Tag: reverse engineering

How to unpack .Net Reactor?

Today I decide to write a tutorial about unpacking .Net Reactor. This is a first time I make a video tutorial. I hope that’s ok. Please feedback to me if you have questions or want to comment for my tutorials. Use Internet Explorer to open .swf files, you’ll get a better view than using Firefox.
Download tutorials:

Dedot – A deobfuscator for Dotfuscator

INTRODUCTION
Dotfuscator is the single most widely deployed obfuscation solution on .NET and every other platform combined. And Dedot is a tool which tries to do against what Dotfuscator does. It’ll be helpful in some cases if you loose your project and have only binary files, or you want to analyze some viruses,…
After decryption, a patched assembly with decrypted string will be saved at the same folder of the application. Use Reflector to see result.
This tool will be updated soonly with more functions. Now it’s on BETA version. Use it on your risk. I’ll do it when I have more time.

  • Requirements : .NET Framework 2.0
  • Version: 1.0.0.6
  • Supported Version of Dotfuscator
    • 4.2
    • before 4.2 (not sure)

Want more functions. Post a comment directly under.

NOTE

  • If this tool doesn’t work with your packed assembly, send it to me. DO NOT blame me if this one doesn’t work. I’m just a newbie.
  • The Anti-obfuscate flow control doesn’t work good. Use it on your risk. My recommend is “Don’t use this option.

LINK DOWN: When you want to post this tool to somewhere. Please post url to my site, that keeps update for this tool when you do that.

Link down: http://hintdesk.com/Web/Tool/DeDot.zip

HISTORY

  • [1.0.0.4 – 1.0.0.6] : Fix minor bug.
  • [1.0.0.3] : Anti-Flow-Control-Obfuscation was implemented successfully.
  • [1.0.0.2] : Fix some bug at decrypting Unicode String
  • [1.0.0.0] : BETA Version.

SCREENSHOT
Dedot screenshot

UPDATE 31.03.2012
Source : http://hintdesk.com/Web/Source/DeDotSource.zip

DeSmart – Deobfuscator for {SmartAssembly}

INTRODUCTION
{smartassembly} is a tool designed to produce better software, optimized, improved and protected. And DeSmart is a tool designed to do against what {smartassembly} do.

This tool is now on beta version. It renames namespace, class, and method to readable form, does some anti-obfuscate flow control.

  • Requirements : .NET Framework 2.0
  • Version: 1.0.0.9
  • Supported version of SmartAssembly
    • 3.x
    • 2.2
    • 1.x

All comments for this tool. Please post directly below

NOTE: If this tool doesn’t work with your packed assembly, send it to me.

LINK DOWN: http://hintdesk.com/Web/Tool/DeSmart.zip

HISTORY:

  • [1.0.0.9] : Bugfix in fixing branch and handling exception.
  • [1.0.0.8] : Remove strong name after deobfuscating.
  • [1.0.0.7] : Bugfix in decrypting string. It works now better.
  • [1.0.0.6] : Support SA version 3.2. I am not sure if it works with older version. Need more tests.
  • [1.0.0.4] : Restore up to 99% source code to readable form.
  • [1.0.0.3] : Decrypt String + Anti-Flow-Control-Obfuscation.
  • [1.0.0.1] : Beta Version

SCREENSHOT
DeSmart Screenshot

DeXe – Deobfuscator for Xenocode

INTRODUCTION
Strings in assembly protected by XenoCode was encrypted. This tool will help you to decrypt string into readable form. Flow control is defeated too, but this tool can not recover to 100% original code. After version 1.0.1.3, the code name of this tool will be changed to DeXe because it is a part of a series of Deobfuscator which I make for .net. After decryption, a patched assembly with decrypted string will be saved at the same folder of the application. Use Reflector to see result. This tool will be updated soonly with more functions.

  • Requirements : .NET Framework 2.0
  • Version: 1.0.1.6
  • Supported version of Xenocode Postbuild
  • To XenoCode Postbuild 2007 build 6675
  • Want more functions. Post your comment directly after this post.

NOTE

If this tool doesn’t work with your packed assembly, send it to me. DO NOT blame me if this one doesn’t work. I’m just a newbie. Tongue out

LINK DOWN

When you want to post this tool to somewhere. Please post url to my site, that keeps update for this tool when you do that.

Download: http://hintdesk.com/Web/Tool/XeCoString.zip

HISTORY

  • [1.0.1.4 – 1.0.1.6] : Fix mirror bugs
  • [1.0.1.3] : Anti-obfuscate flow control is now better
  • [1.0.0.10] : Anti-obfuscate flow control
  • [1.0.0.9] : Fix Bug bei convert string to in at ID

SCREENSHOT
DeXe Screenshot

Reverse .Net Software

Dot Net, a new trend, a new look, a new structure and a new … challenge. Completely different with what we have known, no machine code, no asm, there are only IL and VS.NET….

These articles were written in VIETNAMESE (NOT ENGLISH). Sorry for this inconvenience I wrote these articles long time ago for my team REA, all of members of this team are Vietnamese and at that time I don’t think that I will publish it to public. If you don’t know Vietnamese then take a look at this section http://hintdesk.com/category/computer-security/ . There are some articles about reversing .net there. They are all in English. Hope they will help you.

Regards.

Continue reading Reverse .Net Software

Introduction to Reverse Engineering

Reverse Engineering is a technique which man use to find and fix bug and improve the function of a programm. Learning this technique will help us to understand more and more about the operating system.
These are my tuts but they were written in Vietnamese.

  • Bài 1 : Hướng dẫn sử dụng OllyDebug I. Download
  • Bài 2 : Hướng dẫn sử dụng OllyDebug II. Download
  • Bài 3 : Thực tập với CrackMe . Download

Nowaday there is a popular series of tut for newbie which written by Lena151. According to me newbie should begin with this series. I’m sure that when you understand all of tuts in this series, your technique must be at least as same as admin REA’s. The tuts are in format of video. Very easy to understand.

Thank you ilit, P.E Onimusha for your work in translating these tut in Vietnamese.

Continue reading Introduction to Reverse Engineering