Jump to content


B@S Team
  • Content Count

  • Joined

  • Last visited

  • Days Won


yck1509 last won the day on August 17 2016

yck1509 had the most liked content!

Community Reputation

153 Excellent

About yck1509

  • Rank
  • Birthday 02/14/1996

Profile Information

  • Gender
  • Location

Previous Fields

  • Team

Recent Profile Visitors

1653 profile views
  1. yck1509

    Hello and bye

    Here is the promised reversing works that had not been publicly released. Unfortunately, many works are not transferred to my current laptop and remains at my dismantled desktop, so there are mere 2 works in this collection. =P I'll see if I could retrieve them if I got the time. If anyone got copies of my works, please feel free to share it with others. Collections.zip
  2. Hi all, I've been here for quite a few years, and I learnt a lot and had much fun with you guys. However, recently I've been feeling tired and burnout. Therefore, I've decided to stop reversing and explore other fields. I would be uploading my previous reversing works in a few days. Also, if anyone would like to take over my projects (ConfuserEx / KoiVM), please feel free to contact me. Thanks for all the things! :)
  3. Yes. You're on the right track. Try figuring out the way to reverse the * operation and xor operation.
  4. This is not a hash function; It is certainly possible to create a inverse function for it. Google modular multiplicative inverse for more information.
  5. Oops, forgot to check this thread... @Mercurio: Congrats on cracking it! :) The second check was indeed not hard. In fact, I added it just in order to make the serial look more random :P Anyway, the purpose of the CrackMe was to test the protection strength. Now you've cracked version A, maybe try version B? ;)
  6. yck1509

    KoiVM Beta

    @yq8: maybe you have a old version of KoiVM.Confuser.exe? Try re-download it again.
  7. yck1509

    KoiVM Beta

    You have to use the latest builds, not latest versions. It should supports all C# constructs, excluding some unsafe code. i.e. box, unbox, ldtoken, endfilter, initobj, constrained., sizeof should be supported.
  8. yck1509

    KoiVM Beta

    Well, it is just like those EULA, I can't really do anything if you violate it. Also, as I mentioned before, every copy of KoiVM and its output is watermarked, so I could track it and blacklist them. :)
  9. yck1509

    KoiVM Beta

    Well... you know, Confuser/ConfuserEx had been used by many malwares, so this time every copy would be uniquely watermarked. ;)
  10. @CodeCracker: Here is a file protected by just x86 ctrl flow predicate. ;) Cm.zip
  11. yck1509

    KoiVM Beta

    KoiVM is a virtualizing protector for .NET as a plugin of ConfuserEx. Fill in the form for beta version! =D https://docs.google.com/forms/d/1dZHG8lG50WrPpI0foi6nEameGM9tvo2mZDg1qHv8Bvc/viewform
  12. It seems doesn't support other predicates except normal, since it relies on pattern matching, so if you tinker around the parameters, it would not work. ;)
  13. @yq8: It seems there is a constant remains un-deobfuscated... If you couldn't solve it, here is a little hint: And no, I don't have a deobfuscator. :)
  14. See https://github.com/dotnet/coreclr It seems very similar to desktop version of .NET Also, FYI, https://github.com/dotnet/coreclr/blob/cbf46fb0b6a0b209ed1caf4a680910b383e68cba/src/inc/corjit.h#L398 // Note: Obfuscators that are hacking the JIT depend on this method having __stdcall calling convention. Which explains 0xd4d's observation at https://github.com/0xd4d/de4dot/blob/master/de4dot.mdecrypt/DynamicMethodsDecrypter.cs#L125 :P EDIT: From their wiki: https://github.com/dotnet/coreclr/wiki/Contributing It seems pretty sure most of the code is identical to desktop CLR.
  15. The function pointer you get is a pointer to the JIT-ed native code of the method, which would probably change each time you run the program. You can try to use ldftn opcode.
  • Create New...