Jump to content

yck1509

B@S Team
  • Content Count

    258
  • Joined

  • Last visited

  • Days Won

    50

yck1509 last won the day on August 17 2016

yck1509 had the most liked content!

Community Reputation

153 Excellent

About yck1509

  • Rank
    Fish
  • Birthday 02/14/1996

Profile Information

  • Gender
    Male
  • Location
    There

Previous Fields

  • Team
    This

Recent Profile Visitors

1,540 profile views
  1. yck1509

    Hello and bye

    Here is the promised reversing works that had not been publicly released. Unfortunately, many works are not transferred to my current laptop and remains at my dismantled desktop, so there are mere 2 works in this collection. =P I'll see if I could retrieve them if I got the time. If anyone got copies of my works, please feel free to share it with others. Collections.zip
  2. Hi all, I've been here for quite a few years, and I learnt a lot and had much fun with you guys. However, recently I've been feeling tired and burnout. Therefore, I've decided to stop reversing and explore other fields. I would be uploading my previous reversing works in a few days. Also, if anyone would like to take over my projects (ConfuserEx / KoiVM), please feel free to contact me. Thanks for all the things! :)
  3. Yes. You're on the right track. Try figuring out the way to reverse the * operation and xor operation.
  4. This is not a hash function; It is certainly possible to create a inverse function for it. Google modular multiplicative inverse for more information.
  5. Oops, forgot to check this thread... @Mercurio: Congrats on cracking it! :) The second check was indeed not hard. In fact, I added it just in order to make the serial look more random :P Anyway, the purpose of the CrackMe was to test the protection strength. Now you've cracked version A, maybe try version B? ;)
  6. yck1509

    KoiVM Beta

    @yq8: maybe you have a old version of KoiVM.Confuser.exe? Try re-download it again.
  7. yck1509

    KoiVM Beta

    You have to use the latest builds, not latest versions. It should supports all C# constructs, excluding some unsafe code. i.e. box, unbox, ldtoken, endfilter, initobj, constrained., sizeof should be supported.
  8. yck1509

    KoiVM Beta

    Well, it is just like those EULA, I can't really do anything if you violate it. Also, as I mentioned before, every copy of KoiVM and its output is watermarked, so I could track it and blacklist them. :)
  9. yck1509

    KoiVM Beta

    Well... you know, Confuser/ConfuserEx had been used by many malwares, so this time every copy would be uniquely watermarked. ;)
  10. @CodeCracker: Here is a file protected by just x86 ctrl flow predicate. ;) Cm.zip
  11. yck1509

    KoiVM Beta

    KoiVM is a virtualizing protector for .NET as a plugin of ConfuserEx. Fill in the form for beta version! =D https://docs.google.com/forms/d/1dZHG8lG50WrPpI0foi6nEameGM9tvo2mZDg1qHv8Bvc/viewform
  12. It seems doesn't support other predicates except normal, since it relies on pattern matching, so if you tinker around the parameters, it would not work. ;)
  13. @yq8: It seems there is a constant remains un-deobfuscated... If you couldn't solve it, here is a little hint: And no, I don't have a deobfuscator. :)
  14. See https://github.com/dotnet/coreclr It seems very similar to desktop version of .NET Also, FYI, https://github.com/dotnet/coreclr/blob/cbf46fb0b6a0b209ed1caf4a680910b383e68cba/src/inc/corjit.h#L398 // Note: Obfuscators that are hacking the JIT depend on this method having __stdcall calling convention. Which explains 0xd4d's observation at https://github.com/0xd4d/de4dot/blob/master/de4dot.mdecrypt/DynamicMethodsDecrypter.cs#L125 :P EDIT: From their wiki: https://github.com/dotnet/coreclr/wiki/Contributing It seems pretty sure most of the code is identical to desktop CLR.
  15. The function pointer you get is a pointer to the JIT-ed native code of the method, which would probably change each time you run the program. You can try to use ldftn opcode.
×
×
  • Create New...