Jump to content
Tuts 4 You

Challenge 4 / At4re


Mouradpr

Recommended Posts

  • 2 weeks later...
  • 3 weeks later...
  • 2 weeks later...

I Found OEP + IAT but i dunno why my dump isn't good is gets sections from inside the protection "inside Dj-Siba" section

for now i'am busy with studing so i can't challenge it + i have two challenges already :huh: it's the third i got and easy to get it but until i get a workign dump just wait if any wants to know oep it's at RVA: D148 or you can use D172 check them to know why you can use both :D !!

Cheers To All

Link to comment
I Found OEP + IAT but i dunno why my dump isn't good is gets sections from inside the protection "inside Dj-Siba" section

dump it raw with IsDebuggerpresent plugin and set rvo = rva in sections, no prob.

Link to comment

how to defeating AntiDebug... ?

when i try to goto OEP my olly just close without permission...

and what is this protector ?

<_<

Link to comment

TLS CallBack idea might help you Apakekdah :D

if you have ever tried unpackign ExeCryptor you'll get the trick fastly as a first step !!

@ Zako

Lol i don't use that plugin at all bro' :D but i'll try dumping with usuall tools when i'am free it's damn easy to get OEP and info

the only thing left for me is having the Dump and Fixing Voila "shoudl work lol"..........!!

SPlayer 0.08 i think it's by Jibz or something ?!

why are you laughing Mourad :lol:

@Edit

just when i replayed here i got an idea for using PE Tools ;) works fine now lol UnPacked the file is attached for any one who wants to screw around with it and get his serial without unpacking it hope you enjoy................

Cheers To All

UnPacked.rar

Edited by Angel-55
Link to comment
get a valid serial for your name.... B)

tres facile to unpack this chalenge

Very easy to unpack yes but the use of a relatively unknown protector in your challenge suggests intentionally trying to make it more difficult, else why not upx?.

Link to comment

@Angel-55

thx for great info... :wub:

@Mouradpr

what protector that you're using friend ?

and where you've download it ?

thx

Edited by Apakekdah
Link to comment

add this with hex workshop or other hex editor

MZ@.....................@...................................@...PE..L...EJ.E...............C..........................@..................................................................................................................................................................................................dj-siba............................ ...................................................................................................................................................................6...........(...N.......................KERNEL32.DLL..f...x...................f...x.....................GetProcAddress....LoadLibraryA....UnmapViewOfFile...VirtualAlloc....VirtualFree.U..........................4.......a.11....1).=................=@......-..@...s^...@..v<.N4.VP.<..-.....................j@h.0..VW..Z.@...t..E....@......t.......i.@..}..-......e.U..........[..V...V.v<.N4.VP..RQ......M...^V.JT.............J..u.PQ......u............h....j...%....P.J(.M.Q..N...U..`.U..U.R.z..2..tN..u....M......B....8.u.@..P..F........t ....s.%.......E....RPR..J...Z...Z.....Za....U..`.M..U.Q.z..}..J..u..r...Y..(Iu.a....U..`.}..u...W..>...h....j.W..N...j@h.0..h....W..B.....t.......9.|.a....V.@.Z.@.R.@.N.@.^.@.....

save & Rebuild

:)

Link to comment

Anyone has the protector on his disk or knows were can i find it ??

it's a nice protections and packs well i see......... maybe could any member here help us findign it and posting in the tools section it would be really appreciated thanks in advanced !!

@ Apakekdah

Welcome bro' hope it helped :D

@Mouradpr

What do you mean by copy & paste the bytes ?? for what ?!

Link to comment
Anyone has the protector on his disk or knows were can i find it ??

I suspect its some maybe modified (private?) version of beroexepacker

http://bero.0ok.de/blog/projects/beroexepacker/
Link to comment
SuperCRacker

ok had more time to spend with this challenge, here's the unpacked file, you can check with peid to see that it's borland 4.0-5.0 programmed. Nice challengeme.

SC.

Unpacked_SC.zip

Link to comment
Guest dj-siba

Hi

The challenge is Packed with BeRoEXEpacker

some stuff Added just to make it some Fun

PEiD say: SPLayer 0.08 -> Jibz

it's just Fake signature

Once you know what's going you can Unpack easily

As easy as using PEiD Generic Unpacker

But the Challenge is not Unpacking

it's to get a Valid Serial

Here a clue

name:dj-siba

Valid Serial: 8694BA257D9882E678C96CDB7C9177D7

GoOD Luck

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...