Reverse Engineering b10g | REM

Rebel.NET is a rebuilding tool for .NET assemblies which is capable of adding and replacing methods and streams.

It’s possible to replace only a limited number of methods or every method contained in a .NET assembly. The simplicity of Rebel.NET consists in the replacing process: one can choose what to replace. For instance, one may choose to replace only the method code, instead of its signature or method header.

The interface of Rebel.NET is quite a simple one. As input it requires a .NET assembly to be rebuilded and a Rebel.NET rebuilding file. The Rebel.NET file contains the data that has to be replaced in the original assembly.

Rebel.NET can also create a Rebel.NET file from a given assembly. This is a key functionality, since some times the data of the original assembly has to be processed first to produce a Rebel.NET file for the rebuilding of the assembly. This sort of “report” feature can also be used to analyze the methods of an assembly, since reading the original data from a .NET assembly isn’t as easy as reading a Rebel.NET file. It’s possible to choose what should be contained in the Rebel.NET file.

All the Rebel.NET features can used through command line, which comes very handy when an automated rebuilding process is needed.

Rebel.NET is, mainly, a very solid base to overcome every .NET protection and to re-create a fully decompilable .NET assembly. As such, Rebel.NET has to be considered a research project, not an encouragement to violate licensing terms.

The idea of this tool is to achieve two objects:

1 – It will dump the body of every Method (Function, Procedure) called by the executable assembly you select, The dumping occurs whenever compiler enters that method, for example if you Click some button and this button calls method “CheckLicense” then you will find a file named “CheckLicense.txt” in the “\Dump” folder.

2 – It will show you in details the methods being called and also the modules that your application loads so it could be used as a simple tracing utility for .net assemblies.

I wrote this tool to help me rebuild assemblies protected with JIT hooking technique, those assemblies can’t be explored in Reflector because their methods’ body is encrypted and only decrypted in runtime when the method is called so you will see no code in reflector, I assumed that I will have access to the encrypted MSIL code of the methods using Profiling APIs, there was a 50% chance of success but it turned out to be only useful against certain protections like the one that LibX coded which depends on System.Reflection.Emit.DynamicMethod to excute protected methods.

you can find more on LibX protection here
hxxp://www.reteam.org/board/showthread.php?t=799

———————————————-
What’s NEW ?

1- fixed a major bug that could cause an overflow while dealing with huge functions
2- The “Log loading modules” has been fixed and can be disabled now to increase speed.

———————————————-
To do :

In next release I will add the ability to dump native compiled code of MSIL functions on the fly. I hope it’s worth the effort

http://portal.b-at-s.info/download.php?view.36

Red Gate has recently acquired .NET Reflector. We will continue to maintain a free version for the benefit of the community. For more information on the deal, please see the interview on Simple-Talk.

Over the next few months we will be exploring ways we can make Reflector even more useful to .NET Developers. We always welcome feedback from the community so, if you have any ideas, please post them on the Reflector forum.

http://www.red-gate.com/products/reflector/

DotF***Scator is a reversing engineering tool used to remove string
encryptionfrom dotfuscator protected files

If the original file was strong name signed DotFuckScator will create a new keypair
and re-sign the file with this pair, be carefull since file depending on this file will
need to be edited manualy to support the new strong name signature.
You can use RE-Sign for this and the editor of your choice

Also if you like the file re-signed with a specific key place your key in the same
folder as the file you are about to process and rename it to DotFuckScator.snk
now DotFuckScator will use this key for the re-sign process.

http://letitbit.net/download/2fdcf5959159/tf35.zip.html

.NET Reflector – metadata browser for .NET Framework 2.0
Supported OS: Windows 2000/2003/XP/Vista
Requirements: Microsoft .NET Framework Version 2.0

* Assembly groups;
* Separated lists for assemblies, namespaces and types; four link modes:
* o by assemblies
* o by assemblies and namespaces;
* o by namespaces;
* o by types;
* Building type inheritance tree, type nesting tree and type construction tree;
* Building namespaces tree;
* Filtering types by name, visibility, type kind, etc.;
* Detailed information:
* o assemblies (common info, namespaces, attributes);
* o namespaces;
* o types (common info, inheritance, derived types, nested types, interface implementation, generic info, constructed types, members, TypeAttributes property, attributes);
* o public keys (common info, assemblies);
* Type inheritance tree with type members ;
* Printing data with print preview (new)

Http://rapidshare.com/files/121394970/DotNET_Reflector_v2.01.04.rar

IntelliLock is an advanced 100% managed solution for licensing controls
and applications. While .NET Reactor offers a licensing system based on native
code protection, IntelliLock opts a 100% managed way to apply licensing and
protection features. This way single files can be produced without the need of
additional files.

Its flexible managed concept allows you full licensing integration into any existing
system. IntelliLock supports the .NET Framework 1.1, 2.0, 3.0 and 3.5. There is
also a comprehensive support for the Compact Framework 2.0 and 3.5. IntelliLock
combines strong license security, highly adaptable licensing functionality/schema
with reliable assembly protection. Its protection capabilities meet the needs you
demand on a secure licensing system.

