Gladiator Posted August 22, 2010 Posted August 22, 2010 (edited) Hello all masters.Here we have an unpackme file that was protected with Hefaz Protector 1.8.0 ( Hefaz is a persian Protector ) , I have enabled all standard option to protect test file with std option ( no more difficulty ), please try to unpack it.Thanks.Best Regards.Note:The main application was protected with VMProtect. Edited October 5, 2010 by Gladiator
ghandi Posted August 22, 2010 Posted August 22, 2010 Note:The main application was protected with VMProtect.Well, if you're using VMProtect then its not exactly a test of the other 'protector' now is it?HR,Ghandi 1
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 Note:The main application was protected with VMProtect. Well, if you're using VMProtect then its not exactly a test of the other 'protector' now is it? HR, Ghandi No there is no test of VMProtector , one of the hefaz exploits is trace of x86 code to find something be useful to unpack , here used code mutation to block it. you would test other way to unpack it.there is no difficulty about VMProtector . Thanks. Best Regards.
Raham Posted August 22, 2010 Posted August 22, 2010 (edited) Forum Role: a CrackMe MUST be compiled of your OWN code. If it is a commercial target or of someone else's work you WILL be banned for crack requesting.this also covered about UnPackMe.you want to Publish Hefaz as Comercial Protector , but:You used VMProtect its mean you cant protect yourself from Reverse engineering you used others protector to make it difficult to analyse your protector.so when you dont trust yourself about protect you protector, how you can speak about protecting others target for e.g UnPackMe.-----------------------------------------------------------------------------one of the hefaz exploits is trace of x86 code to find something be useful to unpack here used code mutation to block it>>there is no difficulty about VMProtector***************************************************************************you told VMProtect implemented to block one of HeFaz Vulnerability, but there is no difficulty about Using VMprotect. so why you used it?Regards Edited August 22, 2010 by Raham
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 (edited) Forum Role: a CrackMe MUST be compiled of your OWN code. If it is a commercial target or of someone else's work you WILL be banned for crack requesting.this also covered about UnPackMe.you want to Publish Hefaz as Comercial Protector , but:You used VMProtect its mean you cant protect yourself from Reverse engineering you used others protector to make it difficult to analyse your protector.so when you dont trust yourself about protect you protector, how you can speak about protecting others target for e.g UnPackMe.-----------------------------------------------------------------------------one of the hefaz exploits is trace of x86 code to find something be useful to unpack here used code mutation to block it>>there is no difficulty about VMProtector***************************************************************************Regardsabout your note accross roles i can't accept you , becuase in this thread we have so many topics that was unpackme ( Protected with Enigma , WL , TM or ... ) but if you say all the unpackmes should be protect with own shell engine please first delete all this topics !and about trust and ... for Hefaz protector , i sad VMProtector have nothing to fear about it's difficulty and i used it to block code trace and newbie crackers , i think you are professional so try to remove VMProtect ( it's easy to you ) and unpack second shell.you told VMProtect implemented to block one of HeFaz Vulnerability, but there is no difficulty about Using VMprotect. so why you used it?There is so many troubles for Newbi Crackers and no difficulty for professionals like you , so don't worry about it , here we have some thing to learn , please stop your Obsession and share you'r information.I think Treat about roles and VMProtector used is so Futile , please stop off topics ( Raham ) and try to fix unpackme.I hope all the masters excuse me and help to unpack this stuff.Thanks.Best Regards. Edited August 22, 2010 by Gladiator
ghandi Posted August 22, 2010 Posted August 22, 2010 There is so many troubles for Newbi Crackers and no difficulty for professionals like you , so don't worry about it , here we have some thing to learn , please stop your Obsession and share you'r information.I think Treat about roles and VMProtector used is so Futile , please stop off topics ( Raham ) and try to fix unpackme.I hope all the masters excuse me and help to unpack this stuff.One major difference with the unpackme's posted that are using commercial protectors... They have it in the title of the unpackme and it is a major part of the unpackme. You're trying to tell me you're blocking a vulnerability in 'your' protector code with a commercial protector like VMProtect (which is just cake to reverse now, isn't it...) plus you have the audacity to try to gloss over it with a greyed out line of text (in your first post) or brushing it aside as if it is a simple wrapper...HR,Ghandi
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 (edited) One major difference with the unpackme's posted that are using commercial protectors... They have it in the title of the unpackme and it is a major part of the unpackme. You're trying to tell me you're blocking a vulnerability in 'your' protector code with a commercial protector like VMProtect (which is just cake to reverse now, isn't it...) plus you have the audacity to try to gloss over it with a greyed out line of text (in your first post) or brushing it aside as if it is a simple wrapper... HR, Ghandi I am sorry about it , i had to say it first that i used commerical protector for more security but i have not any Purpose for cheating. VMProtect minimum SDK used to just block newbi level crackers for cover this exploit , in the next version this vulnerability will be fixed. Thanks for time you spend. Best Regards. Edited August 22, 2010 by Gladiator
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 and finally , please unpack it .Thanks.
