Jump to content

Alcatraz3222

Special Members
  • Content Count

    91
  • Joined

  • Last visited

  • Days Won

    17

Alcatraz3222 last won the day on October 14 2016

Alcatraz3222 had the most liked content!

Community Reputation

53 Excellent

About Alcatraz3222

  • Rank
    Member

Profile Information

  • Gender
    Male

Previous Fields

  • Team
    Team

Recent Profile Visitors

165 profile views
  1. If i'm not wrong you basically want to cast the return value of the invocation dynamically but maintain the type safety. To maintain the type safety and cast the result you can simply create a generic class which casts the value from a Type object Example: class DynamicCasting { public static T Cast<T>(T type, object input) { return (T)input; } } and then call it var invokeValue = mi.Invoke(instance, new object[] { 1337 }); var result = DynamicCasting.Cast(mi.ReturnType, invokeValue); Another way would be checking the object type and cast it Example: if (mi is string) result = mi as string; if (mi is byte[]) result = mi as byte[]; if (mi is int) result = (int)mi; Console.WriteLine(result.GetType().ToString() + result);
  2. https://blogs.msdn.microsoft.com/dotnet/2016/08/24/whats-new-in-csharp-7-0/ Extra: what's new in C# 6
  3. I found these papers interesting Advanced Unit Testing, Part I - Overview Advanced Unit Testing, Part II - Core Implementation Advanced Unit Testing, Part III - Testing Processes Advanced Unit Testing, Part IV - Fixture Setup/Teardown, Test Repetition And Performance Tests Advanced Unit Test, Part V - Unit Test Patterns Writing Your First Unit Test A Worker Thread Class For Processing Work Units All credits goes to Marc Clifton
  4. Yeah of course :P, anyway I realised that Babel has some different kind of algorithms to protect the constans. Okay guys, let's explain a bit what Babel does. this is the check Babel performs before decrypt and set the decrypted constants that method is dynamically executed everytime you call/invoke the decryption method, and makes a poor performance management. (just the ones that uses the AppDomain.CurrentDomain.GetData) I'll try to explain how the babel check works: Basically it gets all the StackFrames and checks if any of them contains "RuntimeMethod" on their Type (the declaring type), after some tests i realised that when you Invoke a member 8 StackFrames are created with the methods involved, such as "RuntimeMethodHanlder" and some more, also if you wonder why the for statement starts at 8 it's because Babel already Invokes that Check Method dynamically using InvokeMember BTW, if any of you want to test and see this by his/her self i'll put the code i used bellow. Once this being said, we should talk about what would be the best way to avoid this. my concept is this. if you can inject a delegate which points to the decryption method and you invoke it, it won't detect we are invoking it, Delegates are not called anonymous method for nothing right? :D -Proof of Concept Of course i was not going to explain something i'm not sure about, so I created a little project which proves all the methods i've talked about. Link to source code: https://github.com/Alcatraz3222/BabelConstDecrypter I'm pretty sure the source can be enhanced, however i have not more time to spend on it, feel free to do whatever you want with the project. Well this post has become pretty big :) Have fun and I hope you can learn something new from this.
  5. In fact there's not a different protection for DLL, you can check the attached DLL Babel.Ux.rar
  6. @kao, which DLL of the installed ones should I check? because none of the 3 ones I checked looks like the paid version.
  7. Nope there's not the same string encryption for Dll, you can decrypt them using CodeCracker's StringDecryptor
  8. To be honest i never tried to deobfuscate a DLL protected with Babel I'll take a look at it if you provide me one
  9. Hmm if i'm not wrong the registered version of Babel closes your app if you try to invoke the decryption method. as a small test you could try this before to invoke the method, this is what i did in past to temporarily avoid the babel protection this will execute the app you're trying to deob so beware if (Module.EntryPoint != null) { object[] parameters; if (Module.EntryPoint.Parameters.Count == 0) { parameters = new object[] { }; } else { parameters = new object[] { new string[] { } }; } try { string res = "Error invoking entrypoint"; //Thread T = new Thread(() => Task T = new Task(()=> { try { asmRex.EntryPoint.Invoke(null, parameters); } catch (Exception ex) { res = ex.Message; } }); T.Start(); Thread.Sleep(900); } catch { } maybe it's not the best way but it worked in past for me :)
  10. the newest version has some changes, and to be honest the new version is even more unsafe, like the passwords stored in your pc BTW, link updated, i missed the right license file :P
  11. Recently Aeon updated his NetSeal system, now NetSeal became that good that now your real password is stored in your system (let's hope Aeon will fix that ;)) i've updated the NetSeal Helper to support the newest version of it, so now should be working fine. link in main thread. Enjoy!
  12. Xenocode has updated .NETGuard to prevent WinDBG :P to fix that just open the file on WinDBG, and type a KERNEL32!ExitProcess ret and press enter twice you're done :D, enjoy!
×
×
  • Create New...