Posted May 10, 201114 yr IntelliProtect v2.15 without trial and key. tested on all systemsIntelliProtect v2.15.rar
May 10, 201114 yr Dear Somata For test unpack me file you must insert unpackme file with out license i unpacked file.But crashed after run .i do not know why Please insert the unpackme with out license.with license this is CrackMe not unpack Me File is Visual Basic Edited May 10, 201114 yr by BLaCkViRuS
May 10, 201114 yr please attach unpacked file, i tell what wrongplease insert your unpack me file with out license Edited May 10, 201114 yr by BLaCkViRuS
May 10, 201114 yr Author i will give valid key after 10 days of this unpackme. please let other people try. your application crash because you did not fix imports.
May 10, 201114 yr oooOooh no. nevermind. Imports are all 00000000. So we need valid license for this?
May 10, 201114 yr So we need valid license for this? for unpacking only? no. i dont know anything about this protector, but maybe you can use a non-vb .exe & state which protection options you used. anyways, let`s wait for evolution`s results....
May 11, 201114 yr Just we need the validkey for unpack this without the validkey you can't fix imports.Orginal File Must be Run
May 11, 201114 yr HiUnpacked By a stupid technic!Note:if a license manager has very huge security..but its protection technic be poorin my opinion its not a valuable protection.even if we need valid license to run it...but after run we can unpack it veryyyy easy.like this Protector.RegardsRahamUnPacked_By_Raham.rar Edited May 11, 201114 yr by Raham
May 11, 201114 yr Hi Unpacked By a stupid technic! will not work for other compiler Note: if a license manager has very huge security..but its protection technic be poor in my opinion its not a valuable protection. even if we need valid license to run it...but after run we can unpack it veryyyy easy. like this Protector. Regards Raham Hi Dear Raham File Unpacked Full and Worked Fine.LOL Tnx
May 13, 201114 yr Maybe he traced out a serial or keygenned it allowing him to get to OEP? Either way Good job Raham!
July 30, 201114 yr any tutorial on it will be highly appreciated waiting for tutorial on this protection
July 30, 201114 yr Hey Guys you can't fix imports without valid key in Intelli Protector if See Raham Post.you can see he said:Unpacked Intelli Protector with Stupid Method but this method is not for big programs anyway Unpacking Intelli Protector With Valid Key is very Easy it's Like UPX (but with valid key) maybe Can Keygen it ! but is not my Specialty.Please Reply Keygenners Friends
July 30, 201114 yr Serial checking is done in a server.Send: Return Code: 0x00000000GET /IntelliProtectorChild2/register.ashx?USec=IPL456789012345-78901234567890123456789012345678DF4E&ActNum=vYzgaqdX6QWOlYQ5HtOsl41YeeT4Jl2AqFSQbIXyZF1afnnxNiglMZk7lAxt7eA3nGTQiE3w0cGcyL5hSNVgiZiSqHVJRp3BhIWdaBjBHSHpSAAAAAAAAAAUAAAAAAAAA HTTP/1.1User-Agent: my sHost: license3.intelliprotector.comConnection: Keep-AliveReceive: Return Code: 0x00000000HTTP/1.1 200 OKDate: Sat, 30 Jul 2011 16:14:40 GMTServer: Microsoft-IIS/6.0X-Powered-By: ASP.NETX-AspNet-Version: 4.0.30319Cache-Control: privateContent-Type: text/plain; charset=utf-8Content-Length: 118770af612dbeb40baa28ed08563de989a7Wrong license code. Please, recheck data you entered.79d602c89c604f33afc43ad961aae960Sends the key to one of the servers:http://license1.intelliprotector.comhttp://license2.intelliprotector.comhttp://license3.intelliprotector.comBut if you enter the following key and are not connected to the internet or have blocked the app with your firewall,then it will go to some sort of a manual file activation:IPL456789012345-78901234567890123456789012345678DF4E
July 30, 201114 yr Here's my try at unpacking it, though I'm no good at unpacking.Getting to the OEP is easy, but fixing IAT is not.unpacked_by_Saduff.zip
July 31, 201114 yr Well, if you look at my unpacked file, you'll see that many imports are unresolved and only 3 are fixed.It works only because the other imports are not called by this app. I would also like to know how Raham fixed all the imports.OK, getting to the OEP is very easy:Search for this binary string (hex):75 ?? 53 68 ?? ?? ?? ?? 53 8D 4D D4 51 53And set a bp on the found JNZ and run.Once it breaks, change the zero flag to take the jump.Step over the code, until RET.Once you step over the RET, you're at the OEP.Now, you can't fix Imports with ImportREC automatically.I fixed the 3 Imports manually by hand.If you study a VB6 app EP, you'll see that the first call is to MSVBVM60.ThunRTMain, so you can fix that Import immediately.After you try to run it with that 1 Import fixed, it will crash immediately. That's because ThunRTMain tries to call MSVBVM60.EVENT_SINK_AddRef.Since the address of that API is unresolved, it will call 00000000, which is not accessible by Win32 apps, so the app will crash with an access violation exception.To fix that, you have to locate the JMP NEAR [<some address>] that is called and fix that to MSVBVM60.EVENT_SINK_AddRef.Now the app should run, but you will soon see that when you try to close it, it will crash instead of close normally.That's because it calls another API when closing. That API is MSVBVM60.EVENT_SINK_Release. You have to fix that one too.After you've done that, the app should work normally. For a real app, you will have to fix many more APIs for it to work properly.I fixed these Imports by creating an IAT Tree .txt file for ImportREC. Here's the file I created:; Syntax for each function in a thunk (the separator is a TAB); ------------------------------------------------------------; Flag RVA ModuleName Ordinal Name;; Details for <Valid> parameter:; ------------------------------; Flag: 0 = valid: no -> - Name contains the address of the redirected API (you can set; it to zero if you edit it).; - Ordinal is not considered but you should let '0000' as value.; - ModuleName is not considered but you should let '?' as value.;; 1 = valid: yes -> All next parameters on the line will be considered.; Function imported by ordinal must have no name (the 4th TAB must; be there though).;; 2 = Equivalent to 0 but it is for the loader.;; 3 = Equivalent to 1 but it is for the loader.;; 4 = Equivalent to 0 with (R) tag.;; 5 = Equivalent to 1 with (R) tag.;; And finally, edit this file as your own risk! :-)Target: C:\IntelliProtect v2.15\IntelliProtect v2.15.exeOEP: 00001128 IATRVA: 00001000 IATSize: 00000070FThunk: 00001024 NbFunc: 000000011 00001024 msvbvm60.dll 0191 EVENT_SINK_AddRefFThunk: 0000102C NbFunc: 000000011 0000102C msvbvm60.dll 0192 EVENT_SINK_ReleaseFThunk: 0000105C NbFunc: 000000011 0000105C msvbvm60.dll 0064 ThunRTMain Edited July 31, 201114 yr by Saduff
Create an account or sign in to comment