[Unpackme] lena151 2008 challenge

[lena151]

lARP v2.0 Ultimate

My 2008 challenge is this small UnpackMe from Ultimate version of lARP protector. All options checked except pre-compression. Just unpack.

Big thanks to my buddies Ufo-Pu55y for researching some really neat stuff and jstorme for his continued support and testing. Thanks guys, I shall remember you in my morning, noon and evening lARP prayers

Remark1: when it's all too obvious that you are on a reverser's system, a lARP'ed file may display a warning or even crash, also outside debugger In such case, just unpack to remove all limitations

Remark2: there is now some experimental code in lARP. Love and best care have been applied to make it, still, if you see unexpected behaviour like your PC starting talking or your box turning into a tv set ... then just send the fee for your machine's additional features to my paypal account

Remark3: Ehm, the first to unpack this year's challenge gets a free license in a personalised lARP Ultimate version on condition he/she never ever protects filthy sh!t with it. Hehe, and also on condition that I can find someone who is interested in it (???)

Good luck!

lena151.

lARP_2.0_Ultimate_Unpackme.rar

lARP_ULTIMATE_updated.rar

Edited September 13, 2008 by lena151

[Killboy]

This is worse than Execryptor

There is hardly any meaningful code at all...

Still looking for the VM detection :x

This sounds like endless tracing...

[Loki]

Man... it checks for SICE, SYSER, OllyBone and even TRW.

I'll leave this to the clever people

[IMPosTOR]

where is Subz3ro ?

[thaton]

file unpacked by my friend Magic_h2001 from exetools :cool:

[lena151]

Outstanding!

I shall send the personalised version to your friend as he asks, but I'll need a moment to prepare it

Thank him for his interest.

The attachment was removed to make it possible for other people to post their solutions too, but the challenge was solved.

lena151.

[lena151]

file unpacked by my friend Magic_h2001 from exetools :cool:

Package sent.

Tell your friend to verify his email and to reply for reception if all is fine.

lena151.

[lena151]

Thanks to all who tried this but I find it pretty strange that nobody else has posted his dump.

68 downloads and nobody else has unpacked the challenge?

Please don't be shy, just post your dumps...

Or maybe I made this one too difficult?

lena151.

[Killboy]

Please don't be shy, just post your dumps...

If only it was that easy

[blackpirate]

@lena151

1:thnx for your tuts!( even if i gave up on them, donno know for sure the no)! :sad:

you will be a legend in RCE world!

P.S:i bet that you buddy, quosego, will take care of this baby!

All the best !!!!!

RESPECT!!!!

[What]

I am a little disappointed that this was solved before I even saw the post. From what I saw from a quick 5 min look you did a nice job on killing attemps to debugger attach, (hooking NtQuerySytemInformation to hide your process and NtDebugActiveProcess to disallow actual attaching), going to force most people to actually load the process through a debugger, that stops a lot of people from completeing it since most people couldnt do easier versions without attaching. I havent yet loaded it under my debugger, but the dump appears to be similiar to earlier versions.

[pavka]

@lena151

Unfortunately net system XP SP2 processor quad, unpackme does not run! Search under it or install a computer system to clean the old laptop, just laziness;)

[movzxEax]

Same here,

donesn't run on vista

Thought it was because of detection some registry entries, files and so on

After partitionning the HD and installing a fresh vista SAME pROBLEM -> FILE DOESN'T RUN AT ALL

Edited August 23, 2008 by movzxEax

[metr0]

Which Vista version are you using? x86 or x64? SP0/SP1? These information would help lena to identify the problem (at least I hope so ).

[v01d]

For me on Vista32 it is working OK. But I need more knowledge .

[movzxEax]

Same here,

donesn't run on vista

Thought it was because of detection some registry entries, files and so on

After partitionning the HD and installing a fresh vista SAME pROBLEM -> FILE DOESN'T RUN AT ALL

It's Vista x86 ultimate (no SP)

[EvOlUtIoN]

deroko solved it on ARTeam, for me it is too difficult (also i don't like drivers very much).

Nice one lena, this is one of the first 3 most difficult protector i ever seen.

[quosego]

Yup it's one tough cookie..

Indeed excellent work...

quosego

[SuperCRacker]

I can't even start the unpackme. I always get this error and I'm not launching any debuggers or virtual machines.

Edited September 3, 2008 by SuperCRacker

[EvOlUtIoN]

have you tried to run it just after starting pc?

[SuperCRacker]

have you tried to run it just after starting pc?

Yes, I tried to run it several times without any success. Maybe Lena is implementing a protection scheme to chech if the unpackme is whether running on a cracker platform or not ...

SC.

[lena151]

Yes, I tried to run it several times without any success. Maybe Lena is implementing a protection scheme to chech if the unpackme is whether running on a cracker platform or not ...

Yes indeed. When it's all too obvious you are trying to run a lARPed file on a reverser's system, it will refuse to run ... check out Remark 1 in the initial post above. Just unpack to remove those limitations.

lena151.

[lena151]

lARP Ultimate was updated for a rare bug. It would be nice if those people having a problem to run it before would take a look into this one and report back. Once again: a debug/VM warning message even outside debugger IS NOT a bug!.

See first post in this thread for the updated challenge unpackme.

Thanks for your time,

lena151.

Edited September 13, 2008 by lena151

[Apakekdah]

da*n.. i never done with this one...

[antrobs]

It's for clever ones.

aNtRoBs