Jump to content
Tuts 4 You

[unpackme] Hefaz 2


Jupiter2000

Recommended Posts

Hi

A unpackme high and strong for you is crackers

Files protected by Hefaz Protector

Type protection =

anti dump

anti olly

dongle lock

Anti Debug

Code Encryption / Decryption & Code Obfuscation

:woot: :woot: :thumbsup:

O Security = 7 / 10

http://www.4shared.com/file/3Xuwmfmm/UnpackMe.html

What do you see this file

UnpackMe.zip

Edited by Teddy Rogers
Attached crackme to the board...
Link to comment

Hi,

ok I have patched the file fast. :) Just run and enter something.

PS: I re-protected the file again to keep my patch hidden so far.

greetz

Sorry to intrude, but your patched file gives an exception with errorcode 00000013 on win7 32bit.

Link to comment

@ grizzmo

Hhmmm,what about the original file?Did you download it too and test it on your win7 and if yes does this run without any problems?Try to run it again so I see also the original file does not run always correctly sometimes.Seems to be a unstable version.

@ Jupiter2000

Are you sure that this is a hefaz 2 version unpackme?Your's is named with 1.9 how you can see on my picture.Also you should better attach the unpackme on this board and not on a extern file host.

greetz

Link to comment

The exe file is a loader for the real executable, which is data.dat.

A debugging cycle was built in loader, which was used for processing exceptions in child process.

and the exceptions looked like nanomites in Armadillo.

Link to comment

:confused:

@ grizzmo

Hhmmm,what about the original file?Did you download it too and test it on your win7 and if yes does this run without any problems?Try to run it again so I see also the original file does not run always correctly sometimes.Seems to be a unstable version.

greetz

Hi LCF-AT,

You are right, I am sorry. This crackme indeed doen't run on win7 32 bit!!

Also noticed when running the crackme and the patched crackme in compatibility mode (winxpsp3) they all run fine!

So, you cracked this one!

I thought this was one of the newer protectors, so I assumed this would run automatically on win 7. Guess I better not assume too much. :confused:

Seems like the uploader didn't test this properly, before uploading this, or wasn't able to include a proper readme.

grizzmo

Link to comment

Hi,

Thanks for your test so far.

@ grizzmo

Ah no problem.

"So, you cracked this one!" <-- Yes :)

Ok now I have it unpacked so far.Not fixed all Nanos at the moment but the most of them with a script.So I hope that it also runs for you now.If not then I need to fix the other nanos too later.Just test and tell.

greetz

CrackMe_Unpacked_LCF-AT.rar

Link to comment

@LCF

both files work fine here on my 7 x86!

patched and unpacked! ;)

even if i dont enter any name or serial, and just clik OK , tells that serial number its good! ;)

Link to comment

Hi any buddy.

@jupiter

security 7 / 10? Whats??? Nice joke!

LoL......

i wrote a tools(Raham Storm).... Which can fix any type of nanomites! Yes! Any! Its compeletly universal nanomites fixer.... Not just like armadillo... Jmp.... Even...push.pop.call.add.ret.mov and....

and this unpackme that dear lcf ranked as 3 of 10 i dont rank higher than 2.... Its really quite easy....

my tool is algorithm independent! So its work on hefaz,sepanta!!!,strong bytes..., and most other nanomites.

Im still work on it to makeit full auto. Because its semi auto now.

Regards

Edited by Raham
Link to comment

Good job!

I know what to do to solve it, but unfortunately i'm not good in writing scripts, and fix all nanos manually requests some time...so i will not procedd since it is fully defeated :)

Link to comment

Hi any buddy.

@jupiter

security 7 / 10? Whats??? Nice joke!

LoL......

i wrote a tools(Raham Storm).... Which can fix any type of nanomites! Yes! Any! Its compeletly universal nanomites fixer.... Not just like armadillo... Jmp.... Even...push.pop.call.add.ret.mov and....

and this unpackme that dear lcf ranked as 3 of 10 i dont rank higher than 2.... Its really quite easy....

my tool is algorithm independent! So its work on hefaz,sepanta!!!,strong bytes..., and most other nanomites.

Im still work on it to makeit full auto. Because its semi auto now.

Regards

We will wait for your storm , have funny time ! ;)

Edited by Gladiator
Link to comment

Yes the unpackme is not so hard but nice. :)

Ah no problem Evo so I know that this is also no problem for you to unpack.Sure it pretty hard to fix all nanos manually so its better to create a small helper like a script or tool.

Hey Raham,are you sure that your tool can handle all Nanos of xy protector?If yes then I am curious on it. :)

Ok so now I have written a fast unpack & nano fix script for this unpackme which you can use now.Just run,wait a bit and follow my message at the end.Just dump it right - no iat fixing!

PS: Script will maybe not work with win7 [+Enabled ASLR Feature!].Just a info for you if your loaded app in Olly has a dynamic ImageBase.

greetz

CrackMe Hefaz 1.9 UnpackMe - Fast Unpack Script by LCF-AT.rar

  • Like 2
Link to comment

dear Gladiator is it full protection with hefaz 2 or some protection is not enable?

No there is just some protection enabled like nanomits , all anti dumps , anti debugs , code obfuscation and .... disabled.

Link to comment

Hi.

im here with my storm;)

With this tut you will learn how unpack hefaz.... Actually fix nanomites by Raham Storm.

HEFAZ protector security:1.5 / 10

www.4shared.com/file/AMKJ6aPh/Fix_Nano_By_Raham_Storm.html

Regards.

  • Like 1
Link to comment

@ Raham

Hhmmm,looks good so far. :)

I have seen your Hefaz movie and I have 3 questions.

1. Why do you need to break on the Set..API with a manually F9 / F12 loop?

2. Does your tool not fix the Nanos in realtime and automatic in memory?

3. I see you need to execute all the code manually.Press buttons to execute the code and then nanos will record by your tool.So this method is not so good so you cant fix all Nanos on this way.If you now enter a valid key.... :) ...then it will crash so this code you have not executed you know.

4. Tell me if I have seen something wrong etc you know.

Anyway,so for the moment your beta tool looks very interesting for me!Would like to test it too.

Test also this version with your tool.
/>http://forum.tuts4you.com/index.php?showtopic=23816&view=findpost&p=113437
/>http://forum.tuts4you.com/index.php?app=core&module=attach&section=attach&attach_id=6236

greetz

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...