Tag: RCE

Simple Assembly Explorer (SAE) – Another great .NET disassembler

Hello all mates,

After the New year holiday, i totally focus on my study courses, because i will be graduated this June, so i don’t have free time for my hobby – Reverse Engineering. However, i will try to update news and introduce to you guys interesting stuffs or helpful tools. And today is an short topic to show you about a tool named Simple Assembly Explorer (SAE) which is written by WiCKY Hu.- an open-source and lightweight but powerful .NET disassembler, can be compared to famous (but expensive) shareware .NET Reflector :).

With people who’re using .NET Reflector and some tool like that (JustDecompile – I have a short introduction topic here), sometimes those tools can’t decompile some strange assembly, especially obfuscated/encrypted. So they gave us wrong code or can not browse method to take a look inside, or simply show a error message. i dealt with many many .NET targets, and yes, .NET Reflector is not enough. Because it’s too famous and powerful, but they (crackers/coders) also find many way to anti .NET Reflector. So SAE is my choice, for those cases. By reading assembly and directly decompile code to IL code, everything is really clearly, and i am able to read, analyze and modify code without any restriction. If you want to modify code in .NET Reflector, you need to use Reflexil, but in this tool, code modifying is intergrated. It’s not all, there are more cool features waiting you.:D Here the info i grabbed from its page:

Assembler: call ilasm to assemble il file
Disassembler: call ildasm to disassemble assembly
Deobfuscator: de-obfuscate obfuscated assembly
Strong Name: remove strong name, sign assembly, add/remove assembly to/from GAC
PE Verify: call peverify to verify assemblies

Class Editor: browse/view assembly classes, edit method instructions
Run Method: run static methods
Profiler: Trace function calls and parameters with SimpleProfiler

Relector: plugin which call Reflector to browse selected assembly
ILMerge: plugin which call ilmerge to merge selected assemblies
Edit File: plugin which call your editor to view selected assembly
Plugin Sample: plugin sample

Copy Info: copy information of selected assemblies to clipboard
Open Folder: open container folder
Delete File: delete selected file(s)

Requirements:
.Net Framework 4.0 or upper
.Net Framework 4.0 SDK or upper

Installation:
1. Install .Net Framework 4.0 or upper
2. Install .Net Framework 4.0 SDK or uppder
3. Extract to any directory

Usage:
1. Click Click Click …
2. Select one or many …
3. Double Click or Right Click ….

This is hompage of that tool:

https://sites.google.com/site/simpledotnet/simple-assembly-explorer

Screenshot:

It also be able to use decompile engine of .NET Reflector or ILSpy to show the higher level programming codes (C#,VB.NET) but primary is IL, which is a bit harder for beginner. But it’s not a big issue

Download link (Official Direct link):

DOWNLOAD v1.14.4 for 64bit system
DOWNLOAD v1.14.4 for 32 bit system

Enjoy and best regard,
Levis

Detect It Easy (DiE) reached version 0.79 with Linux and MacOS Supports

Hello all mates,

Detect it Easy (aka DiE) is a packer indentifier like PEiD or exeinfoPE. Good sign is, now it supports Windows, Linux and MacOS.

Here is the picture captured from my running Linux:

DiE in Linux

Working smoothly and many more features are waiting for you to discover.
Sorry I’m testing it so i can not write a review article now, hope that i can write soon :).

For more Information and downlaod link, please go here:

Goto DiE’s Official Website

Enjoy and Best Regards,
Levis

FileInsight – A free tool from McAfee for Malware Analysis

FileInsight is a free hex editor from McAfee Labs that runs on Microsoft Windows. As expected, it can perform standard hex editor duties, such as viewing and editing file contents in a hex form, but it also does more than that.

FileInsight is able to parse the structure of compiled Windows executables (PE files) and binary Microsoft Office (OLE) documents.Furthermore, the tool has a built-in x86 disassembler: simply point the cursor at the area of the file you want to treat as code, and the tools will show you the corresponding assembly instructions. The disassembler is especially helpful when looking at shellcode embedded in malicious files.

FileInsightincludes numerous other analyst-friendly features, such as the ability to import data structure declarations, HTML syntax highlighting, and tools for decoding various data obfuscation methods (xor, add, shift, Base64, etc.).FileInsight also allows you to automate actions using JavaScript and Python. Nick Harbour wrote several Python plugins for FileInsight, which you candownload from his website.

The tool’s biggest weakness is, perhaps, its inability to open very large files. For instance, when attempting to load a 512MB file, FileInsight produced a “Failed to open document” error. Also, FileInsight does not support searching for Unicode-encoded strings that look like ASCII strings.

Image Fileinsight running on my machine:

Download Direct Link (McAfee server)

JustDecompile – A Great free decompiler for .NET Program

Hello all mates,

This is another tool to help you Decompile .NET assembly ( same as .NET Reflector, but it’s free), named JustDecompile. It’s developed by Telerik (A commercial Company), so it’s well developed and very stable. This tool is not new, but I think this is a good replacement of .NET Reflector. Just download, install it and enjoy! 🙂

Let’s see what Softpedia said:

JustDecompile description
Decompile your applications with ease

JustDecompile is a productivity tool for developers designed to enable easy .NET assembly decompiling and browsing.