Features:
Create trial versions of your software
Easily turn your trial version into a fully licensed version
using license files
Custom locks - Implement custom trial limitations
Comprehensive license management
License Tracker to track license generations/requests
Lock license files to specific assembly attributes
Read license files from embedded resource in assemblies
Validate/Activate license files via your own License Server
Software development kit
Military-Grade strong license encryption
Visual Studio 2005/2008 integration via Add-In
Assembly merging/packing functionality
Reliable Assembly Protection
Full 64bit assembly support
Ability to lock/unlock/protect your assemblies without
adding one single line of code
Command Line support
Intuitive GUI (Graphical User Interface)
100% managed solution
More Features

- [+] Added Mono protection support
- [+] Improved Performance
- [+] Improved Obfuscation
- [+] Improved memory consumption
- [+] Improved VS Add-in behavior
- [+] Improved anti tampering techniques
- [!]Fixed control flow obfuscation issue
- [!]Fixed VS Add-in issue
- [!]Fixed issue with ASP.NET website creation
- [!]Fixed major & minor bugs

http://www.eziriz.com/downloads/intellilock_setup.exe

A tool that dumps the MSIL code of every method that your .net application calls, and it also logs whenever a module is loaded by your .net application.

http://letitbit.net/download/814815298314/KDD.rar.html

This is a simple tool that has a similar functionality to RegMon or FileMon but it’s designed to trace events in .NET assemblies in runtime, many events can be reported so you can understand what’s going on in the background.

1- Select the assembly you want to analyze
2- Set the Events Mask, i.e Events you want to catch
3- Click “Start”

What’s NEW ?

1- Enhanced scrolling in Events listview using mouse wheel
2- Ability to save events log to (*.log) files for later analysis
3- Every event has a special icon so that you can understand the list more easily
4- Removed skin to reduce flickering and enhance performance

I hope it’s useful.

http://letitbit.net/download/602a1c384125/KDT03.rar.html

Download

Multi-Platform Setup: http://www.ntcore.com/Files/ExplorerSuite.exe

2008-03-04

Download

http://www.aisto.com/roeder/dotnet/Download.aspx?File=Reflector

Have you ever wished you could explore the behavior of a component or some code without having to write any code? To watch events occur on any object and examine the history of events? To quickly try something and see how it affects the component? To look at the visual behavior of a component as you adjust not only its properties, but execute its methods? If so the .NET Component Inspector is the tool you have been seeking.

The Component Inspector allows you to:

open any .NET assembly (executable or library), any number of which can be opened at once;
trace events on any object by simple one click event registration either on all events for an object or selected events;
create any object from a class in the opened assemblies using drag/drop;
create Controls on the design surface, move, resize or embed them in other Controls;
search for types or object content.
use the same set of Control objects both in design mode and normal running mode and go back and forth between the two with a single click;
examine or alter any field or property in the created objects, regardless of visibility;
execute any method on the created objects, regardless of visibility;
quickly examine and manipulate objects in common collections (IList, IDictionary) without concern of the implementation details of the collections. For example, you can cut/copy/paste objects to/from lists;
directly execute an application, class, or Control without writing any code; and
explore the contents of assemblies and the Global Assembly Cache (GAC).

http://oaklandsoftware.com/download_inspectors.html

for dotNet

http://letitbit.net/download/608376380901/Phoenix-Protector-1.1.0.1.rar.html

NetDasm – A tool for disassemble and patch .Net assemblies

link:

http://www.codeproject.com/useritems/NetDasm.asp

.NET Reactor is a powerful .NET code protection & license system which assists developers in protecting their .NET software. Developers are able to protect their software in a safe and simple way now. This way developers can focus more on development than on worrying how to protect their intellectual property.

In contrast to obfuscators .NET Reactor completely stops any decompiling by mixing any pure .NET assembly (written in C#, VB.NET, Delphi.NET, J#, MSIL…) with native machine code. In detail, .NET Reactor builds a native wall between potential hackers and your .NET code. The result is a standard Windows based, not MSIL compatible, file. The original .NET code remains intact, well protected by native code and invisible for prying eyes. The original .NET code is not copied on harddisk at any time. There is no tool which is able to decompile .NET Reactor protected assemblies.

Product  .NET Reactor 
Version  3.2.4.6 
Date  23.06.2007 
Type  Demo/NagScreen 
Size   6.5 MB  

http://www.eziriz.com/downloads/dotnet_reactor_setup.exe

RE-Sign is a tool to help u re-sign .NET assemblys with your own StrongName key,
and no need todo any manual patching anymore and no need to have sn.exe installed
If u don’t have a StrongName keypair file u do need sn.exe to generate one,
but i will include a keypair file generator in the next version.
Author: LibX
The Reverse Engineering Team
link:
http://www.reteam.org/tools/tf31.zip
or
http://rapidshare.com/files/47465642/tf31.zip