Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   best obfuscator for .net software (https://forum.exetools.com/showthread.php?t=12839)

mafcin 06-08-2010 04:19
best obfuscator for .net software
 
simple question - which obfuscator is the best to protect .net software?

i tried a lot of them and finally i didnt found a good one....

i know that .net software cant be protected in 100% but i want to know which one is the hardest to crack... ;)

regards

DARKER 06-08-2010 14:32
Nice feature has Salamander .NET protector:
"... it converts the decompilable Microsoft Intermediate Language code (MSIL or CIL) of your assemblies into native format ...."

We investigate some target but i can't say it's really secure ... (Maybe wrong implementation)
Code:
http://www.remotesoft.com/salamander/protector.html

mafcin 06-09-2010 21:08
hmm...
i'll try it

i've been using eziriz that represents absolutely no protection... and now i use 9rays obfuscator... i'm going to compare it with salamander... :)

Kurapica 06-10-2010 04:06
use SmartAssembly ver 4.0 or above.

salamander is crap.

mafcin 06-11-2010 05:31
Quote:
Originally Posted by Kurapica (Post 68422)
use SmartAssembly ver 4.0 or above.

salamander is crap.
i found SmartAssembly yesterday and i was pleasantly surprised when i tried to do anything with protected file... obfuscated code is invisible and for now i dont know how to deobfuscate it, but still trying :)

i dont know whether you know, but a new version has been released two days ago - i didnt use it yet but i want to know what's new, so probably i'll check it tommorow :)

dedificator 06-14-2010 22:58
[QUOTE=mafcin;68428]i found SmartAssembly yesterday and i was pleasantly surprised when i tried to do anything with protected file... obfuscated code is invisible and for now i dont know how to deobfuscate it, but still trying :)

First of all, remove second <Modules> table entry (usually empty), if one is present... (open file with CFF explorer).

tonyweb 06-15-2010 02:18
I fully quote Kurapica ... Salamander (at least version 3.5 I saw) seems to be a bluff :P

Regards,
Tony

congviet 06-29-2010 23:30
it depends on the level of cracker, with a good cracker can bypass protect.

congviet 06-30-2010 08:51
Codewall 2010 v4.0 also a tool to protect .NET applications is very good.
Quote:
http://www.codewall.net/default.aspx

Kurapica 06-30-2010 17:56
cheap tricks !

it takes us back to 2004 or even before :S

this is just my humble opinion.

bball0002 07-08-2010 23:55
Quote:
Originally Posted by congviet (Post 68602)
Codewall 2010 v4.0 also a tool to protect .NET applications is very good.
Are you a Codewall developer? Protection is worse than Reactor or Salamander. I cracked all versions of this protector, including 4.0.


On-Topic, just go with a good obfuscator like {SmartAssembly}. Most of the JIT hooking protectors don't have very good obfuscation, so once you get the IL code back it's not a hard process to crack the exe.

mafcin 07-24-2010 03:44
what do u think about that software: http://lukesw.net/apps/ProtectorLite.aspx
it's a little obfuscator made by polish student... it's not very popular and it's free for all :)

WhoCares 07-26-2010 12:28
http://www.dnguard.net/

mafcin 08-06-2010 05:38
Quote:
Originally Posted by WhoCares (Post 68864)
http://www.dnguard.net/
this is infected by a virus - dont try to install this - scanned by latest versions of ESET NOD32 and Kaspersky Internet Security 2011

bball0002 08-07-2010 00:29
lol... no it's not. I've used that software before. It's clean. Maybe VmProtect causes the false-positive?

