costy's Anti-Reflector Crackme By Costy
| Download anti-reflector_crackme_by_costy.zip, 9 kb (password: crackmes.de) Browse contents of anti-reflector_crackme_by_costy.zip Sorry for my English.
Difficulty: 2 - Needs a little brain (or luck) | RatingVotes: 4 View profile of costy » |
Solutions
Solution by MACH4, published 21. jun, 2008; download (701 kb), password: crackmes.de or browse.
MACH4 has rated this crackme as quite nice.
Solution by BeatriX, published 21. jun, 2008; download (172 kb), password: crackmes.de or browse.
BeatriX has rated this crackme as nothing special.
Discussion and comments
| BeatriX 16. Jun 2008 | Reflector 5.1.2.0 works nearly perfectly on this target...maybe you forgot something ? in 2 minutes, the crackme is solved |
|---|---|
| Ox87k 16. Jun 2008 | However the trick works fine with Reflector 5.1.1.0.. |
| Ox87k 16. Jun 2008 | Sorry for my double-post but BeatriX... i upgrade my reflector to v5.1.2.0 and the trick works still fine. Maybe you have some plugin? I mean only IL diasm works (btw this one also with 5.1.1.0) |
| Ox87k 16. Jun 2008 | LOL, solved! XD |
| costy Author 16. Jun 2008 | Sorry guys. I have "Lutz Roeder's .NET Reflector 5.1.2.0". Infact I wrote the protection and tested it on Reflector 5.1.2.0. When I click on the Button1_Click routine inside Reflector I have an error. This is what Reflector says : Bug Report for .NET Reflector 5.1.2.0 [Please describe what might have caused this error.] Translation failure in 'Anti_reflector.Form1.Button1_Click(Object, EventArgs) : Void' in 'Anti-reflector, Version=1.0.0.0, Culture=neutral, PublicKeyToken=null'. System.InvalidOperationException InnerException: Expression stack is empty at offset 00B5. System.InvalidOperationException in ឺ.ᜀ() in ឺ.() in ឺ.ᜊ(Int32 A_0) in ឺ.ᜋ(Int32 A_0) in ឺ.ᜂ(Int32 A_0, Int32 A_1) in ឺ.ᜀ(IMethodDeclaration A_0, IMethodBody A_1) in ឤ.ᜀ(IMethodDeclaration A_0) in ឥ.ᜁ(IMethodDeclaration A_0) in ᝎ.ᜀ(Boolean A_0, Boolean A_1, Boolean A_2) .NET Reflector 5.1.2.0 .NET Framework 2.0.50727.1433 Microsoft Windows NT 5.1.2600 Service Pack 2 Culture: it-IT (it-IT) [AddInManager] "C:\Documents and Settings\costy123abc\Desktop\tools\NET Reflector\addins\AutoDiagramer.dll" "C:\Documents and Settings\costy123abc\Desktop\tools\NET Reflector\addins\Reflector.FileDisassembler.dll" "C:\Documents and Settings\costy123abc\Desktop\tools\NET Reflector\addins\Reflexil.dll" [AssemblyCache] "%SystemRoot%\Microsoft.net" "%ProgramFiles%\Reference Assemblies" "%ProgramFiles%\Microsoft.net" "%ProgramFiles%\Microsoft Silverlight" [AssemblyManager] "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\mscorlib.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.Xml.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.Data.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.Web.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.Drawing.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\System.Windows.Forms.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.5\System.Core.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.ServiceModel.dll" "C:\Documents and Settings\costy123abc\Desktop\SpaghettiMe.exe" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.ComponentModel.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Runtime.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\System.Workflow.Activities.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\WindowsBase.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationCore.dll" "%ProgramFiles%\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll" "%SystemRoot%\Microsoft.net\Framework\v2.0.50727\Microsoft.VisualBasic.dll" "C:\Documents and Settings\costy123abc\Desktop\Copia di NewKeygenME.exe" "C:\Documents and Settings\costy123abc\Desktop\Crackme.exe" "C:\Documents and Settings\costy123abc\Desktop\Anti-reflector_by_Costy.exe" [LanguageManager] ActiveLanguage="Visual Basic" [WebProxy] Type="None" [WindowManager] X="157" Y="190" Width="391" Height="735" Pane="766" Maximized="true" The program asks me to send these informations to its author. I tried on another computer with the same version of reflector. Do you have another version of reflector? Do you have any plugin?? Explain better how do you make reflector works. |
| BeatriX 16. Jun 2008 | ok ok ! Yes, I have solved this crackme by reading and interpreting the Intermediate Language given by Reflector because I have the same bug than you but... in the readme, I read "You need to use another tool". So, I understood that it was a complete anti-reflector trick (even for the IL option). I think Ox87k didn't use another tool to solve it. Anyway, it is a good trick costy ! |
