Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


richyb last won the day on May 30 2013

richyb had the most liked content!

Community Reputation

1 Neutral

About richyb

  • Rank

Previous Fields

  • Team
  1. Search for 0xd4d guide to removing the packer.
  2. Agree with KAO, In my 3+ years cracking I've come across maxtocode once. Eazfuscator would be a suitable candidate for the next to be updated and much more common that maxtocode
  3. @ledlou Install windows XP on Vmware, Compatibility mode wont work on this, it needs to be the real XP. Have you tried 0xd4d guide to decrypting confusers methods. It works on the app you mention as i just done it. You then need to decrypt the strings and crack the file which is a little more involved.
  4. DotWall Obfusactor http://www.dotwall.net/
  5. richyb

    DNGuard HVM

    Thank you for this share Jerry, Just what I've been looking for.
  6. It was just a basic crackme jesus, I know it wouldn't stop skilled reverse's, I can crack my crack me in very little time just wanted to put it out for there people to try. Take that chip of your shoulder and move on!
  7. Well done mate. think the packer messed up but ill try a harder one next time. how did you find it, easy i assume as you done it quick
  8. This is my first ever CrackMe Coded in Vb.Net I wont give hints away on how its protected but your task is to unpack/deobfuscate and post the correct password Hoping its not too easy Enjoy Download : http://www1.datafile....com/d/c1ae86b1
  9. So the program didn't run. As far as i know megadumper will only dump .net .dlls from the app. You could use WinHex to look at the app from memory and see the .dll's it has loaded, if you find the .dll dump it from there. Sounds like an interesting app, would you mind uploading it and either post or PM me. I'll be able to try and give you more help this way.
  10. You mention what happened when you ran the program?
  11. Just had a quick look, Can you confirm that if successfully cracked a message box that shows doodle actually appears as Ive got it to load a form but no message box shows. if this is not right then below is what i found In validatesignature module is the code Me.Instance = Assembly.Load(rawAssembly).GetType("[b]Share[/b]") Share is the module name in the emedded .dll in the Initialize method is the code Me.Instance.GetMethod("[b]RunWE[/b]").Invoke(Nothing, New Object() { Me.Version, Me.ProductVersion, Me.Endpoint }) "RunWE" is the method name in the module "Share" in the .dll file which controls the code IM not 100% sure but i think if you can manipulate the code in the app to call the end code which would normally open the app with a successful license then it could be cracked, for example changing RunME to SetRunHook which would run the RunHook in the Form1, it doesn't work but thats the idea. Overall with these new settings its much harder than the app i had been given, tho i would be interested if this is as secure on a proper Application as there various other ways you could potentially get around it. Anyone else tried it?
  12. Well i dont see anyone else posting info on this so i fort i would share my findings and how i cracked an app that was using NetSeal. Feel free to make a crack me then and ill try that, lets see if it lives up to your hype. What i done worked, if you have any other apps using this ill gladly take a look :), maybe he didn't use all the protection features he could of but at the end of the day if you can see and mod the code this thing is worthless. its only going to add some extra lines somewhere else in the code which are traceable and removable.
  13. Calm down mate, no need to get offensive is there! 2 posts and talking like that, great way to make friends #D*ck I'm just telling you that this app used netseal's license server and i cracked the app and the above is how i done it. Maybe it wasn't the full protection i dont know as Ive not seen the code to netseal but this is what i did to crack this app which i know used netseals license server. Eg seal.elitevs.net/Base/checksumSE.php seal.elitevs.net/User/exchange.php if your the dev, who knows maybe you are, you got a real issue then as it was done in less than 5 mins.
  14. The app which used this did have the Netseal online license system on it, using this method it removed it.
  15. This guide covers the latest version of NetSeal and assumes you have de obfuscated the application using de4dot or what ever method you prefer. Note New info from posts below suggest this is not a guide for all protection features implemented by NetSeal or how the dev has decided to code NetSeal into their app. Just basic features right now. 1) Open the app in reflector and search this string : checksumSE.php 2) You will find one method 3) Open the method then right click on the method and click "analyze" 4) Keep analyzing each of the methods found until you reach the first .ctor() 5) open .ctor() to view the code 6) in the code will be something like { base.Activated += new EventHandler(this.frmMain_Activated); base.Deactivate += new EventHandler(this.frmMain_Deactivate); base.FormClosing += new FormClosingEventHandler(this.frmMain_FormClosing); base.Load += new EventHandler(this.frmMain_Load); base.Resize += new EventHandler(this.frmMain_Resize); this.bool_0 = false; this.IO = new Class9(); this.InitializeComponent(); Class26.class25_0.ValidateCore = true; Class26.class25_0.Protection = Enum6.flag_0; Class26.class25_0.BanHook = new Class25.Delegate7(this.method_0); Class26.class25_0.Catch = true; Class26.class25_0.method_0("0E190000"); } 7) using reflexil delete everything below : this.InitializeComponent(); so you are removing Class26.class25_0.ValidateCore = true; Class26.class25_0.Protection = Enum6.flag_0; Class26.class25_0.BanHook = new Class25.Delegate7(this.method_0); Class26.class25_0.Catch = true; Class26.class25_0.method_0("0E190000"); 8) now save the app 9) run the app and it will open without any login or netseal activation request.
  • Create New...