JustDecompile builds on years of experience in code analysis and development productivity originally created for JustCode, Telerik’s Visual Studio productivity add-in. JustDecompile lets you effortlessly explore and analyze compiled .NET assemblies, decompiling code with the simple click of a button.
Here are some key features of “JustDecompile”:

Innovative Code Navigation and Analysis:
Telerik JustDecompile offers the industry’s leading code search and navigation features enabling you to quickly locate and navigate to different parts of your code. All loaded assemblies can be effortlessly browsed by type, method or member, results appear on-the-fly as you type and can be navigated effortlessly. JustDecompile also benefits from one-click load of all system libraries for each framework and trim. Developers can also create their own custom assembly lists and load them at the click of a button.
Side-by-side Assembly Loading:
Telerik’s stand-alone free decompiling tool allows the concurrent load of a broad range of .NET framework version systems (1.1, 2.0….4.0, Silverlight and Compact Framework). This capability enables references to be resolved correctly, results in the seamless navigation through any given framework version system library, and eliminates the need for jumping across version boundaries.
Better Decompiling Accuracy:
Not all decompiling is created equal. JustDecompile goes beyond existing decompiling tools by better decompiling language features like lambda expressions, generics, yield statements, and auto-generated properties. Decompiling speed and accuracy will continue to improve during the BETA.
Powerful Free Tool by a Leading Commercial Vendor:
Unlike Open Source alternatives, Telerik JustDecompile benefits from a dedicated development team, which is focused on continuously improving the product in line with your feedback. Telerik is recognized as one of the leading providers of .NET development tools and JustDecompile will benefit from our years of experience in the field.
Auto-updating and Regular Updates:
JustDecompile is evolving quickly. Thankfully, from day one JustDecompile ships with built-in support for auto-updating when new versions are available. JustDecompile will be updated frequently during the BETA, and will receive 3 major updates per year. Stop settling for stale tools, and always work with JustDecompile, a decompiling tool that is evolving and has the latest and greatest features.
Professional Support:
Getting started and resolving any issues that you might face is easy with Telerik’s Forums. In addition to tips and tricks by one of the largest and most passionate .NET communities out there, you will benefit from professional support by the very same developers who created JustDecompile. They frequent the forums to ensure no question is left unanswered and no issue left unaddressed.

What’s New in This Release: [ read full changelog ]

New:
The fastest decompilation among all .NET decompilers
Plugin manager
Ability to load x86/x64 .net framework assemblies

Click to see full image

Download link:

Download from Softpedia

Enjoy Reversing and Best Regards,

Levis

[.NET] Create offset Patcher in C#

Hello all mates,

This is source code of a offset patcher i created in C# to show you the way to apply the patch, and save patched file to disk. Just grab and read the code (i commented on every line of code). Hope it will be useful for you

Link download (offset patcher + source code + target (a small crackme created by me)):

DOWNLOAD LINK UPPIT

Looking for another code? See this:

Source code for an offset patcher in Delphi

Enjoy and best regards,

Levis

Tutorial Creating a Loader(?) for .NET Program

Hello all mates,

This is my lastest tutorial about .NET Reversing. Just for fun only. Feel free to read it :).
In this tutorial we will discuss about .NET Reversing and how to make loader(?) using C# for a small crackme which is created by me.

Link download (crackme + tutorial in PDF + loader + sourcecode + additional tool):

http://up.ht/J2TK6N

Enjoy and best regards,

Levis

[VB.NET] Simple FIle Compare

Hello all mates,

This is a small example application i created in VB.NET, to compare between 2 file and show different byte(s) and also its offset. Then result will be exported to Visual Basic Module format.

Link download (source code included:

http://up.ht/1ay3f3d

Hope this code will be useful for you.
p/s: you may need to use SharpDevelop to browse the code

Tutorial Making an unpacker for ExePack.NET using VB.NET

Hello all mates,
This is my new tutorial about .NET Reversing.
In this tutorial i will show you how to analyse a file packed by ExePack.NET and making unpacker for it using VB.NET
The tutorial is very simple, so feell free to read it

Link download (tutorial in PDF + target + Unpacker + Unpacker source code in VB.NET):
Update Nov 9: Link fixed!

Quote

Download (Uppit Link)

Enjoys and Best Regards,
Levis

Silence’s Collected Serial-Fishing tutorials

Hello all mates,
This is another package of my friends – also a REPT’s member – Silence.
There are many serial- fishing tutorial in this package.
See this pic:
Silence serialfishing
And here is the link to download all the package (3 parts with total size is 526.3MB)

UPDATE: DOWNLOAD LINKS ARE FIXED (THANKS TO JJHACKER):

Part1: http://www.mediafire.com/download/63m14mp5snsy5rz/Collected.Patching_Tutorials.part1.rar

Part2: http://www.mediafire.com/download/opxyq5fn3lasi1f/Collected.Patching_Tutorials.part2.rar

Part3: http://www.mediafire.com/download/1deup9u0jp73190/Collected.Patching_Tutorials.part3.rar

Levis/REPT

And if you prefer, let’s visit us at : http://team-rept.com

Silence’s Collected Patching Tutorials

Hello all mates,
Today i would like to introduce to you – my dear visitors – a great package of patching tutorial created by my Teammate, Silence.
Just look at this picture:
silence patching tour
All tutorial are included in that package. He made the big goal, this release is really great! 😀
UPDATE
Download links fixed (Thanks for JJHACKER):