Jump to content
Tuts 4 You

[unpackme]Armadillo Version 7.00

thisistest

By thisistest
in UnPackMe

 Share

Recommended Posts

thisistest

thisistest

Posted
  • Author
Posted

00B04359 E8 22010000 call 00B04480

00B0435E 50 push eax

00B0435F 68 B06AB500 push 0B56AB0 ; ASCII "%08X-%04u%02u%02u%02u%02u%02u%04u"

00B04364 8B55 E4 mov edx,dword ptr ss:[ebp-1C]

00B04367 81C2 00040000 add edx,400

00B0436D 52 push edx

00B0436E E8 C1200200 call 00B26434

00B04373 83C4 28 add esp,28

00B04376 E8 35F3FFFF call 00B036B0

00B0437B 8945 FC mov dword ptr ss:[ebp-4],eax

00B0437E 8B45 E4 mov eax,dword ptr ss:[ebp-1C]

00B04381 0FBE08 movsx ecx,byte ptr ds:[eax]

00B04384 85C9 test ecx,ecx

00B04386 74 4D je short 00B043D5

00B04388 68 9C6AB500 push 0B56A9C ; ASCII "&hardwareSignature="

00B0438D 8B55 E4 mov edx,dword ptr ss:[ebp-1C]

00B04390 52 push edx

00B04391 E8 FA150200 call 00B25990

00A9E31A B9 18000000 mov ecx,18

00A9E31F C1E1 02 shl ecx,2

00A9E322 8B15 6C4FB700 mov edx,dword ptr ds:[b74F6C] ; unpackme.100C5C08

00A9E328 8B040A mov eax,dword ptr ds:[edx+ecx]

00A9E32B 83F0 00 xor eax,0

00A9E32E 8945 A8 mov dword ptr ss:[ebp-58],eax

00A9E331 B9 09000000 mov ecx,9

00A9E336 C1E1 02 shl ecx,2

00A9E339 8B15 6C4FB700 mov edx,dword ptr ds:[b74F6C] ; unpackme.100C5C08

00A9E33F 8B040A mov eax,dword ptr ds:[edx+ecx]

00A9E342 83F0 00 xor eax,0

00A9E345 8945 A4 mov dword ptr ss:[ebp-5C],eax

00A9E348 8B4D 08 mov ecx,dword ptr ss:[ebp+8]

00A9E34B C1E1 08 shl ecx,8

00A9E34E 8B55 9C mov edx,dword ptr ss:[ebp-64]

00A9E351 8D440A 18 lea eax,dword ptr ds:[edx+ecx+18]

00A9E355 8B4D A8 mov ecx,dword ptr ss:[ebp-58]

00A9E358 334D A4 xor ecx,dword ptr ss:[ebp-5C]

00A9E35B BA 0D000000 mov edx,0D

00A9E360 C1E2 02 shl edx,2

00A9E363 8B35 6C4FB700 mov esi,dword ptr ds:[b74F6C] ; unpackme.100C5C08

00A9E369 8B1416 mov edx,dword ptr ds:[esi+edx]

00A9E36C 83F2 00 xor edx,0

00A9E36F 33CA xor ecx,edx

00A9E371 8B55 0C mov edx,dword ptr ss:[ebp+C]

00A9E374 330C90 xor ecx,dword ptr ds:[eax+edx*4] here

00A9E377 894D FC mov dword ptr ss:[ebp-4],ecx

00A9E37A EB 03 jmp short 00A9E37F

00A9E37C D6 salc

00A9E37D D6 salc

  • 3 weeks later...
Apuromafo

Apuromafo

Posted
Posted (edited)

i will never was keygened any armadillo, but searching in my old's folder of armadillo

maybe can help the atached info in toppic


/>http://forum.tuts4you.com/index.php?showtopic=14283

maybe direct:
/>http://forum.tuts4you.com/index.php?showtopic=14283&view=findpost&p=112578

not know much but are admirall this quote:

I checked out this file, and seems, it's protected with Unsinged level 0, that's why you can't find that checksum.

Anyway, I'll give my keygen, if the author publish a 1 correct serial

It works like this

after a call of "today", you will jump one of the calls below

First call is for v2 signed,v3 signed,v3 short.

