[Unpackme] IntelliProtect v2.15

May 10, 2011

IntelliProtect v2.15 without trial and key. tested on all systems

IntelliProtect v2.15.rar

May 10, 2011

Dear Somata

For test unpack me file you must insert unpackme file with out license

i unpacked file.But crashed after run .i do not know why

Please insert the unpackme with out license.with license this is CrackMe not unpack Me

File is Visual Basic

Edited May 10, 2011 by BLaCkViRuS

May 10, 2011

please attach unpacked file, i tell what wrong

May 10, 2011

please attach unpacked file, i tell what wrong

please insert your unpack me file with out license

Edited May 10, 2011 by BLaCkViRuS

May 10, 2011

i will give valid key after 10 days of this unpackme. please let other people try. your application crash because you did not fix imports.

May 10, 2011

I have dumped and fixed imports but it doesn't run on my x64 win7 machine.

May 10, 2011

i check.

May 10, 2011

oooOooh no. nevermind. Imports are all 00000000. So we need valid license for this?

May 10, 2011

So we need valid license for this?

for unpacking only? no.

i dont know anything about this protector, but maybe you can use a non-vb .exe & state which protection options you used.

anyways, let`s wait for evolution`s results....

May 10, 2011

anyone having any luck??

May 11, 2011

Just we need the validkey for unpack this

without the validkey you can't fix imports.Orginal File Must be Run

May 11, 2011

Hi

Unpacked By a stupid technic!

Note:

if a license manager has very huge security..but its protection technic be poor

in my opinion its not a valuable protection.

even if we need valid license to run it...but after run we can unpack it veryyyy easy.

like this Protector.

Regards

Raham

UnPacked_By_Raham.rar

Edited May 11, 2011 by Raham

May 11, 2011

Hi

Unpacked By a stupid technic!

will not work for other compiler

Note:

if a license manager has very huge security..but its protection technic be poor

in my opinion its not a valuable protection.

even if we need valid license to run it...but after run we can unpack it veryyyy easy.

like this Protector.

Regards

Raham

Hi Dear Raham

File Unpacked Full and Worked Fine.LOL

Tnx

May 12, 2011

anyone plz write tut. raham refused for tutorial.

May 13, 2011

Maybe he traced out a serial or keygenned it allowing him to get to OEP? Either way Good job Raham!

June 26, 2011

any one can write a tut for this

July 30, 2011

any tutorial on it will be highly appreciated waiting for tutorial on this protection

July 30, 2011

i am waiting for tut

July 30, 2011

Hey Guys

you can't fix imports without valid key in Intelli Protector

if See Raham Post.you can see he said:Unpacked Intelli Protector with Stupid Method but this method is not for big programs

anyway Unpacking Intelli Protector With Valid Key is very Easy it's Like UPX (but with valid key)

maybe Can Keygen it ! but is not my Specialty.Please Reply Keygenners Friends

July 30, 2011

Serial checking is done in a server.

Send: Return Code: 0x00000000
GET /IntelliProtectorChild2/register.ashx?USec=IPL456789012345-78901234567890123456789012345678DF4E&ActNum=vYzgaqdX6QWOlYQ5HtOsl41YeeT4Jl2AqFSQbIXyZF1afnnxNiglMZk7lAxt7eA3nGTQiE3w0cGcyL5hSNVgiZiSqHVJRp3BhIWdaBjBHSHpSAAAAAAAAAAUAAAAAAAAA HTTP/1.1
User-Agent: my s
Host: license3.intelliprotector.com
Connection: Keep-Alive

Receive: Return Code: 0x00000000
HTTP/1.1 200 OK
Date: Sat, 30 Jul 2011 16:14:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 118770af612dbeb40baa28ed08563de989a7Wrong license code. Please, recheck data you entered.79d602c89c604f33afc43ad961aae960

Sends the key to one of the servers:

http://license1.intelliprotector.com
http://license2.intelliprotector.com
http://license3.intelliprotector.com

But if you enter the following key and are not connected to the internet or have blocked the app with your firewall,

then it will go to some sort of a manual file activation:

IPL456789012345-78901234567890123456789012345678DF4E

July 30, 2011

Thank You Saduff For Info

July 30, 2011

Here's my try at unpacking it, though I'm no good at unpacking.

