EvOlUtIoN Posted May 28, 2009 Share Posted May 28, 2009 Here is a new unpackme protected with latest version of WinLicense (2.0.8.0).I put maximum protection, and locked it to hardware, so it requires a keyfile to run (provided of course).Goal is to unpack it, or also bypass of hardware lock (make program run on all machines) can be a good solution.Good luck.EvOlUtIoNwl2080_unpackme.rar Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted May 28, 2009 Share Posted May 28, 2009 (edited) D: Btw LCF-AT should be happy as he can finally update his script :3 thanks Evo Edited May 28, 2009 by Lithium Link to comment Share on other sites More sharing options...
CodeExplorer Posted May 28, 2009 Share Posted May 28, 2009 (edited) @Lithium: Don't know from where your errors comes! Your O.S. is Windows 98 ? It gives me a different error: Edited May 28, 2009 by CodeRipper Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted May 28, 2009 Share Posted May 28, 2009 mine is Windows XP Home Edition,who uses window 98 nowdays. Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted May 28, 2009 Author Share Posted May 28, 2009 This time will be very very hard to make a script for searching isregistered dwords automatically...i suggest you to learn how to search them manually.For the error, i don't know...maybe you don't have the libraries for vc++ 8 on your pc. Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted May 28, 2009 Share Posted May 28, 2009 quesego can update his Winlicense Tut too enjoy reading it but nothing got into my mind I am interested why some reversers can change Themida VM To X86 and make the program back to pure unpacked o.o aka whole themida is stripped totally D: Link to comment Share on other sites More sharing options...
sfs Posted May 28, 2009 Share Posted May 28, 2009 (edited) i just see the file , and was terminated from start when used with olly but changed THIS 006B16DF TO PUSH 0A81731A 006C138A TO PUSH 0A828F79 0071FE83 TO PUSH 0A88A991 0074C2AC ?? so stoped here 0074C2AC it can be see 00403520=00403520 (ASCII "About") 00403528=00403528 (ASCII "Good JOB!") Edited May 28, 2009 by sfs Link to comment Share on other sites More sharing options...
r00t_H@ck3r Posted May 28, 2009 Share Posted May 28, 2009 (edited) just seen the file , and it was terminated when I loaded it in olly but I changed006B16DF TO PUSH 0A81731AAND 006C138A TO PUSH 0A828F79and it stopped here 006F803F and 006E787E need more research to check about HWID code.^ better english Edited May 28, 2009 by Lithium Link to comment Share on other sites More sharing options...
metr0 Posted May 28, 2009 Share Posted May 28, 2009 Errors complaining about some application configuration are mostly related to a missing C runtime (msvcrt). Download a package from Microsoft and it should work fine (just my guess, worked fine for me). Link to comment Share on other sites More sharing options...
tomatoes Posted May 28, 2009 Share Posted May 28, 2009 This time will be very very hard to make a script for searching isregistered dwords automatically...i suggest you to learn how to search them manually.For the error, i don't know...maybe you don't have the libraries for vc++ 8 on your pc.How to find is registered dwords ?Thanks ! Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted May 28, 2009 Author Share Posted May 28, 2009 You have to discover this by yourself, i can't solve it for you... Link to comment Share on other sites More sharing options...
Loveless Posted May 28, 2009 Share Posted May 28, 2009 lol quosego usually beats me to these.... Link to comment Share on other sites More sharing options...
quosego Posted May 29, 2009 Share Posted May 29, 2009 hehe I got very little time, and finding the is_registered dwords is a lot more difficult now.. (Fully virtualized.) Also they've got some new stuff. Have mastered the dynamic antidump now, and am working on the unlinking of dll's that annoys my script. (there's a shortcut but don't like that.. ) Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted May 29, 2009 Author Share Posted May 29, 2009 Anyone wold be better than quosego here? Link to comment Share on other sites More sharing options...
Loveless Posted May 29, 2009 Share Posted May 29, 2009 I'm running on 3 hours sleep now. But after a couple of hours of napping I might take up the gauntlet Link to comment Share on other sites More sharing options...
quosego Posted May 29, 2009 Share Posted May 29, 2009 (edited) Found the is_registered dwords. passed the hw-id check.. now onto the otehr stuff. EDIT: Quite nice, there's a secondary check. Which makes sure the antidumps are never written. Thusly crashing the app. Edited May 29, 2009 by quosego Link to comment Share on other sites More sharing options...
sfs Posted May 29, 2009 Share Posted May 29, 2009 Found the is_registered dwords. passed the hw-id check.. now onto the otehr stuff. EDIT: Quite nice, there's a secondary check. Which makes sure the antidumps are never written. Thusly crashing the app. so if the app is reg. will not have antidumps or Link to comment Share on other sites More sharing options...
quosego Posted May 29, 2009 Share Posted May 29, 2009 No the a registered app wil have working antidumps.A bypassed hw-id app will crash the same way as an improperly dumped executable. Link to comment Share on other sites More sharing options...
Loveless Posted May 30, 2009 Share Posted May 30, 2009 (edited) Nice. So bypassing HWID is now infinitely harder. I tried the Deathway technique, doesn't work. I don't know how to do your thing quosego so I'm stumped. Too lazy to research it any further since I never had HWID bypassing experience in the first place. Edited May 30, 2009 by Loveless Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted May 30, 2009 Author Share Posted May 30, 2009 ask only things about unpackme plz. Link to comment Share on other sites More sharing options...
Deathway Posted May 30, 2009 Share Posted May 30, 2009 Nice. So bypassing HWID is now infinitely harder. I tried the Deathway technique, doesn't work. I don't know how to do your thing quosego so I'm stumped. Too lazy to research it any further since I never had HWID bypassing experience in the first place. XD, i thougth WL never will fix that , and yes, all is virtualized now, will try the next week Link to comment Share on other sites More sharing options...
Loveless Posted May 30, 2009 Share Posted May 30, 2009 Thanks Deathway, much appreciated ^^ Link to comment Share on other sites More sharing options...
quosego Posted May 31, 2009 Share Posted May 31, 2009 (edited) I had to move heaven and earth & dig more VM code than ever before but I got it. Unpack now is easy.. Sorry to say guys but my methods will stay private, oreans has proven it's resilience once more. This time enough to keep this out of the public for a while. Proof: Edited May 31, 2009 by quosego Link to comment Share on other sites More sharing options...
EvOlUtIoN Posted May 31, 2009 Author Share Posted May 31, 2009 I was sure you can beat it quosego, you are the best in winlicense. I also never seen a taget hard like this, and this is the reason why i decided to post it here and, obviously, only one person can do. Link to comment Share on other sites More sharing options...
Loveless Posted May 31, 2009 Share Posted May 31, 2009 Props quosego, I'm majorly impressed Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now