All Activity

here are the files/folders of 'Zero2Automated revteam.rar'

can someone upload ways (tut )how bypassing Antidebug and bypass HWID and PASSWORD ?

rc4 key: 90 F9 D3 63 DA C2 CF 42 51 46 95 2E A2 FE B1 EB 13 97 31 D7 15 70 29 C6 7A 24 62 DF F8 26 8B E1 17 A1 6A B8 4F 57 79 AC 09 48 0E 67 ED A8 53 AD F4 99 5D 6D 1A 12 8D 94 44 B4 28 E3 98 76 89 59 0B 65 2B 56 7E 1C 21 54 71 A6 9A BA AE 0A 16 A0 11 B9 10 40 C5 FD 5A CE 2D 75 81 B7 1F 33 83 85 52 E7 05 2F 38 B5 0D 3F 7C 82 E0 03 D4 E2 1E EE 80 6E 64 5F 60 77 AB 8A C1 4A 72 F5 49 D6 E5 9C DD 87 B0 3D F7 0C EC 9B 06 00 92 F6 41 D2 7B 4E 5B 25 BC E6 9E C8 C3 02 A7 3B 47 6B 30 BD 3A EF D0 8E 1D B2 18 5E 23 8F A9 36 E4 D8 2C 86 5C AF E8 22 73 CC 7F 69 AA D9 4C 6F 4D 01 39 19 C9 50 14 66 2A 3C CD 58 27 61 FA F3 88 BE E9 08 0F EA 7D 91 DE 1B 55 04 DC 07 F2 9F 84 32 35 4B FC 9D 43 D5 BB B3 DB 96 C0 CB FB BF 78 6C F0 F1 C7 CA 3E A4 74 A5 37 A3 FF 45 20 8C B6 D1 34 93 68 C4 anti-hijacking won't work by adding a new my section and a new import but I won't upload it for you to study sry...

add AntiPatchHWID,Antidebug ,Antidllhijack.

here not new only add one debug flag that is all rsa: 020C7E3711BE6AD946F2864D4EF9CA003990CDBYBH39R6GRSEEGCZPNR3L98HAXWLR2Z6QH4ZSX9EMG6RMRC7NZEU9DBYS73STWU9AFT9H2LJ6BFD73WLHNL6B853DMNXNQF7Q8GTTXZREA7LXDCACBZMC7SSWBNJXXEWB3VFLV9HLMCLEFVT24SRW8G53GPTLD9HCHPRZHPSE5TMSFDLX8TPG3GWWG2UEPQ23T9BWJS7MPUE40CDJWP7ER9QD7MQN67F66XZDS46WZ64QN5FQCL6XMFYNCU4XTHUXTVPEN5T3MWPL5E4FKLVTMTWPZ946ASGRTDGBRGDMFQ8M46CC2U33GYT764W4S6WNNCL55ME6MXGTMZXYUKN6J4JXCUJJYC69RJBZPVHQXAHYJPAY8NAWVG2GFZZ6K6FJ23EQB4GELVCZLE5M5VBRMGDMH82D0CDLWCEBAX3QVN4WBANJPQM5T9L95ELR5NDFU8B3VFA8P57M8VY7PBEMVP73TD8RYVG7ULLSZZ45CRTPJDXF6GYE44HGRW7AGZ3XSKFXJZTP2S78RUUQAX9F5R5KN2EGJYWAEXHL47P94GPNT3LF3H638LWUPF4LTLP2SG72NLGKNKEVSKXR97XZKQFMZJWBHPV67BLLC32U4LU7

The Enigma Protector_7.7 Protection End Version.The final version has been released, and I will not update it for a long time thereafter. Welcome to complete the challenge. https://workupload.com/file/fNbFuNZgSKG The Enigma Protector_7.7 Protection End Version.rar

I use AntiPatchHWID, ordinary users even if they find the real machine code, should not be able to PatchHWID. Of course, meet such a master like you, a different matter, no one can stop your footsteps.

Yes, this is very interesting. Hello, Sir. It seems I can't hold you back. The public key is not found in the original program. Mr. Azufo used a special technique to pull it off.

I find this in the app but how to use this in keygen? I have app to challenge yuo if yuo want check it.

