Now the final proof oreans is still defeated;

And some stuff to study. Pay attention to ;

005DC577  7C80A0A7  

Edited May 31, 200916 yr by quosego

@quosego

well done :3 no idea where's LCF-AT I think he/she another person can null this

O BTW you use MIRC o.o but I cant find you

Edited June 1, 200916 yr by Lithium

as the messagebox says...good job!

Quite nice, there's a secondary check. Which makes sure the antidumps are never written.

Thusly crashing the app.

Thanks for the info, It looked like it was checking the header before it would crash on me.

Too lazy to research it any further since I never had HWID bypassing experience in the first place.

Kind of in the same boat here, this was actually my first attempt on any target with Hardware Id.

this unpackme is very hard..

in me, i've got only show splash window..

and the app terminate..

this unpackme is very hard..

in me, i've got only show splash window..

and the app terminate..

006B16DF TO PUSH 0A81731A will not terminate the app..

006C138A TO PUSH 0A828F79

0071FE83 TO PUSH 0A88A991

if its helps

this unpackme is very hard..

in me, i've got only show splash window..

and the app terminate..

006B16DF TO PUSH 0A81731A will not terminate the app..

006C138A TO PUSH 0A828F79

0071FE83 TO PUSH 0A88A991

if its helps

thx.. anyway for the hint..

the app was close first before reach that 3 address

Edited June 5, 200916 yr by Apakekdah

Good job quosego

well is so ****ing depressed look that just 1 person made it well what can I say

good luck next time

Don't worry, there's other people that can do it..

Rest assured that it only takes one person to teach the rest of the world.

Unpacking Winlicense has been fully automated, And there's not much left of the SDK.

And trust me, next time it'll be perfectly doable as well.

q.

Edited July 3, 200916 yr by quosego

ehm...for example i can unpack something like it manually. Yes maybe for me the operation can take muche more than quosego, but i can do and i'm sure there are at least hundred people able to unpack it.

well this Unpackme is so hard that people only look

and got scared

take a look more than 2000 views and just 1 solution

well what can I say juts wish good luck to all people that

got stuck on this Unpackme

and congratulate quosego

and thanks EvOlUtIoN for the unpackme

i got another program by wl2.0.8+hardware lock

i found the registerd_dword is compared in vm

0080FCE7 ^\FFE0 jmp eax ; vm in

0080FCE9 10EC adc ah, ch ; //rubbish code

0080FCEB 57 push edi

0080FCEC 7E 33 jle short 0080FD21

0080FCEE 5A pop edx

0080FCEF 4D dec ebp

0080FCF0 4A dec edx

0080FCF1 699B D7039347 F>imul ebx, dword ptr [ebx+0x479303D7], 0xA8BA09F1

0080FCFB CF iretd

0080FCFC 0A3B or bh, byte ptr [ebx]

0080FCFE 1C 93 sbb al, 0x93

0080FD00 2D 1F152043 sub eax, 0x4320151F

0080FD05 FB sti

0080FD06 CD D1 int 0xD1

0080FD08 70 18 jo short 0080FD22

0080FD0A 52 push edx

0080FD0B 07 pop es

0080FD0C 19BE 3F687F09 sbb dword ptr [esi+0x97F683F], edi

0080FD12 BA B0136BDF mov edx, 0xDF6B13B0

0080FD17 FC cld

0080FD18 21AA 309F283A and dword ptr [edx+0x3A289F30], ebp

0080FD1E CD DF int 0xDF

0080FD20 039E 39F024CF add ebx, dword ptr [esi-0x30DB0FC7]

0080FD26 9C pushfd

0080FD27 A8 28 test al, 0x28 //rubbish code

0080FD29 8D8D BB9D6B0A lea ecx, dword ptr [ebp+0xA6B9DBB] ;//vm out

0080FD2F 6A 00 push 0x0

0080FD31 57 push edi

0080FD32 E8 03000000 call 0080FD3A //decode code

it's anti that you can't step.

0080FDBC FF95 5529420A call dword ptr [ebp+0xA422955] ; (ntdll.ZwSetEvent)

0080FDC2 81F7 2950ED6D xor edi, 0x6DED5029

0080FDC8 6A 00 push 0x0

0080FDCA FF95 6103420A call dword ptr [ebp+0xA420361]

0080FDD0 8BC0 mov eax, eax

0080FDD2 ^ EB F4 jmp short 0080FDC8 ; if you step,you can't pass.

i had no idea to find the register_dword.vm+obfuscated+anti there is too too hard!!!!!!!

When at ntdll.ZwSetEvent bp the jump beneath it (0080FDD2) and press f9 it'll give the decryption thread long enough to overwrite EBF4 and proceed with execution.

Edited July 8, 200916 yr by quosego

unpacking stuff manually,shows two thing you understand reversing very well and your asm is superb

partly I am counting to the day VM decrypting will be out,and I doubt it is impossible,and I believe alot of people have done it and proof vm to x86 is possible and defeating one of the worlds most strongest packer.

only thing is when It is encrypted and that is the code where you need to reverse ... that what make people crazy about vm cause it make no sense and it stop you from achieving...

When at ntdll.ZwSetEvent bp the jump beneath it (0080FDD2) and press f9 it'll give the decryption thread long enough to overwrite EBF4 and proceed with execution.

I GOT IT,BUT HOW TO FIND THE RETISTER DWORD IN VM?DO YOU HAVE SOME IDEAS,QUOSEGO?

Are the hwid locks able to be faked using a cracked copy of WinLicense?

In other words, can you use the same version of WinLicense to create a

new key for someone elses protected files?

DM

No of course if you don't have the license unique key generated for that program...

No of course if you don't have the license unique key generated for that program...

How is it generated on the other end? Is it done off of a software hash

or something? I noticed you can do a little customizing to the key too.

Why would anyone seriously use this, it slows down the automation of

delivery of your software.

DM

hi.this is text WinLIcense 2.0.9.0

WL 2090 Notes.rar

005DB537 C9 01 A0 26

Is_Register dword but When I patch it,app crash.How to fix ?

Edited July 27, 200916 yr by tomatoes

Of course you wrong something...

Of course you wrong something...

yes of course,I will try again.

and It's great If you or anynone give me some ideas about that.

Thanks !

I can only say that it is not that different form older version.

I can only say that it is not that different form older version.

Yes,I understand it

and success

Thanks!

Edited August 6, 200916 yr by tomatoes