Hi Raham,

ah ok so if you say that this unpackme postet by you is Hefaz....then I ask me why it look now no more like the older Hefaz protection.So this time it used Enigma 2.33 how I can see.Why?

Set BP here...
00C3E74A  RETN 0C
------------00CD2EFC  45 4E 49 47 4D 41 02 21..|  ENIGMA!ENIGMA 02 21 HEX
ENIGMA 02 33 DEC
-----------
ENIGMA 2.33

Some rebuild VM code

01939582   MOV EAX,0A1B6E8  ; ASCII "Software\Enigma Protector\%.8x%.8x-%.8x%.8x"019399AF   PUSH 0A1B714     ; ASCII "The Enigma Protector"
019399B4   PUSH 0A1B72C     ; ASCII "Internal Protection Error, please contact to author!"0193FE15   MOV EDX,0A14414  ; UNICODE "Application requires password to start"0193FEB6   MOV EDX,0A14468  ; UNICODE "Enter password"

------------

greetz

Hi

@LCf

hmmm..... The hefaz 2 is dynamic....not Static like past....

but! I dont know exactly its hefaz 1.9(Static) or Hefaz 2 Pro(dynamic)

But i dont think its hefaz 2 Pro...because its under construction (as i know)....

Any way its not bad to say:

the author of hefaz from ancient! Til now....used other comercial protector to support him self!

in the past he used: Themida....VMProtect...Private Exe Protector...Asprotect.... And....so now he used enigma:D

But anyway its better to author(Gladiyator tel that!)

I didnt analised this file to discover its hefaz 1.9 or 2....

any way the important point for me is he crypted the target exe and tel its unUnpackable!

Regards

Rahem, please attach crackme's to the topic so the content is retained on the board for future download. Thanks...

Ted.

@Raham

some friends was do a tutorial for 1.9 and script in spanish, if you wana check :

/>http://ricardonarvaja.info/WEB/CONCURSOS%202011/CONCURSO%203/Solu_Concu%2303-11_UnPacking_Hefaz%201.9.0+%5bScriptS%5d_By_InDuLgEo.rar

/>http://ricardonarvaja.info/WEB/CONCURSOS%202011/CONCURSO%203/Concurso%203%20del%202011%20Hefaz%201.9%20por%20GUAN%20.rar

greetings Apuromafo

hi

@apuromafo

Nice job.

Thanks.

REGARDS

Hefaz19.rar

Edited April 7, 201114 yr by Raham

First you have a rest because coding Code Redirection fooled you!

I don't know about what you are talking;

The unpackme made by Jerry works 100 % ok.

Congratulation Jerry, you unpacked Enigma

Sorry all .

The "unpacked" file in previous page is just a joke ! . I wanted to make a some fun . Sorry

Edited April 25, 201114 yr by JeRRy

You got me on this one

I was pwned.

@Gladiator

Truth is bitter .We should accept.

To "Gladiyator=>Nima NT" the author of hefaz protector

I think that all very known protection sucks!

why? : they are a lot of unpackers/scripts around here

If you want a protection do it by yoursef: custom protection!

it's custom !

Hefaz has 100% security when you have not usb dongle like sentinel , may be after receiving dongle we can speak about it's other level security.

goood