[unpackme] Hefaz 2

[Jupiter2000]

Hi

A unpackme high and strong for you is crackers

Files protected by Hefaz Protector

Type protection =

anti dump

anti olly

dongle lock

Anti Debug

Code Encryption / Decryption & Code Obfuscation

:woot:

O Security = 7 / 10

http://www.4shared.com/file/3Xuwmfmm/UnpackMe.html

What do you see this file

UnpackMe.zip

Edited January 17, 2011 by Teddy Rogers
Attached crackme to the board...

[LCF-AT]

Hi,

ok I have patched the file fast. Just run and enter something.

PS: I re-protected the file again to keep my patch hidden so far.

greetz

CrackMe_Patched_LCF-AT.rar

Edited January 16, 2011 by LCF-AT

[grizzmo]

Hi,

ok I have patched the file fast. Just run and enter something.

PS: I re-protected the file again to keep my patch hidden so far.

greetz

Sorry to intrude, but your patched file gives an exception with errorcode 00000013 on win7 32bit.

[LCF-AT]

@ grizzmo

Hhmmm,what about the original file?Did you download it too and test it on your win7 and if yes does this run without any problems?Try to run it again so I see also the original file does not run always correctly sometimes.Seems to be a unstable version.

@ Jupiter2000

Are you sure that this is a hefaz 2 version unpackme?Your's is named with 1.9 how you can see on my picture.Also you should better attach the unpackme on this board and not on a extern file host.

greetz

[Syntax]

Patched file working fine here in XP SP3.

[HyperChem]

The exe file is a loader for the real executable, which is data.dat.

A debugging cycle was built in loader, which was used for processing exceptions in child process.

and the exceptions looked like nanomites in Armadillo.

[r0ket]

Patched works with w2k3 x64

[Gladiator]

dongle lock

there is no dongle checking , if dongle enabled the cracking goes impossible

[grizzmo]

@ grizzmo

Hhmmm,what about the original file?Did you download it too and test it on your win7 and if yes does this run without any problems?Try to run it again so I see also the original file does not run always correctly sometimes.Seems to be a unstable version.

greetz

Hi LCF-AT,

You are right, I am sorry. This crackme indeed doen't run on win7 32 bit!!

Also noticed when running the crackme and the patched crackme in compatibility mode (winxpsp3) they all run fine!

So, you cracked this one!

I thought this was one of the newer protectors, so I assumed this would run automatically on win 7. Guess I better not assume too much.

Seems like the uploader didn't test this properly, before uploading this, or wasn't able to include a proper readme.

grizzmo

[Gladiator]

@Jupiter2000 :

This Unpack-me that you have posted it was not version 2 , it is version 1.9.0

please be careful.

thanks.

[LCF-AT]

Hi,

Thanks for your test so far.

@ grizzmo

Ah no problem.

"So, you cracked this one!" <-- Yes

Ok now I have it unpacked so far.Not fixed all Nanos at the moment but the most of them with a script.So I hope that it also runs for you now.If not then I need to fix the other nanos too later.Just test and tell.

greetz

CrackMe_Unpacked_LCF-AT.rar

[blackpirate]

@LCF

both files work fine here on my 7 x86!

patched and unpacked!

even if i dont enter any name or serial, and just clik OK , tells that serial number its good!

[LCF-AT]

Ah ok blackpirate & thanks for testing.

Ok here now my complete Nano Fixed Unpacked file.

---------------------------------

Difficulty Level: 3 of 10

---------------------------------

greetz

CrackMe_FULL_NanoFix_Unpacked_LCF-AT.rar

[Raham]

Hi any buddy.

@jupiter

security 7 / 10? Whats??? Nice joke!

LoL......

i wrote a tools(Raham Storm).... Which can fix any type of nanomites! Yes! Any! Its compeletly universal nanomites fixer.... Not just like armadillo... Jmp.... Even...push.pop.call.add.ret.mov and....

and this unpackme that dear lcf ranked as 3 of 10 i dont rank higher than 2.... Its really quite easy....

my tool is algorithm independent! So its work on hefaz,sepanta!!!,strong bytes..., and most other nanomites.

Im still work on it to makeit full auto. Because its semi auto now.

Regards

Edited January 17, 2011 by Raham

[EvOlUtIoN]

Good job!

I know what to do to solve it, but unfortunately i'm not good in writing scripts, and fix all nanos manually requests some time...so i will not procedd since it is fully defeated

[Gladiator]

Hi any buddy.

@jupiter

security 7 / 10? Whats??? Nice joke!

LoL......

i wrote a tools(Raham Storm).... Which can fix any type of nanomites! Yes! Any! Its compeletly universal nanomites fixer.... Not just like armadillo... Jmp.... Even...push.pop.call.add.ret.mov and....

and this unpackme that dear lcf ranked as 3 of 10 i dont rank higher than 2.... Its really quite easy....

my tool is algorithm independent! So its work on hefaz,sepanta!!!,strong bytes..., and most other nanomites.

Im still work on it to makeit full auto. Because its semi auto now.

Regards

We will wait for your storm , have funny time !

Edited January 18, 2011 by Gladiator

[LCF-AT]

Yes the unpackme is not so hard but nice.

Ah no problem Evo so I know that this is also no problem for you to unpack.Sure it pretty hard to fix all nanos manually so its better to create a small helper like a script or tool.

Hey Raham,are you sure that your tool can handle all Nanos of xy protector?If yes then I am curious on it.

Ok so now I have written a fast unpack & nano fix script for this unpackme which you can use now.Just run,wait a bit and follow my message at the end.Just dump it right - no iat fixing!

PS: Script will maybe not work with win7 [+Enabled ASLR Feature!].Just a info for you if your loaded app in Olly has a dynamic ImageBase.

greetz

CrackMe Hefaz 1.9 UnpackMe - Fast Unpack Script by LCF-AT.rar

[Gladiator]

Good job LCF-AT

Very nice work , thank you so much to share script

[icezy170]

i can't download this file.

[FuJ!N]

dear Gladiator is it full protection with hefaz 2 or some protection is not enable?

[Gladiator]

dear Gladiator is it full protection with hefaz 2 or some protection is not enable?

No there is just some protection enabled like nanomits , all anti dumps , anti debugs , code obfuscation and .... disabled.

[FuJ!N]

@Gladiator

Please upload a perfect protection sample

[Gladiator]

@Gladiator

Please upload a perfect protection sample

as soon

[Raham]

Hi.

im here with my storm;)

With this tut you will learn how unpack hefaz.... Actually fix nanomites by Raham Storm.

HEFAZ protector security:1.5 / 10

www.4shared.com/file/AMKJ6aPh/Fix_Nano_By_Raham_Storm.html

Regards.

[LCF-AT]

@ Raham

Hhmmm,looks good so far.

I have seen your Hefaz movie and I have 3 questions.

1. Why do you need to break on the Set..API with a manually F9 / F12 loop?

2. Does your tool not fix the Nanos in realtime and automatic in memory?

3. I see you need to execute all the code manually.Press buttons to execute the code and then nanos will record by your tool.So this method is not so good so you cant fix all Nanos on this way.If you now enter a valid key.... ...then it will crash so this code you have not executed you know.

4. Tell me if I have seen something wrong etc you know.

Anyway,so for the moment your beta tool looks very interesting for me!Would like to test it too.

Test also this version with your tool.
/>http://forum.tuts4you.com/index.php?showtopic=23816&view=findpost&p=113437
/>http://forum.tuts4you.com/index.php?app=core&module=attach&section=attach&attach_id=6236

greetz