Jump to content
Tuts 4 You
Sign in to follow this  
Raham

[unpackme] Hefaz 1.9

Rate this topic

Recommended Posts

LCF-AT

Hi Raham,

ah ok so if you say that this unpackme postet by you is Hefaz....then I ask me why it look now no more like the older Hefaz protection.So this time it used Enigma 2.33 how I can see.Why?

Set BP here...
00C3E74A RETN 0C
------------00CD2EFC 45 4E 49 47 4D 41 02 21..| ENIGMA!ENIGMA 02 21 HEX
ENIGMA 02 33 DEC
-----------
ENIGMA 2.33

Some rebuild VM code

01939582   MOV EAX,0A1B6E8  ; ASCII "Software\Enigma Protector\%.8x%.8x-%.8x%.8x"019399AF   PUSH 0A1B714     ; ASCII "The Enigma Protector"
019399B4 PUSH 0A1B72C ; ASCII "Internal Protection Error, please contact to author!"0193FE15 MOV EDX,0A14414 ; UNICODE "Application requires password to start"0193FEB6 MOV EDX,0A14468 ; UNICODE "Enter password"

------------

greetz

  • Like 1

Share this post


Link to post
Share on other sites
Raham

Hi

@LCf

hmmm..... The hefaz 2 is dynamic....not Static like past....

but! I dont know exactly its hefaz 1.9(Static) or Hefaz 2 Pro(dynamic)

But i dont think its hefaz 2 Pro...because its under construction (as i know)....

Any way its not bad to say:

the author of hefaz from ancient! Til now....used other comercial protector to support him self!

in the past he used: Themida....VMProtect...Private Exe Protector...Asprotect.... And....so now he used enigma:D

But anyway its better to author(Gladiyator tel that!)

I didnt analised this file to discover its hefaz 1.9 or 2....

any way the important point for me is he crypted the target exe and tel its unUnpackable!

Regards

Share this post


Link to post
Share on other sites
Teddy Rogers

Rahem, please attach crackme's to the topic so the content is retained on the board for future download. Thanks...

Ted.

Share this post


Link to post
Share on other sites
Apuromafo

@Raham

some friends was do a tutorial for 1.9 and script in spanish, if you wana check :


/>http://ricardonarvaja.info/WEB/CONCURSOS%202011/CONCURSO%203/Solu_Concu%2303-11_UnPacking_Hefaz%201.9.0+%5bScriptS%5d_By_InDuLgEo.rar


/>http://ricardonarvaja.info/WEB/CONCURSOS%202011/CONCURSO%203/Concurso%203%20del%202011%20Hefaz%201.9%20por%20GUAN%20.rar

greetings Apuromafo

  • Like 1

Share this post


Link to post
Share on other sites
CodeExplorer
First you have a rest because coding Code Redirection fooled you!

I don't know about what you are talking;

The unpackme made by Jerry works 100 % ok.

Congratulation Jerry, you unpacked Enigma :blink:

Share this post


Link to post
Share on other sites
JeRRy

Sorry all .

The "unpacked" file in previous page is just a joke ! . I wanted to make a some fun . Sorry :sweat:

Edited by JeRRy (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites
CodeExplorer

You got me on this one :D

I was pwned.

Share this post


Link to post
Share on other sites
.Dr.mehdi.swensen.

@Gladiator

Truth is bitter .We should accept.

Share this post


Link to post
Share on other sites
CodeExplorer

To "Gladiyator=>Nima NT" the author of hefaz protector

I think that all very known protection sucks!

why? : they are a lot of unpackers/scripts around here

If you want a protection do it by yoursef: custom protection!

Share this post


Link to post
Share on other sites
Gladiator

it's custom !

Hefaz has 100% security when you have not usb dongle like sentinel , may be after receiving dongle we can speak about it's other level security.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...