[unpackme] Larp 2.0 Unpackme

[lena151]

Hi to everybody.

Here is a small old year - new year present to fill those empty moments in this dark time of the year. Happy living to all.

The unpackme was protected by a stripped down version of lARP 2.0 (lena151's Anti Rip Protector).

Unpack/deprotect the unpackme and the first to succeed gains a kiss on the forehead from me (or perhaps this is a good reason not to try it? )

Success to all,

lena151.

lARP_2.0_Unpackme.rar

Edited December 23, 2007 by Teddy Rogers
Corrected the topic title...

[revert]

Hi,

Not sure but I think this should do it.
/>http://rapidshare.com/files/78361481/dump.rar.html

Its not easy on Vista x64

[pavka]

My variant

lARP_2.0_Unpacked_.rar

[lena151]

Good job guys.

pavka even restored the stolen bytes but jstorme gets the kiss for being first!

Thanks for your interest,

lena151.

[ChupaChu]

Someone cares to write a walkthrough - tutorial for unpacking it?

I'll start learning unpacking in new year, so.. I'd apreciate it

BR, ChupaChu!

[lena151]

Someone cares to write a walkthrough - tutorial for unpacking it?

He ChupaChu,

It's nothing special. I just used a couple tricks and some basic obfuscation which you will come across if you study the beginner series indepth from #20 and up. It would be repeating old material to make a walkthrough for it. Also, do take a special look in #37 about unpacking MSLRH.

I wish you all success in your quest!

lena151.

[ChupaChu]

Thanx for pointing me in the right direction, i have always avoided unpacking as much as i coud but i guess its time to dig my self into it..

Happy hollidays!

BR, ChupaChu!

[Apakekdah]

Its hard...

i'm stuck in here...

0040F9B5	F7D8				   NEG EAX
0040F9B7	3D 706F6F6F			CMP EAX,6F6F6F70
0040F9BC	75 06				  JNZ SHORT lARP_2_0.0040F9C4
0040F9BE	8D9D 061A4000		  LEA EBX,DWORD PTR SS:[EBP+401A06]
0040F9C4	830424 02			  ADD DWORD PTR SS:[ESP],2
0040F9C8	C3					 RETN
0040F9C9	75 00				  JNZ SHORT lARP_2_0.0040F9CB

how to skip this ?

Edited December 24, 2007 by Apakekdah

[dR.cARBOn]

My unpacked!

dr.carbon

unlARP.zip

[dR.cARBOn]

here is the easiest medthod!

for newbies!

greetz

dr.carbon

unlena.zip

[pavka]

@Apakekdah

0040F9B5 F7D8 NEG EAX

0040F9B7 3D 706F6F6F CMP EAX,6F6F6F70 <---------chek if fill nop call

0040F9BC 75 06 JNZ SHORT lARP_2_0.0040F9C4

0040F9BE 8D9D 061A4000 LEA EBX,DWORD PTR SS:[EBP+401A06]

0040F9C4 830424 02 ADD DWORD PTR SS:[ESP],2

0040F9C8 C3 RETN

0040F9C9 75 00 JNZ SHORT lARP_2_0.0040F9CB

[Apakekdah]

@Apakekdah

0040F9B5 F7D8 NEG EAX

0040F9B7 3D 706F6F6F CMP EAX,6F6F6F70 <---------chek if fill nop call

0040F9BC 75 06 JNZ SHORT lARP_2_0.0040F9C4

0040F9BE 8D9D 061A4000 LEA EBX,DWORD PTR SS:[EBP+401A06]

0040F9C4 830424 02 ADD DWORD PTR SS:[ESP],2

0040F9C8 C3 RETN

0040F9C9 75 00 JNZ SHORT lARP_2_0.0040F9CB

when i nopped it app terminate

but if i leave it alone, app wont start, he just looping in there...

[pavka]

@Apakekdah

Clean unnecessary call and it will be easier to you to investigate a code. Example:

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],2

C3 RETN

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],1

C3 RETN

call ХХХХХХХ

ADD DWORD PTR SS:[ESP],5

C3 RETN

And so on

[What]

Yeah not really hard, nice little tricks here and there, but nothing really complex. If practice solving problems by yourself, you should be able to get this soon enough.

[kaksii]

Hehe, I'm glad lena is back.

Keep reversing!

[Fungus]

Ok this took me a loooooong time, but I finally did it.

larp2.0UnpackedMe.rar