| Ox87k 16. Jun 2008 | Yeah BeatriX, i thought this trick works because my reflector was on C# interpreter and i wrote my first post because i didn't try to change it! After the upgrade on v5.1.2.0 i changed it and finally i understand your first post because i did the same.. just understand few IL istructions and voilà.. ;) I didn't use any other tool! :P |
| BeatriX 16. Jun 2008 | new game : modify 1 byte in Anti-Reflector to eliminate the naughty trick ! :) |
| costy Author 16. Jun 2008 | WOW BeatriX you have understood how the trick works. Fill free to explain how to remove the trick... I thought that reflector can't show the code at all... It can't show the code in Visual Basic, C#, Delphi, MC++, Chrome... but it shows the code in IL. Anyway understand the code is much difficult. The code in IL is easy to understand but my trick is still good... infact i wrote an easy algo. A difficult routine would be much difficult to understand in IL. Anyway I focused my attention to the protection... I know that the algo is easy :-) |
| MACH4 16. Jun 2008 | Yes nice one costy. very easy to break the protection using reflector and ildasm but nice to see the .NET crackmes getting interesting! @BeatriX Yes just one act to view the code! MACH4 |
| PrincessJade 17. Jun 2008 | can i get recognition since my crackme (which was rejected) inspired this one? lol |
| simonzack Moderator 17. Jun 2008 | Both challenges done! @BeatriX you encouraged me to look at why it was not user-friendly |
| costy Author 17. Jun 2008 | I have to say that this crackme was inspired by another crackme made by PrincessJade... her crackme was interesting... I patched her executable and noticed that sometimes reflector fails to load the code in Visual Basic format or c# format after the code is modified with reflexil... I decided to make this crackme focusing my attention to this reflector bug. The problem is that is still possible to see the source in IL format :-( but It's more difficult. |
| BeatriX 17. Jun 2008 | PrincessJade, good job and costy, thanks for investigation and sharing. In fact, this idea is not new in the binary protection. I just play in the same manner with other opcodes and.... even IL display mode is in a bad mood : you can read nearly nothing with any display mode. That's really funny ! :) |
| costy Author 17. Jun 2008 | Excuse me BeatriX can I know what have you exactly done?? I appended 2 extra command with reflexil at the end of the routine. This 2 extra commands where never executed but they give problems for reflector. How can you disable the IL display mode?? |
| BeatriX 17. Jun 2008 | héhé :) Listen costy, maybe you can try to code another crackme and insert these good jokes ;) I tell you in private what it is exactly. |
| MACH4 17. Jun 2008 | costy, Your giving too much away! MACH4 |
| costy Author 22. Jun 2008 | 2 good solutions. You have understood the trick. BaetriX why is the crackme nothing special?? |
| MACH4 22. Jun 2008 | well I thought it was interesting, else I wouldn't have bothered with a solution! lol Don't think it was level three though, maybe 2! All depends how much your interested in the unpacking-deobfuscating side of things! |
| BeatriX 22. Jun 2008 | huhu :) I have rated your crackme as "just ok" because we can solve it in 2 minutes. The trick is funny but not really strong (IL disasm works) and the verification routine is not terrible :) Rated "just ok" is translated as "nothing special"... I don't think there is nothing special, I never said such a thing ! MACH4 is right : if we write a solution, that means we found some interest in the analysis. @MACH4 : nice solution :) |
| costy Author 22. Jun 2008 | ok ... I understood. I will try to imporve the next one with your suggestions BeatriX |
| MACH4 23. Jun 2008 | @BeatriX Thanks mate! I thought yours was better than mine! Clear and a much smaller file size, nice to see an alternative way also! @costy Don't get upset, there was nothing wrong with your crackme, I've seen hundreds worse! at least you come up with interesting ones with fresh ideas. If it wasn't for you guys, I'd be sitting here bored having to get on with RL. lol |
| DigitalAcid 23. Jun 2008 | If you're bored of RL, you've got some issues :P. |
| MACH4 23. Jun 2008 | haha! Too many interests and too many hobbies! Nice to sit down at the computer after work and see the latest postings here! |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.