mafcin 08-07-2010 05:59
i downloaded the latest version and it's clear, but previous that i downloaded was detected as virus below log from ESET (i dont have log from KIS because i had to reinstall it)
Code:
2010-07-26 12:36:52    HTTP Protocol Protection    file    http://www.dnguard.net/DNGuard_Trial.exe    virus type Win32/Packed.VMProtect.AAD backdoor    connection was closed - moved to quarantine
and here u can view rapport from virustotal
Code:
http://www.virustotal.com/analisis/95f70a62fa30a08c64bbeefd2b3db03dfc2c927cf32ff64d00b117cbf001c52a-1281131780
as i wrote - it's detected by NOD32 and the latest version of Kaspersky IS (2011)

shady 08-07-2010 13:58
.NET Reactor
 
use .NET Reactor .
Code:
In contrast to obfuscators .NET Reactor completely stops any decompiling by mixing any pure .NET assembly (written in C#, VB.NET, Delphi.NET, J#, MSIL...) with native machine code

Kurapica 08-07-2010 15:07
Quote:
In contrast to obfuscators .NET Reactor completely stops any decompiling by mixing any pure .NET assembly (written in C#, VB.NET, Delphi.NET, J#, MSIL...) with native machine code
that's a filthy lie :P

bball0002 08-08-2010 01:38
Quote:
In contrast to obfuscators, .NET Reactor tries to stop any decompiling by hiding all of the MSIL in the resources.

Fixed :). It's funny how most of these obfuscators just lure customers in by blatantly lying.

mafcin 08-08-2010 05:53
as i wrote in 3rd post - eziriz represent absolutely no protection
i'have problems with decompiling one program obfuscated by Reactor, but it's due to my unawareness and lack of time.

and referring to descriptions of the obfuscators - they write everything to gain new users and ipso facto earn money :)

V0ldemAr 08-12-2010 15:47
Quote:
Originally Posted by mafcin (Post 69047)
i downloaded the latest version and it's clear, but previous that i downloaded was detected as virus below log from ESET (i dont have log from KIS because i had to reinstall it)
Code:
2010-07-26 12:36:52    HTTP Protocol Protection    file    http://www.dnguard.net/DNGuard_Trial.exe    virus type Win32/Packed.VMProtect.AAD backdoor    connection was closed - moved to quarantine
and here u can view rapport from virustotal
Code:
http://www.virustotal.com/analisis/95f70a62fa30a08c64bbeefd2b3db03dfc2c927cf32ff64d00b117cbf001c52a-1281131780
as i wrote - it's detected by NOD32 and the latest version of Kaspersky IS (2011)
Must be good company if they can't afford license of VMProtect and using stolen/cracked version of it.

congviet 08-22-2010 10:20
You try MaxtoCode 2008 (v3.4) with update:
Quote:
* Complete rewrite of the kernel, making the product more secure encryption
* Enterprise Edition and Personal Edition in the kernel on the strength of distinction
* Increase the input of the interface for each function, button, option dynamic instructions, enabling more user-friendly MaxtoCode
* Added support for auto-strong named
* Enterprise Edition adds features Web Program Optimization
* Enterprise Edition adds the resulting trial version of the authorization function
* Enhanced debugging on a variety of counter-capabilities cracking process
* Adds ILdasm API access to the source data and the use of anti-anti-system function compilation tools
* The test is currently not a complete decompilation tools can read the encrypted structure, not to mention the encrypted code in the
* Authorization to increase the dongle
* Increased support for Vista
* Increase the runtime version of the file when there are differences, the intelligent processing functions.
* Increased command-line operation mode (Note: command line will cause some features not available)
* Encrypted string the user has made some adjustments
Dis# & NET reflector don't decompile the program protected by Maxtocode

romero 10-23-2010 00:29
This one is damn nice either
 
Goliath .NET Obfuscator & CodeShield
Code .NET protected from: "indiscreet eyes", "competitors" & "reverse-engineering"...
.NET Decompilation: Copyright to risk?

Goliath .NET CPU Emulator
An Virtual-CPU x86 for your .NET Application and Sophisticated Software Protection...
Still more Security to Your Software

Goliath .NET Serial-Shield
Max. Profits, Reduce the Costs and Increases the Security of .NET Application...

http://www.cantelmosoftware.com/eng/index_eng.html


All times are GMT +8. The time now is 21:21.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX