ad.x80decb06b0b136f1.x4c429db7bb96c 78c() at xb03536b881c730ad.xc5f99dd440b2d1db.x1be9855bf968d ec6(BinaryReader xe134235b3526fa75)

very creative request !
How am I supposed to help you ? :-[

JackTheRipper
08-27-2008, 04:43 AM
By the format of the obfuscated members name (the "x" at the beginning followed by an hex string), I think this assembly is most probably obfuscated by Xenocode PostBuild.

oracle
09-14-2008, 02:39 AM
Hi Pros,

hats off to all senior RCE pros over here, and thanks a ton for the learnings offered to amateur like...

here come my long time kept query,
In a situation where as a Single MSIL Executable contains both Managed and UnManaged Code, in this case reversing of Managed Code is as simple as reversing a pure managed code with Reflector but how it is to reverse the UnManaged Code Chunks from that Mixed Executable...

It would be greatfull to see a tutorial on this...

Here is the link containing sample mixed code.

http://rapidshare.com/files/145118471/RxSpiy.rar.html

Thanks again Pros... do keep flying...

shahram
09-14-2008, 09:38 AM
Is there a solution for XHEO licensing (not Codveil).
I mean the other product of this company named Deploy LX Licensing ?!

BR
Shahram

FREEONE
11-11-2008, 08:17 AM
I meet the same question, how to Solve it ,Maybe someone could get the help!/*
Stack is empty at 0006
在 x25adc2ca6f05c4e5.x2637e979e1ce20a0.x47c79a4d20718 3de() 在 x25adc2ca6f05c4e5.x2637e979e1ce20a0.xf7ed8b5d3a356 83b(Int32 xdadd3e52ec363720) 在 x25adc2ca6f05c4e5.x2637e979e1ce20a0.xcca310a929e46 a7c(Int32 x13d4cb8d1bd20347, Int32 x2832f35f9e73679f) 在 x25adc2ca6f05c4e5.x2637e979e1ce20a0.x4c429db7bb96c 78c(xe4f1947afbf9c52f x1306445c04667cc7) 在 xb03536b881c730ad.x80decb06b0b136f1.x4c429db7bb96c 78c() 在 xb03536b881c730ad.xc5f99dd440b2d1db.x1be9855bf968d ec6(BinaryReader xe134235b3526fa75)

*/