Getting to the OEP is easy, but fixing IAT is not.

unpacked_by_Saduff.zip

July 30, 2011

yes.is good mate.but this method not work in big Targets ( and you know )

July 31, 2011

saduff now you will also refuse for tutorial or you make one for all ?

July 31, 2011

Well, if you look at my unpacked file, you'll see that many imports are unresolved and only 3 are fixed.

It works only because the other imports are not called by this app. I would also like to know how Raham fixed all the imports.

OK, getting to the OEP is very easy:

Search for this binary string (hex):

75 ?? 53 68 ?? ?? ?? ?? 53 8D 4D D4 51 53

And set a bp on the found JNZ and run.

Once it breaks, change the zero flag to take the jump.

Step over the code, until RET.

Once you step over the RET, you're at the OEP.

Now, you can't fix Imports with ImportREC automatically.

I fixed the 3 Imports manually by hand.

If you study a VB6 app EP, you'll see that the first call is to MSVBVM60.ThunRTMain, so you can fix that Import immediately.

After you try to run it with that 1 Import fixed, it will crash immediately. That's because ThunRTMain tries to call MSVBVM60.EVENT_SINK_AddRef.

Since the address of that API is unresolved, it will call 00000000, which is not accessible by Win32 apps, so the app will crash with an access violation exception.

To fix that, you have to locate the JMP NEAR [<some address>] that is called and fix that to MSVBVM60.EVENT_SINK_AddRef.

Now the app should run, but you will soon see that when you try to close it, it will crash instead of close normally.

That's because it calls another API when closing. That API is MSVBVM60.EVENT_SINK_Release. You have to fix that one too.

After you've done that, the app should work normally. For a real app, you will have to fix many more APIs for it to work properly.

I fixed these Imports by creating an IAT Tree .txt file for ImportREC. Here's the file I created:

; Syntax for each function in a thunk (the separator is a TAB)
; ------------------------------------------------------------
; Flag   RVA   ModuleName   Ordinal   Name
;
; Details for <Valid> parameter:
; ------------------------------
; Flag:  0 = valid: no  -> - Name contains the address of the redirected API (you can set
;                            it to zero if you edit it).
;                          - Ordinal is not considered but you should let '0000' as value.
;                          - ModuleName is not considered but you should let '?' as value.
;
;        1 = valid: yes -> All next parameters on the line will be considered.
;                          Function imported by ordinal must have no name (the 4th TAB must
;                                                                          be there though).
;
;        2 = Equivalent to 0 but it is for the loader.
;
;        3 = Equivalent to 1 but it is for the loader.
;
;        4 = Equivalent to 0 with (R) tag.
;
;        5 = Equivalent to 1 with (R) tag.
;
; And finally, edit this file as your own risk! :-)Target: C:\IntelliProtect v2.15\IntelliProtect v2.15.exe
OEP: 00001128	IATRVA: 00001000	IATSize: 00000070FThunk: 00001024	NbFunc: 00000001
1	00001024	msvbvm60.dll	0191	EVENT_SINK_AddRefFThunk: 0000102C	NbFunc: 00000001
1	0000102C	msvbvm60.dll	0192	EVENT_SINK_ReleaseFThunk: 0000105C	NbFunc: 00000001
1	0000105C	msvbvm60.dll	0064	ThunRTMain

Edited July 31, 2011 by Saduff

Sign In

[Unpackme] IntelliProtect v2.15

Recommended Posts

Somata

BLaCkViRuS

Somata

BLaCkViRuS

Somata

cozofdeath

EvOlUtIoN

cozofdeath

deepzero

cozofdeath

BLaCkViRuS

Raham

BLaCkViRuS

Somata

cozofdeath

Max_

_Ghost_

mdj

BLaCkViRuS

Saduff

BLaCkViRuS

Saduff

BLaCkViRuS

_Ghost_

Saduff

Create an account or sign in to comment

Create an account

Sign in

Community

Search