NFO decryptor (possible bug correct version).

Hello friends,

i'm proud to bring you my decryptor for NFO v1.0 from bart^CrackPl 2ooo.

Why do i say "possible bug correct" ?

- There is a little bug in NFO resource encryption/decryption method used by Bart.

- NFO program skips encryption/decryption if first byte of resource contents is value 028h. But this is a bad method, because the first unencrypted byte of resource contents can have a value different than 028h, but once encrypted, this value may become the value 028h.-

So, resource part having the first encrypted byte with value 028h will not be decrypted.

- This case have been tested with original crypter and with unNFO (decrypter from Dulek).

- My own unpacker checks for such "possible" case and ask the user if he want to force or not the decryption of this resource part.

A sample of crypted program with this problem has been included with the decrypter (check the serial editor part and you will see the result with force decryption).

Unpacker source in masm and packer source are included for interested ones...

(Note: I have also included decrypter from Dulek.)

Any comments, opinions on source code, bug reports or others are welcome...

See you soon ...

Laurent aka BIGBOSS from COPs...

NFO_v1.0.zip

CPS!UnNFO_v1.0.zip

unNFO-Dulek.zip

Edited June 10, 201015 yr by bigboss-62