bigboss-62 Posted June 9, 2010 Posted June 9, 2010 (edited) Hello friends,i'm proud to bring you my decryptor for NFO v1.0 from bart^CrackPl 2ooo.Why do i say "possible bug correct" ?- There is a little bug in NFO resource encryption/decryption method used by Bart.- NFO program skips encryption/decryption if first byte of resource contents is value 028h. But this is a bad method, because the first unencrypted byte of resource contents can have a value different than 028h, but once encrypted, this value may become the value 028h.-So, resource part having the first encrypted byte with value 028h will not be decrypted.- This case have been tested with original crypter and with unNFO (decrypter from Dulek).- My own unpacker checks for such "possible" case and ask the user if he want to force or not the decryption of this resource part.A sample of crypted program with this problem has been included with the decrypter (check the serial editor part and you will see the result with force decryption).Unpacker source in masm and packer source are included for interested ones...(Note: I have also included decrypter from Dulek.)Any comments, opinions on source code, bug reports or others are welcome...See you soon ...Laurent aka BIGBOSS from COPs...NFO_v1.0.zipCPS!UnNFO_v1.0.zipunNFO-Dulek.zip Edited June 10, 2010 by bigboss-62
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now