[ Unpack Me ] Obsidium 1.4

[BLaCkViRuS]

Hi To All Friends

This is new Obsidium version.if friends can unpack it,please make tutorial

Regards

BLaCkViRuS

Unpack Me Obsidium 1.4.rar

Edited May 3, 2011 by Mr.BLaCkViRuS

[EvOlUtIoN]

interesting! i like obsidium usually

EDIT Why it does not show any window? just closes itself?

Edited May 3, 2011 by EvOlUtIoN

[BLaCkViRuS]

Hi Dear EvOlUtIoN

File run fine with out any problem for me.just after run show demo message of obsidium and after confirmation message .Program is shown

File will not run for you?

Does anyone have this problem ?

Edited May 3, 2011 by Mr.BLaCkViRuS

[Pushad]

i got message "This Application is protected ....." and nothing happening more

[BoRoV]

only shows a message that is protected by the demo version and nothing else.

[EvOlUtIoN]

same here...

I unpacked application successfully, it is a plain vb appòlication with no import protection. One form, but never loads due to an unhandled exception.

[BLaCkViRuS]

same here...

I unpacked application successfully, it is a plain vb appòlication with no import protection. One form, but never loads due to an unhandled exception.

mMm Very Nice Dear EvOlUtIoN.Do You can Make tutorial for this?

i make new unpack me

[BLaCkViRuS]

Dear EvOlUtIoN

New Unpack Mes Attached.Please Test New Files.Two file ( VB & VC++ )

Have a Nice Day Friends

VB & VC++.rar

Edited May 3, 2011 by Mr.BLaCkViRuS

[EvOlUtIoN]

vb one still not working, and please compile the vc++ application with a release configuration and not debug one, or debug dll cannot be found.

EDIT both crackmes are not working here, even with all dll's.

Edited May 3, 2011 by EvOlUtIoN

[BLaCkViRuS]

Please make the unpack me yourself

This is Obsidium 1.4

/>http://www.load.to/palducWEb2/ObsidiumSetup.exe

Or
/>http://www.softpedia.com/dyn-postdownload.php?p=1908&t=4&i=1

Thank You EvOlUtIoN

[LCF-AT]

Hi,

1. All unpackmes does not start,just get DEMO nag and then exit.

2. Bypassed Demo NAG + get codesection code.

3. Unpacked one file [smart way]

Unpack Level: 2 | 10

No special protections used!Just IAT RD.

Here my unpacked file.Just test it.

PS: Next time protect the files not with DEMO mode so that the files also run normaly without to patch the code to get it run.

greetz

Unpack Me Obsidium 1.4 ( VB )-OK_Unpacked.rar

[Sh4DoVV]

Thanks dear LCF-AT

may you create a tutorial or script ?

Go0d luck

[BLaCkViRuS]

Hi,

1. All unpackmes does not start,just get DEMO nag and then exit.

2. Bypassed Demo NAG + get codesection code.

3. Unpacked one file [smart way]

Unpack Level: 2 | 10

No special protections used!Just IAT RD.

Here my unpacked file.Just test it.

PS: Next time protect the files not with DEMO mode so that the files also run normaly without to patch the code to get it run.

greetz

Thank You Dear LCF-AT

Please make tutorial for this

[EvOlUtIoN]

my interest in unpacking a demo version of protector is very very low.

[BLaCkViRuS]

my interest in unpacking a demo version of protector is very very low.

Hi Dear EvOlUtIoN

just make unpack me with protector and test in your system maybe the problem is in the your system

how ever thank you very much

Edited May 11, 2011 by BLaCkViRuS

[LCF-AT]

Your DEMO files are not run normaly on other systems.In this case you have to catch the place where the code will overwritten again.Also your files will never reach the OEP.You have to fix the IAT RD normaly and after this you can dump & fix from the OBS section.Just rebuild OEP and then you have your unpacked DEMO files.

I will note your wish for a OBS tut.

greetz

[EvOlUtIoN]

prolly demo protected programs won't run on a different machine than the one on where they are protected. Anyway the limitation can be simply removed since there is a simple patch to do in order to avoid to overwrite some garbage code on the application.

[Apuromafo]

Your DEMO files are not run normaly on other systems.In this case you have to catch the place where the code will overwritten again.Also your files will never reach the OEP.You have to fix the IAT RD normaly and after this you can dump & fix from the OBS section.Just rebuild OEP and then you have your unpacked DEMO files.

