introduction:

hello everyone, i have decided to release some .net cracking tutorials for those of you who are willing to learn. i will be releasing them over a period of time, however i will try to get as many out as possible soon for all you keen learners! this is the start of those tutorials, and contains all the tools i will be using throughout the series of tutorials. some of these tools will be specifically for .net use only, whereas others will work for other languages. i will give information indicating which ones are .net specific.

tools:

identifiers:
these are tools which are used to find what obfuscation or packer an application is using, if they are indeed using one. it is very important to keep these tools up-to-date as if they are outdated, they could give the impression an application isn't protected when in fact it is.

protectionid: (all applications)

download: http://pid.gamecopyworld.com/
screenshot:


dnid: (all applications)

download: http://uppit.com/1meyqi7xj540/dnid.rar
screenshot:


peid: (all applications)

download: http://www.peid.info/
screenshot:




dissassemblers/reflectors:
.net reflector: (.net specific)

one of the best and most needed tools used while cracking .net applications. this tool can help you to view almost the original source code of every application written in .net, this can help you gain a lot of knowledge by just simply looking at how the application you are trying to crack works. although this used to be free software, it has recently gone commercial and now requires you too purchase the application.

download: http://www.reflector.net/
screenshot:


simple assembly explorer/sae: (.net specific)

another must have application if you are planning on cracking any .net applications. it allows you to view the il code of any .net application as well as modify it on the run, this will be the tool we are using the most as this is where the actual 'cracking' happens. this can also be used with reflector and ilspy once you have both of those installed.

download: http://code.google.com/p/simple-assembly...loads/list
screenshot:


ilspy: (.net specific)

when .net relfector announced it was becomming commercial this tools development was announced as the replacement for it. although it won't be used so much in my cracking tutorials, it is a good tool to have in the collection.

download:http://wiki.sharpdevelop.net/ilspy.ashx
screenshot:




deobfuscators/unpackers:


occasionally applications will be protected in order to make cracking or reverse engineering them harder. the difference between an obfuscator and a packer is that an obfuscator will encrypt the applicaiton, and then decrypt it at runtime where as a packer will shrink (or compress) the application and then decompress it at runtime.

de4dot: (.net specific)

this incredible little tool will allow you to remove almost all current obfuscation with a simple drag and drop. although more complex obfuscators will require manual deobfuscation but we shall cover this in a later tutorial.

download: https://github.com/0xd4d/de4dot
screenshot:


qunpack: (.net specific)

a tool similar to de4dot but instead of being a universal deobfuscator, this is a universal unpacker. it supports most current packing software, as well as various other tools such as an oep(original entry point) finder.

download: http://qunpack.ahteam.org/
screenshot:





dumpers:


as mentioned above, often applications can be decrypted or decompressed at runtime. dumpers allow you to dump and application from a process. for example, you could locate the exact moment an application is decompressed and then dump from that moment, therefore the dumped application will be a decompressed (unpacked) application.

dotnetdumper: (.net specific)

a useful tool for dumping .net applications from a process. this application is fairly hard to find on the internet so i have decided to upload it myself.

download: http://uppit.com/9zus0uzpcvt6/dotnetdumper.rar
screenshot:


kurapica dotnet dumper: (.net specific)

this is an application similar to the one above, but instead of dumping the actual application, it will dump all dll's being accessed and used.

download: http://uppit.com/ill9qy8pvw9h/kdd.rar
screenshot:


jitdumper: (.net specific)

an alternative for if dotnetdumper does not work, or you just fancy something different. this application was created by the same guy that created confuser obfuscator for .net.

download: http://uppit.com/52ucudp6j51l/jitdumper.rar
screenshot:


.net unpack: (.net specific)

an alternative to kurapica dotnet dumper, dumps all dll's that are used while running the application.

download: http://www.ntcore.com/netunpack.php
screenshot:




reconstructors:


often when you dump an application or dll, it can become corrupted in the process. these tools are used to clean up the dump in order to get them working again.

imprec: (all applications)

download: http://woodmann.com/collaborative/tools/...php/imprec
screenshot:


chimprec: (all applications)

download: http://www.woodmann.com/collaborative/to...p/chimprec
screenshot:


lordpe: (all applications)

download: http://www.woodmann.com/collaborative/to...php/lordpe
screenshot:




other:


wpe pro: (all applications)

this is a packet sniffer that allows you target tools and access as well as modify all incoming and outgoing packets.

download: http://wpepro.net/
screenshot:
https://i.imgur.com/brblc.jpg (max image limit reached).

cff explorer: (all applications)

a complex pe explorer allowing you to view entrypoints, as well as different sections such as .data / .text. used for manual unpacking/deobfuscation amongst other things.

download: http://www.ntcore.com/exsuite.php
screenshot:
https://i.imgur.com/ejpqz.jpg (max image limit reached).

cracker's tool: (n/a)

this little tool, allows you to convert between ascii, hexadecimal, binary and decimal. although not used as much while cracking .net applications, it is extremely useful when cracking native applications.

download: http://uppit.com/2lhassd3xir5/crackerstool.rar
screenshot:
https://i.imgur.com/8nwha.jpg (max image limit reached).