This is not true, very easy to find constant encription and yea here again find easy for create keygen but no need this... RSA:0207D41FA1B8B9F272E46844B2BDC07A40019ADLTLFZ4LLGSS3QNUMVWGSR3J4KR8J8C3N2V78RYYGWMBXKTZZXL6JG5N5D7U8VBKGV8ZRPV2UY7CY48LEVUKAXHSYFRXZMLW438RQBGAZ4RTKUD48ENL88MJNM57N7NJ4T679DSVTK9SESH886DJF5VR925RPZR6NEUY2PRYZYSQ5FX3NJ8ZRQ6XA9S3PRN2FBEZ7CGZKQ6SA2JUZBW5HX63DQWH642CFDN397THZUCZFHVTMT326TSBEXRSH2KY3BQSZQGDTB847Z3HHCTEL3P4EBG8VSU8PQC2BKQUDHJU2GKSNCXRLJFXCUJX73WDPGTPHZAR9QDAWKYRKRLS879H8AQE35L8KWDVXVAJXJZX5E4JHL6NGQQ8DFR7BJFVR568ZQKJA84PCPS2A6KRKJF8U319AEC55ZUV4NTGZ4J5D8ZNCNNWDL2GV7H4Y6VYVTZ5HN63SK7XVSUV3PGKATY35UYVYHRRYC5XPWNJKMLVFZU3S3JFKV7BY5S2MQ2M7TZSWH88SPMUD7DF49LGCQF3X7LCDSJEZ34AD2AC9YUHJVPGY9SY4ZZ3KMXHFT8YRB8DFXTC65VUSM5TM37P7JCQ874LUWXMNMK7MMEKFKSEEH99GAMFE2FMSQVL5QJ6NUCT6LU2YHH99EG9NN6HJ4W6E4FR7GM3F8VU2QSEHB6TURG59LFRYXMQLSMTPUP6KYHHWRMT56C7PSV6WLG2PGTGYYWYACQ5WGVKYCL95KFMSKRGHXQSH467ZW9B4KL4BDSVCB4GACRR4M8NG96ZMF4YJLK9QN3EPXC2V3VH36N3CQN2XPCDPFS19AEZ4TKPQ8E6LWE3UVVSD9BXLVLTNDDKV7HB5DMPRMXSRZM29KZ2XMJR2J9WV3UR2EJ76SCJ5GYE48R78FJC4K8QTU6BTRS4848ZKSZEQWNJSCSSSMNH6JUE5E7SBVE7GFVTLWPDL6ZGBE36NKYB6ANR9DYL3ENGQHQH96Q8KGXRHZR539BCYQ4MXAEXPVWSKW52QSLCVEBTZR2AQDUHWN3UM6FUYK9DMQSNSH299MN9LBZYTJ3GKA2DTMSV76VW8KD9F2SXKLMER7Q5NR8GPYBPRBVT7KKKCKJNLR4BMD47WBHJZUT7DNQ7SJG5FJJSAU8Q5WW44LZ6ENWMZ3S6BJGNG3RCLQV6R6X8LT972EG2X7S9PVF7XUP5VJPVE98WFP3G6LDQVG8Y4RVEMBP5QNR63HC3

U use again some cheap trick heree but , u know result ..... Keep in mind that I cracked the latest dongles Guardant,Senselock and etc. this will that stop me? name: Mr.Leng key:B4HMR2CA76ACVESM2CL7A7X355RQ63RLGYYVW5VYEV48FWGJ8DZRJ44C78SFN3FF9PPF6UBUERAKCJUY9YJXGT3DXB9JX78A39YLBHUFUDGT @lengyue real hwid is here other vmp instruction u are add here on this target are bullshit rva:451904 Enigma shutdown.rar

Is the "Zero2Automated RevTeam" course folder complete? I couldn't find any chapters beyond Chapter 4. Thanks for sharing

Good target , Used custom plugin ?

I took the time to do another example to enhance it a bit. If you are free and interested, you can test the strength. https://workupload.com/file/KLCrS6REwxR

Anyone have a copy of this article? It need to sign up first. Thank you

@TRISTAN Pro Can you please upload your script in here? Regards. sean.

It's the same as old just use my script everything will work but need fix the target after unpacked. @Sean Park - Lovejoy check in this forum.

@boot Do we have to unwrap wrapped apis one by one manually? Regards. sean.

g++ compiler somehow hate winlicense sdk...

