Reverse .Net Software

Dot Net, a new trend, a new look, a new structure and a new … challenge. Completely different with what we have known, no machine code, no asm, there are only IL and VS.NET….

These articles were written in VIETNAMESE (NOT ENGLISH). Sorry for this inconvenience I wrote these articles long time ago for my team REA, all of members of this team are Vietnamese and at that time I don’t think that I will publish it to public. If you don’t know Vietnamese then take a look at this section http://hintdesk.com/category/computer-security/ . There are some articles about reversing .net there. They are all in English. Hope they will help you.

Regards.

Article 1 : Reverse .Net Software I
Introduction about Reflector
DownloadVersion: 1.0.3.4
Article 2 : Reverse .Net Software II
Introduction of Dotfuscator
DownloadVersion: 1.0.1.2
Article 3 : Reverse .Net Software III
Introduction of patching in .net
DownloadVersion: 1.0.1.1
Article 4 : Reverse .Net Software IV
Patch and strong name
DownloadVersion: 1.0.2.9
Article 5 : Reverse .Net Software V
Introduction of packer in .net - NS Pack 3.7
DownloadVersion: 1.0.0.8
Article 6 : Reverse .Net Software VI
The weakness of .net application
DownloadVersion: 1.0.0.1
Article 7: Reverse .Net Software VII
Debug, Advanced Patch and Fishing PIN
DownloadVersion: 1.0.0.3
Article 8: Reverse .Net Software VIII
A deep look about obfuscation
DownloadVersion: 1.0.0.7
Article 9: Reverse .Net Software IX
Unpack .Net Reactor 3.9.8.0
DownloadVersion: 1.0.0.0

23 thoughts on “Reverse .Net Software”

  1. nearly all the archives are corrupted… also the tools (like dedot) are unzippable… Any idea ?
    Thank you
    (these thing seems to be fantastic…)

  2. @FX: same result 🙁 winrar, winzip, 7zip…

    [winrar]:
    ! G:\Sources\Sources .NET 22\Decompilers\DeDot.zip: The archive is corrupt
    ! G:\Sources\Sources .NET 22\Decompilers\DeDot.zip: The archive is corrupt

    [7z]:
    Unsopported compression method for ‘DeDot.exe’

    Other archive: (winrar)
    G:\Sources\Sources .NET 22\Decompilers\DePhe.zip: Unexpected end of archive

  3. anh RCA oi anh up lai phan Reverse .NET Software V dc ko a, em ko tim dc phan do tren mang a, em cam on anh nhieu

  4. @Git: Would you please to post a free downloadable version of the file. I think we must pay for downloading with that link.

  5. Với lượng bài đồ sộ như vậy thì e nghĩ mình phải gọi a bằng a. hihi
    Em có 1 câu hỏi như sau: App của e viết bằng trên nền .Net nhưng e bảo vệ nó bằng PECompact và kết quả là các Tool dò tìm packer đều không nhận ra PECompact, và load App của e vào Reflector cũng ko view được. Vậy có phải app của e rất khó để reserve không ạ?
    Cảm ơn a!

  6. @Nhan pro bach: It’s hard to say that your software is difficult for reversing because I don’t have your software on hand. There are also a lot of unpackers out there on Internet. Try to find an unpacker for PE Compact, unpack your protected software and check if you can see the source code of unpacked one in Reflector.

  7. Cảm ơn a rất nhiều đã trả lời!
    Em cũng có chút đam mê về reverse. E cũng đã tìm và đọc tài liệu về cấu trúc PE File và 1 số linh tinh để có thể hiểu rõ cách tổ chức của 1 file thực thi, qua đó e muốn nghiên cứu về các packer và cách nhận biết “điểm mấu chốt” để unpack một packer. Em k muốn học cách unpack một packer cụ thể nào đó mà chỉ muốn học cái “gốc” để từ đó có thể tự tìm hiểu mọi packer. A có tài liệu nào viết về mảng này thì cho e xin nhé. Cảm ơn a.

    Ps: e muốn lợi dụng người đi trước để quá trình tìm hiểu nhanh hơn

  8. @Nhan pro bach: I gave up reverse engineering long time ago. I don’t remember much about techniques in this area. But if you want to begin with reverse engineering, you can start with this site http://tuts4you.com/download.php . There’re a lot of tutorials and tools for beginners.

  9. Hello,
    When cracking a .NET software, I can’t control the running process like on OllyDBG. So have any software, which help me to get easier in controlling .NET software when it running?
    Thank you.

  10. @Ming Ri Chan: I think there is no debugger right now for .net
    @rdc: Check in comment section. There is a link so that you can view tutorial.

  11. In those tutorial, I can see that you have used the ilasm to dump the .Net Application. Then edit it in the notepad. But that way will make the anti-virus program think your patched software is a virus because it’s integrity has changed. So has anyway to pass that problem?

  12. @Ming Ri Chan: Ilasm is just a fundamental tool. There are a lot of tools for editing an assembly. There is also an add-in for .Net Reflector for modifying assembly. I don’t remember the name of that add-in but you can search it on internet. I gave up reverse engineering long time ago. Sorry but I can’t help you more.

  13. Now I have found the tool, which was an add-in for .Net Reflector. But I have a problem when unpack the software, which packed by .Net Reactor. When I use the add-in of .Net Reflector to unpack and another way to unpack is using the de4dot, I have a different size of each files. So do you know another way, which affective unpacking the .Net Reactor?

  14. Dear Mr(s),
    I would like to try twitterOAuth app, in my eclipse platform.

    I already downloaded and added twitter apis, but I can not find your
    lib: com.Hintdesk.core.jar.

    I would greatle appreciate you help me with this jar file.

    Best Regards
    JR Moraga

Leave a Reply

Your email address will not be published. Required fields are marked *