lena151 Posted August 18, 2008 Share Posted August 18, 2008 (edited) lARP v2.0 Ultimate My 2008 challenge is this small UnpackMe from Ultimate version of lARP protector. All options checked except pre-compression. Just unpack. Big thanks to my buddies Ufo-Pu55y for researching some really neat stuff and jstorme for his continued support and testing. Thanks guys, I shall remember you in my morning, noon and evening lARP prayers Remark1: when it's all too obvious that you are on a reverser's system, a lARP'ed file may display a warning or even crash, also outside debugger In such case, just unpack to remove all limitations Remark2: there is now some experimental code in lARP. Love and best care have been applied to make it, still, if you see unexpected behaviour like your PC starting talking or your box turning into a tv set ... then just send the fee for your machine's additional features to my paypal account Remark3: Ehm, the first to unpack this year's challenge gets a free license in a personalised lARP Ultimate version on condition he/she never ever protects filthy sh!t with it. Hehe, and also on condition that I can find someone who is interested in it (???) Good luck! lena151. lARP_2.0_Ultimate_Unpackme.rar lARP_ULTIMATE_updated.rar Edited September 13, 2008 by lena151 1 Link to comment Share on other sites More sharing options...
Killboy Posted August 18, 2008 Share Posted August 18, 2008 This is worse than Execryptor There is hardly any meaningful code at all... Still looking for the VM detection :x This sounds like endless tracing... Link to comment Share on other sites More sharing options...
Loki Posted August 19, 2008 Share Posted August 19, 2008 Man... it checks for SICE, SYSER, OllyBone and even TRW. I'll leave this to the clever people Link to comment Share on other sites More sharing options...
IMPosTOR Posted August 19, 2008 Share Posted August 19, 2008 where is Subz3ro ? Link to comment Share on other sites More sharing options...
thaton Posted August 19, 2008 Share Posted August 19, 2008 file unpacked by my friend Magic_h2001 from exetools :cool: Link to comment Share on other sites More sharing options...
lena151 Posted August 19, 2008 Author Share Posted August 19, 2008 Outstanding! I shall send the personalised version to your friend as he asks, but I'll need a moment to prepare it Thank him for his interest. The attachment was removed to make it possible for other people to post their solutions too, but the challenge was solved. lena151. Link to comment Share on other sites More sharing options...
lena151 Posted August 20, 2008 Author Share Posted August 20, 2008 file unpacked by my friend Magic_h2001 from exetools :cool:Package sent. Tell your friend to verify his email and to reply for reception if all is fine.lena151. Link to comment Share on other sites More sharing options...
lena151 Posted August 22, 2008 Author Share Posted August 22, 2008 Thanks to all who tried this but I find it pretty strange that nobody else has posted his dump.68 downloads and nobody else has unpacked the challenge?Please don't be shy, just post your dumps...Or maybe I made this one too difficult?lena151. Link to comment Share on other sites More sharing options...
Killboy Posted August 22, 2008 Share Posted August 22, 2008 Please don't be shy, just post your dumps... If only it was that easy Link to comment Share on other sites More sharing options...
blackpirate Posted August 22, 2008 Share Posted August 22, 2008 @lena151 1:thnx for your tuts!( even if i gave up on them, donno know for sure the no)! :sad: you will be a legend in RCE world! P.S:i bet that you buddy, quosego, will take care of this baby! All the best !!!!! RESPECT!!!! Link to comment Share on other sites More sharing options...
What Posted August 22, 2008 Share Posted August 22, 2008 I am a little disappointed that this was solved before I even saw the post. From what I saw from a quick 5 min look you did a nice job on killing attemps to debugger attach, (hooking NtQuerySytemInformation to hide your process and NtDebugActiveProcess to disallow actual attaching), going to force most people to actually load the process through a debugger, that stops a lot of people from completeing it since most people couldnt do easier versions without attaching. I havent yet loaded it under my debugger, but the dump appears to be similiar to earlier versions. Link to comment Share on other sites More sharing options...
pavka Posted August 23, 2008 Share Posted August 23, 2008 @lena151Unfortunately net system XP SP2 processor quad, unpackme does not run! Search under it or install a computer system to clean the old laptop, just laziness;) Link to comment Share on other sites More sharing options...
movzxEax Posted August 23, 2008 Share Posted August 23, 2008 (edited) Same here, donesn't run on vista Thought it was because of detection some registry entries, files and so on After partitionning the HD and installing a fresh vista SAME pROBLEM -> FILE DOESN'T RUN AT ALL Edited August 23, 2008 by movzxEax Link to comment Share on other sites More sharing options...
metr0 Posted August 23, 2008 Share Posted August 23, 2008 Which Vista version are you using? x86 or x64? SP0/SP1? These information would help lena to identify the problem (at least I hope so ). Link to comment Share on other sites More sharing options...
v01d Posted August 23, 2008 Share Posted August 23, 2008 For me on Vista32 it is working OK. But I need more knowledge . Link to comment Share on other sites More sharing options...
movzxEax Posted August 24, 2008 Share Posted August 24, 2008 Same here,donesn't run on vista Thought it was because of detection some registry entries, files and so on After partitionning the HD and installing a fresh vista SAME pROBLEM -> FILE DOESN'T RUN AT ALL It's Vista x86 ultimate (no SP) Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted September 3, 2008 Share Posted September 3, 2008 deroko solved it on ARTeam, for me it is too difficult (also i don't like drivers very much).Nice one lena, this is one of the first 3 most difficult protector i ever seen. Link to comment Share on other sites More sharing options...
quosego Posted September 3, 2008 Share Posted September 3, 2008 Yup it's one tough cookie.. Indeed excellent work...quosego Link to comment Share on other sites More sharing options...
SuperCRacker Posted September 3, 2008 Share Posted September 3, 2008 (edited) I can't even start the unpackme. I always get this error and I'm not launching any debuggers or virtual machines. Edited September 3, 2008 by SuperCRacker Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted September 3, 2008 Share Posted September 3, 2008 have you tried to run it just after starting pc? Link to comment Share on other sites More sharing options...
SuperCRacker Posted September 4, 2008 Share Posted September 4, 2008 have you tried to run it just after starting pc?Yes, I tried to run it several times without any success. Maybe Lena is implementing a protection scheme to chech if the unpackme is whether running on a cracker platform or not ...SC. Link to comment Share on other sites More sharing options...
lena151 Posted September 4, 2008 Author Share Posted September 4, 2008 Yes, I tried to run it several times without any success. Maybe Lena is implementing a protection scheme to chech if the unpackme is whether running on a cracker platform or not ...Yes indeed. When it's all too obvious you are trying to run a lARPed file on a reverser's system, it will refuse to run ... check out Remark 1 in the initial post above. Just unpack to remove those limitations.lena151. Link to comment Share on other sites More sharing options...
lena151 Posted September 13, 2008 Author Share Posted September 13, 2008 (edited) lARP Ultimate was updated for a rare bug. It would be nice if those people having a problem to run it before would take a look into this one and report back. Once again: a debug/VM warning message even outside debugger IS NOT a bug!.See first post in this thread for the updated challenge unpackme.Thanks for your time,lena151. Edited September 13, 2008 by lena151 Link to comment Share on other sites More sharing options...
Apakekdah Posted October 17, 2008 Share Posted October 17, 2008 da*n.. i never done with this one... Link to comment Share on other sites More sharing options...
antrobs Posted October 20, 2008 Share Posted October 20, 2008 It's for clever ones. aNtRoBs Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now