-
-
[求助].Net Crack or Keygen me
-
发表于: 2010-1-8 19:44
-
|
|
|---|---|
|
|
If Valid Key (OK) Show
|
|
|
Just Cracked and De-Obfuscate, I have no time to make a keygen.
 You can put any key(except empty) to register this crackme. A little slow when click second 'Next' button.  I'm not sure other machines can run this cracked version well, So if has any issue, please contact me. This CrackMe not suitable for beginners.  
|
|
|
Thanks tease My System Win 7 not show OK Active Label
|
|
|
Oh, I have not been tested on Win7 system.
 Please try this new one. If has any issue, please let me know. 
|
|
|
Thank You Very Very Much tease You Are Nice Cracker
 tease how Cracked This file Please explain
|
|
|
I still working in the office now.
I will explain it this weekend. |
|
|
Thank you very much tease
|
|
|
This crack me is very interesting. It's contains lots of useless controls and code.
We just see part of form window. The truth like this:  So it's very difficult to find out which is the ture or fake. OK, just follow me to crack it. Step1: De-Obfuscate We can use reflector to open this assembly, It's easy to find out that Obfuscated by {SmartAssembly}. Then we use ildasm.exe to dump IL code, but we can not use ilasm.exe to compile it.  The reson is ildasm.exe can not dump resource file which contains invalid file name. So we use a tool called 'resource tool' to solve this problem. Detail:http://www.onlydonet.com/view.aspx?id=29 DownLoad: http://www.onlydonet.com/uploads/2009/09/3ebba77882f648d99407512ad848fda0.rar using this tool we can dump il code and all resource files, and it's easy to round-tripping with ilasm.exe and ildasm.exe now. We can use UE open the il code which dumped by 'resource tool' and replace all strange charaters to normal words. Then use ilasm.exe to compile it.  But this assembly can not run it. It will show 'out of index...' exception. In face this error was caused by resource, the 'resouce tool' changed all resource name, but in the IL code the resource name have not been changed. So we can search this code: System.Reflection.Assembly::GetManifestResourceStream It's easy to be found this code: ldstr bytearray (08 20 09 20 03 20 0A 20 08 20 08 20 02 20 02 20 // . . . . . . . .
00 20 01 20 04 20 04 20 05 20 ) // . . . . .
callvirt instance class [mscorlib]System.IO.Stream [mscorlib]System.Reflection.Assembly::GetManifestResourceStream(string)
newobj instance void [mscorlib]System.IO.BinaryReader::.ctor(class [mscorlib]System.IO.Stream)
.
Replace bytearray to string 'R4' ('R4' is the resource name that comes from 'resource tool' auto generated) using the ilasm.exe to compile it agagin. Now the new assembly can be running. Step2: Cracking. After De-Obfuscate, it's much more easy to analyze. we have lots of ways now: 1, we can use reflector to export all source code and using VS to modify it. 2, we can use Windbg+SOS to debug it. 3, we can use DOTNET Tracer to track it.  Now we use reflector to analyze 'Tease11.Tease1'  Modify the flow, The 'OK active lable' will be shown. Not very hard, Right? |
|
|
Thanks tease For Nice Solution
|
|
|
|
|
|
|
|
|
|