Second call is v1 unsigned.

here, you have to decrypt serial using blowfish,

decrypted serial have this structure

symkey xor HWID(32 bit) ,other info(16 bit),today(16 bit)

haha, sorry, but i really did not understand you :P

Edited by apuromafo
qpt^J

qpt^J

Posted
Posted

Come on qpj^t, do it without the valid serial to extract the symmetric from ;)

HR,

Ghadni

I'll did, if I could :D

this level is not as easy, as the next ones, but very easy, if you have a valid key.

someone told me, that it's possible to do without valid keys, but I'm not sure, that he told me the truth

maybe you'll give me some tips? ;)

anyway, this is not keygenme, so it's not for me :D

ghandi

ghandi

Posted
Posted

I agree, i was only joking. I have not been fortunate enough to unlock the secret of unsigned keys, i do dig from time to time to see if i can learn anything though.

The following was taken from: http://woodmann.net/crackz/Packers.htm

* v3.4 and onwards update - Although a key generator for both v3.5 & v3.6 of Armadillo exists, the hole it exploits is one simply of v3.4 backward compatibility, i.e. the default certificate based upon Blowfish & Elgamal. In v3.5 the Blowfish key length was simply increased and the algorithm slightly modified, this actually doesn't prevent anyone owning a legitamate Armadillo key from breaking the Blowfish part but heals the brute force possibility if you don't own a real key. This still leaves Elgamal to be broken.

The current key generator for v3.6 generates keys for the Armadillo Free Certificate (actually a very (feature) limited version of the program), these keys are given away freely to people joining Digital River's online selling service (e.g. RegSoft). The Silicon Realms developers now custom compile versions of Armadillo for their customers and have also incorporated ECC into the very latest versions (v3.6a+). From my point of view, custom compiling always seemed to be the logical way to go and should have been done ages ago. Armadillo isn't completely secure but no protection scheme ever has been or ever will be, it does however have enough strengths to make it a considerable barrier to all but the best professional crackers.

v3.75

I learned in (June 2004) that v3.75 of Armadillo was keygenned by the group TMG (in contradiction to what I had written above); this was as a direct result of the source code being obtained (by illegal means) and a weak (32-bit) PRNG being identified. I have been assured this has been fixed, but I'll wait a while a little while before praising Armadillo's security again ;-).

While i have no doubt that there exists ways for people to retrieve needed information to make a keygenerator, it definitely isn't public knowledge (unlike the ElGamal and ECDSA methods) and it isn't something which i'm privy to.

HR,

Ghandi

  • 3 weeks later...
ghandi

ghandi

Posted
Posted

Reverse Armadillo to gain sufficient knowledge and then build the steps with the code of your choice?

HR,

Ghandi

  • 4 weeks later...
cdwayne foremost

cdwayne foremost

Posted
Posted

YOU GUYS ARE UNTOUCHABLE

  • 9 months later...
Apuromafo

Apuromafo

Posted
Posted (edited)

about posts #1 say [unpackme]Armadillo Version 7.00, beta1 //really beta3

and have 1 key:

but in post #9 loki there are say as lv3 short v10

and maybe can be genned'?

there a friend was done a keygen in old time bruteforce and get the symkey,

i was taked some ideas for try to learn more,and used the symkey to try to generate a kg

atached the kg for post #1

kg_arma_7_beta1_post1.7z maybe can work ^^

Edited by Apuromafo
  • Like 1
mrexodia

mrexodia

Posted
Posted

about posts #1 say [unpackme]Armadillo Version 7.00, beta1 //really beta3

and have 1 key:

but in post #9 loki there are say as lv3 short v10

and maybe can be genned'?

there a friend was done a keygen in old time bruteforce and get the symkey,

i was taked some ideas for try to learn more,and used the symkey to try to generate a kg

atached the kg for post #1

kg_arma_7_beta1_post1.7z maybe can work ^^

What??? You keygenned lvl10???

But the key only seems to work for your name... mr.exodia doesn't work ;(

Greetings

Apuromafo

Apuromafo

Posted
Posted

cuac, maybe can be the HIW , but there are learning as say ^^

greetings Apuromafo

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...