Raham Posted August 22, 2010 Posted August 22, 2010 (edited) Hias same as Ghandi noted, the Engima/Vm/Tm/WL unPackMe on this forum is entitled with their name!for example a few topic below you can see Engima UnPackMe 2.05 by LCF-At:it called Enigma UnPackMe and its just ENIGMA, she/he didnt protect ENigma Protected file with VMProtect for covering Enigma dark points!------------------About fixing your vulnerability, as i can remember hefaz 1.0 til 1.8 had been protected with VMProtect >> you didnt covered you Vuln.Actually im not pro as you know. and this is not OffTopic as i & others know.if you want, ok i will not post any thing.Note: your UnPackme dont work on my PC.Good Luck Edited August 22, 2010 by Raham
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 (edited) Hias same as Ghandi noted, the Engima/Vm/Tm/WL unPackMe on this forum is entitled with their name!for example a few topic below you can see Engima UnPackMe 2.05 by LCF-At:it called Enigma UnPackMe and its just ENIGMA, she/he didnt protect ENigma Protected file with VMProtect for covering Enigma dark points!This unpackme is not a challenge , this is just a test so i covered my vulnerability with VMP to test it now not a mouth later.About fixing your vulnerability, as i can remember hefaz 1.0 til 1.8 had been protected with VMProtect >> you didnt covered you Vuln.It's not true , how you say this , did you buy it ?????? Edited August 22, 2010 by Gladiator
LCF-AT Posted August 22, 2010 Posted August 22, 2010 Hi,here my unpacked file.Test it.The protector need a lot time to start!The protector has a very bad realtime access!VERY SLOW! <-- VERY BAD!greetzUnpackMe_Hefaz_1.8.0_Unpacked.rar
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 Thanks Dear LCF-AT but your unpacked file did not work and did not unpacked completely.
LCF-AT Posted August 22, 2010 Posted August 22, 2010 Hi, I have not fixed all int3 commands.Just so many til it starts and works correctly on my system.Maybe I fix the rest later then it should also work for you. Anyway,all in all its a bad protection and the author does not win a flowerpot for this! greetz
Gladiator Posted August 22, 2010 Author Posted August 22, 2010 I have not fixed all int3 commands.Just so many til it starts and works correctly on my systemThanks again Dear LCF-AT but Without fixing int3 sections unpacked file make crash on all the systems.hefaz is growing and i promise i will fix problems like speed and eth.Thanks for spending your time on my unpackme , i will wait for full unpacked application.
hepL3r Posted August 23, 2010 Posted August 23, 2010 Eset detects it as a virus , you should fix this problem first
Gladiator Posted August 23, 2010 Author Posted August 23, 2010 Eset detects it as a virus , you should fix this problem first In the new version of Eset this problem has fixed , just old version also detect it as riskware. you can get newer version from Eset website , update don't effects.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now