Jump to content
Tuts 4 You

[Unpackme] Nefarious UnCryptme


Rompope

Recommended Posts

Your Mission if you choose Unpack this file and tell me the original OEP and original File Size. some things to consider: anti olly if you can bypass this please tell me how;) , anti dumping and a few other things let me know!

PS. most of the file size is the chiptune converted to c++ table array (adds to the encryption bigger the file = more encryption :P

ps:

attach to process example

24pc9k1.jpg

Sorry a little drunk right now maybe this is simple for you to bypass but let me know

PS. I am Nefarious

PS. The File size is higher now then it is Uncryptedme

NefariousUnCryptMe.zip

Edited by Rompope
Link to comment

004050A0 D0 50 00 00

004050A4 00 F0 00 00 ?...?.?.

004050D0 4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 MZ?........

004050E0 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 ?......@.......

004050F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00405100 00 00 00 00 00 00 00 00 00 00 00 00 F0 00 00 00 ............?..

00405110 0E 1F BA 0E 00 B4 09 CD 21 B8 01 4C CD 21 54 68 ?.???L?Th

00405120 69 73 20 70 72 6F 67 72 61 6D 20 63 61 6E 6E 6F is program canno

00405130 74 20 62 65 20 72 75 6E 20 69 6E 20 44 4F 53 20 t be run in DOS

00405140 6D 6F 64 65 2E 0D 0D mode...

004050A4 F000 ==Size

Link to comment

here it is unpacked original one...

4 simple steps.

1. Get address of first unformatted (encrypted) resource data (here will be the file)

2. Run program till resource is decrypted (or run totally no problem at all)

3. Make a raw dump of whole program

4. Dump with lordpe the first unformatted resource data, it is original file...runs perfectly untouched.

Size and OEP are the ones exactly of attached file

There are more than one method to unpack it, but this is undoubtely the easiest one.

unpacked_ok.rar

Edited by EvOlUtIoN
Link to comment
here it is unpacked original one...

4 simple steps.

1. Get address of first unformatted (encrypted) resource data (here will be the file)

2. Run program till resource is decrypted (or run totally no problem at all)

3. Make a raw dump of whole program

4. Dump with lordpe the first unformatted resource data, it is original file...runs perfectly untouched.

Size and OEP are the ones exactly of attached file

There are more than one method to unpack it, but this is undoubtely the easiest one.

thank you :lol:

Link to comment
help

bp SetHandleCount

For me it doesn't take any sense.

Help for what?

It is not a real packer, just grab original file and dump it in any way you want, what else?

Make a description of your difficulty so i can help...

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...