Can you upload a sample that locked HWID?

TitanHide doesn't work from version 3.9.1 without debugger detect !

How Is WinAPI Emulation Different from Themida’s Advanced API Wrapping? While both techniques protect API calls, they operate differently: Feature WinAPI Emulation (Enigma) Advanced API Wrapping (Themida) Method Replaces API calls with emulated versions Adds a wrapper layer around API calls Behavior Emulates API logic internally Calls the real API through an obfuscated wrapper Focus Protects execution by hiding actual APIs Focuses on obfuscating API invocation and flow Complexity May not use the real API at all Always eventually calls the real API Differences Between WinAPI Redirect and WinAPI Emulation Feature WinAPI Redirect WinAPI Emulation Core Function Redirects API calls to custom or protected logic Fully replaces API calls with an internal implementation Interaction with Real API Often forwards calls to the real API (after processing) May not interact with the real API at all Customization Allows developers to define specific behaviors Behaves more like a controlled "sandbox" for API calls Primary Use Case Controlling or filtering API behavior Obfuscating or hiding API logic Regards. sean.

@boot How to unwrap wrapped apis? Regards. sean.

Themida’s Advanced API Wrapping doesn’t mean using different APIs to make a call but rather involves wrapping and obfuscating existing API calls to make them more difficult to analyze, intercept, or manipulate by attackers. Here's a detailed explanation: What Happens with Advanced API Wrapping? Interception and Wrapping: Themida intercepts standard API calls made by your program (e.g., calls to Windows APIs or libraries) and replaces them with custom “wrapped” versions. These wrapped versions act as intermediaries between the application and the actual API. Obfuscation of Parameters and Flow: Parameters passed to the API can be encoded, encrypted, or altered by the wrapper. The wrapper logic itself is obfuscated, making it difficult for an attacker to understand how the API call is being processed or what arguments are being passed. Redirection and Layering: Calls may be redirected through additional layers of code or custom logic before reaching the actual API. These layers might perform security checks (e.g., anti-debugging, anti-tamper) or simply add noise to confuse reverse engineers. Dynamic Behavior: The wrapper might dynamically adjust how it interacts with the API based on runtime conditions, making static analysis tools ineffective. For example, some wrapped API calls may only function correctly in a valid execution environment, preventing sandboxed analysis. What This Means for API Calls Obfuscation: While the actual API (e.g., CreateFile or ReadProcessMemory) remains the same, the way it is invoked appears obfuscated due to the added wrapper logic. Attackers analyzing the program won't see straightforward API calls. Instead, they'll encounter a chain of custom function calls or complex operations obscuring the original API call. Security Checks: The wrapper might add security checks (e.g., validating the environment) before deciding whether to allow the API call to proceed. Anti-Hooking: By wrapping API calls, Themida makes it harder for attackers to use hooking techniques to monitor or modify API calls, as they can't directly intercept the standard APIs. What Advanced API Wrapping Does NOT Mean Using Different APIs: It doesn't replace one API with another (e.g., using OpenFile instead of CreateFile); rather, it modifies how the original API call is invoked and processed. Changing API Functionality: The underlying functionality of the API remains the same; the changes are in how the application interacts with it. Example (Simplified) Consider a program that calls CreateFile. Without Themida, it might look like this in pseudo-code: c Copy code HANDLE fileHandle = CreateFile("example.txt", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); With Themida's API Wrapping, this might become: c Copy code HANDLE fileHandle = Wrapped_API_XYZ_123("encoded_example.txt", obfuscated_flags, security_token); Obfuscated Call: Instead of calling CreateFile directly, it goes through Wrapped_API_XYZ_123, which contains complex and obfuscated logic. Encoded/Encrypted Parameters: The string "example.txt" and other arguments might be encoded or encrypted before being passed to the wrapper. Decryption at Runtime: The wrapper decrypts and processes the parameters, performs additional security checks, and then calls CreateFile internally. Why Use This Technique? To protect sensitive functionality from being understood or manipulated. To make reverse engineering harder by complicating the flow of API calls. To deter common hacking methods like API hooking, parameter sniffing, or call redirection. In summary, Advanced API Wrapping modifies and obfuscates how API calls are made without fundamentally changing the APIs themselves. Best Regards. sean.