I will note your wish for a OBS tut.

greetz

i was see now in other forum in unpack.cn saying that unpack armadillo is easy , and shared there a loader (that maybe ziggy was done),and other ENIGMA app packed (your speciality lCF)

not know how learn this friend, but if LCF share the theme, maybe is a little update from old script in a new theme please, because not wana lost good write text.

greetings Apuromafo

idea:SND 2.0 shared by LCF can be used to debug, normally obsidium have a key by a file and rsa bassed, not sure if author can check the tutorials, but in old times, when was released a tutorial as how unpack, in the other day the author add more protection and loop and more..

LCF ask, wy not putted there way the oep?

00401122  -FF25 5C104000    JMP DWORD PTR DS:[<&msvbvm60.ThunRTMain>>; msvbvm60.ThunRTMain
00401128   68 18904100      PUSH 00419018
0040112D   E8 F0FFFFFF      CALL 00401122 // <JMP.&msvbvm60.ThunRTMain>

greetings Apuromafo

pd:in vc++ checking beside

00401B5F   FF15 B4754100    CALL DWORD PTR DS:[4175B4]

Edited May 6, 2011 by Apuromafo

[LCF-AT]

@ Apuromafo

So just tell me what you want to know then I will see what I can do.Do you have a problem with any ENIGMA or OBS target | UnpackMe [OBS & ENIGMA are one of my favorites]?So I got already written some scripts in the past also for this two protections which I have not released till now.

So its not so important where you put the OEP bytes in the code so long its working.

greetz

[Apuromafo]

@ok ^^ but are stetic for decompiling

pd:

the other maybe if some day have time was to check where have troubles in recovering the code

pd:the app normally are from snd board, wait some time to check by my self , if not can, some day check if are possible

the unique there the script dones not worked was some app that have to vmprotector, because not was studed, but when have time will check

in spoiler because not wana desviate more the thread of Mr.BLaCkViRuS

greetings

see ya Apuromafo

[LCF-AT]

Hi,

ok for all they want to unpack the file "Unpack Me Obsidium 1.4 ( VB )-OK.exe" can use this small script by me now.It patched also the after DEMO DWORD check.

pause
pause
; Fast Unpack script for "Unpack Me Obsidium 1.4 ( VB )-OK.exe" only!
; Disable Phant0m's DRx!
; Press OK on the DEMO NAG!
; --------------------------
; LCF-AT
////////////////////
bphwc
bpmc
bc
pusha
exec
MOV EAX,DWORD PTR FS:[18]
MOV EAX,DWORD PTR DS:[EAX+30]
MOV EAX,DWORD PTR DS:[EAX+8]
ende
mov $RESULT, eax
popa
mov IMAGEBASE, $RESULT
////////////////////
CHECK:
cmp eip, IMAGEBASE+50000
je START
bp IMAGEBASE+50000
esto
bc
jmp CHECK
////////////////////
START:
gpa "VirtualAlloc", "kernel32.dll"
find $RESULT, #C21000#
mov VA, $RESULT
////////////////////
TEST:
bp VA
esto
sto
esto
mov TEST, eax
////////////////////
LOOP:
find TEST, #66A92000EB0?#
cmp $RESULT, 00
jne FOUND
esto
jmp LOOP
////////////////////
FOUND:
bc
mov SEC, TEST
mov TEST, $RESULT
bp TEST
esto
bc
add eip, 04
mov [eip], #EB09# 
sub eip, 04
bp IMAGEBASE+060EA6
run
bc
mov [IMAGEBASE+060A74],E990, 02
bp IMAGEBASE+112D
esto
bc
mov push, [esp]
sub eip, 05
mov [eip], 68, 01
mov [eip+1], push
add esp, 04
ret

greetz

[BLaCkViRuS]

Thank You Dear LCF-AT

[Larkaros]

Won't show a window for me

[LCF-AT]

@ Larkaros

What about the DEMO NAG?

There are 3 files on this topic.The only file which is full working is the "Unpack Me Obsidium 1.4 ( VB )-OK.exe" [+ my script to bypass the DEMO NAG] the other 2 files are broken so they will not work correctly also if you bypass the DEMO NAG.

greetz