Gumoz's Blog

The Gumoz's Blog

reflect and unpack, the use of .net reflector and some unpacking techniques

leave a comment »

I usually need to reverse engineer some stuff so I can learn the inner workings of software and hardware, there is a tool that I use when I need to check some source code from a .net binary (executables or dlls) that is called: .net reflector, this tools is super cool and useful because you can with a simple click check the source code of a compiled binary.

As you can see from the picture, it lets you open .net binaries and see the source code, it even allows you to see the comments, haha.

Well this is not enough because some people rely on packaging their software so that it gets encrypted inside a packing file which decrypts it on the fly to the memory when executing. Well, packaging is lame so when we need to reflect the source code of a packed software we will first unpack it (hahaha its easy), first you’ll need to identify the packaging, it depends on the platform the software is meant to execute for the packaging method or software used, so for example for a windows software we will use a PE Identifier like PEiD.

 

So after you identify the Packager you can use an unpacker software according to the packed binary. For example, I use .net unpack, a software so easy to use that opening a packed software is just as easy as making an infinite loop.

Well, the exact instructions are not provided here because you will use it for evil instead of good, unless you are me of curse (I use it to test our own software ability to stop reverse engineering efforts because PEMEX regulations tell us that our software should not be reverse engineer-able (I know, thats impossible).

 

Advertisements

Written by gumoz

December 19, 2010 at 1:06 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: