Jump to content
Tuts 4 You

[unpackme]WinLIcense 2.0.8.0 + Hardaware lock


EvOlUtIoN

Recommended Posts

Here is a new unpackme protected with latest version of WinLicense (2.0.8.0).

I put maximum protection, and locked it to hardware, so it requires a keyfile to run (provided of course).

Goal is to unpack it, or also bypass of hardware lock (make program run on all machines) can be a good solution.

Good luck.

EvOlUtIoN

wl2080_unpackme.rar

Link to comment
Share on other sites

  • Replies 80
  • Created
  • Last Reply

Top Posters In This Topic

  • EvOlUtIoN

    15

  • quosego

    13

  • ZenLoren

    11

  • Loveless

    6

Top Posters In This Topic

Posted Images

r00t_H@ck3r

2ezrcw1.jpg

D:

Btw LCF-AT should be happy as he can finally update his script :3 thanks Evo

Edited by Lithium
Link to comment
Share on other sites

CodeExplorer

@Lithium:

Don't know from where your errors comes!

Your O.S. is Windows 98 ?

It gives me a different error:

errorw.png

Edited by CodeRipper
Link to comment
Share on other sites

This time will be very very hard to make a script for searching isregistered dwords automatically...i suggest you to learn how to search them manually.

For the error, i don't know...maybe you don't have the libraries for vc++ 8 on your pc.

Link to comment
Share on other sites

r00t_H@ck3r

quesego can update his Winlicense Tut too enjoy reading it but nothing got into my mind :( I am interested why some reversers can change Themida VM To X86 and make the program back to pure unpacked o.o aka whole themida is stripped totally D:

Link to comment
Share on other sites

i just see the file , and was terminated from start when used with olly

but changed THIS

006B16DF TO PUSH 0A81731A

006C138A TO PUSH 0A828F79

0071FE83 TO PUSH 0A88A991

0074C2AC ??

so stoped here 0074C2AC

it can be see 00403520=00403520 (ASCII "About")

00403528=00403528 (ASCII "Good JOB!")

:)

Edited by sfs
Link to comment
Share on other sites

r00t_H@ck3r
just seen the file , and it was terminated when I loaded it in olly

but I changed

006B16DF TO PUSH 0A81731A

AND 006C138A TO PUSH 0A828F79

and it stopped here 006F803F and 006E787E need more research to check about HWID code.

^ better english

Edited by Lithium
Link to comment
Share on other sites

Errors complaining about some application configuration are mostly related to a missing C runtime (msvcrt). Download a package from Microsoft and it should work fine (just my guess, worked fine for me).

Link to comment
Share on other sites

This time will be very very hard to make a script for searching isregistered dwords automatically...i suggest you to learn how to search them manually.

For the error, i don't know...maybe you don't have the libraries for vc++ 8 on your pc.

How to find is registered dwords ?

Thanks !

Link to comment
Share on other sites

hehe I got very little time, and finding the is_registered dwords is a lot more difficult now.. (Fully virtualized.)

Also they've got some new stuff.

Have mastered the dynamic antidump now, and am working on the unlinking of dll's that annoys my script.

(there's a shortcut but don't like that.. :) )

Link to comment
Share on other sites

I'm running on 3 hours sleep now. But after a couple of hours of napping I might take up the gauntlet :)

Link to comment
Share on other sites

Found the is_registered dwords. :)

passed the hw-id check.. now onto the otehr stuff. :)

EDIT:

Quite nice, there's a secondary check. Which makes sure the antidumps are never written.

Thusly crashing the app.

Edited by quosego
Link to comment
Share on other sites

Found the is_registered dwords. :)

passed the hw-id check.. now onto the otehr stuff. :)

EDIT:

Quite nice, there's a secondary check. Which makes sure the antidumps are never written.

Thusly crashing the app.

so if the app is reg. will not have antidumps or

Link to comment
Share on other sites

No the a registered app wil have working antidumps.

A bypassed hw-id app will crash the same way as an improperly dumped executable.

Link to comment
Share on other sites

Nice. So bypassing HWID is now infinitely harder. I tried the Deathway technique, doesn't work. I don't know how to do your thing quosego so I'm stumped. Too lazy to research it any further since I never had HWID bypassing experience in the first place.

Edited by Loveless
Link to comment
Share on other sites

Nice. So bypassing HWID is now infinitely harder. I tried the Deathway technique, doesn't work. I don't know how to do your thing quosego so I'm stumped. Too lazy to research it any further since I never had HWID bypassing experience in the first place.

XD, i thougth WL never will fix that :P , and yes, all is virtualized now, will try the next week :)

Link to comment
Share on other sites

I had to move heaven and earth & dig more VM code than ever before but I got it. :)

Unpack now is easy..

Sorry to say guys but my methods will stay private, oreans has proven it's resilience once more.

This time enough to keep this out of the public for a while.

Proof:

voila.th.jpg

Edited by quosego
Link to comment
Share on other sites

I was sure you can beat it quosego, you are the best in winlicense. I also never seen a taget hard like this, and this is the reason why i decided to post it here and, obviously, only one person can do.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...