IntelliProtect v2.15 without trial and key. tested on all systems

IntelliProtect v2.15.rar

Dear Somata

For test unpack me file you must insert unpackme file with out license

i unpacked file.But crashed after run .i do not know why

Please insert the unpackme with out license.with license this is CrackMe not unpack Me

File is Visual Basic

Edited May 10, 201114 yr by BLaCkViRuS

please attach unpacked file, i tell what wrong

please attach unpacked file, i tell what wrong

please insert your unpack me file with out license

Edited May 10, 201114 yr by BLaCkViRuS

i will give valid key after 10 days of this unpackme. please let other people try. your application crash because you did not fix imports.

I have dumped and fixed imports but it doesn't run on my x64 win7 machine.

i check.

oooOooh no. nevermind. Imports are all 00000000. So we need valid license for this?

So we need valid license for this?

for unpacking only? no.

i dont know anything about this protector, but maybe you can use a non-vb .exe & state which protection options you used.

anyways, let`s wait for evolution`s results....

anyone having any luck??

Just we need the validkey for unpack this

without the validkey you can't fix imports.Orginal File Must be Run

Hi

Unpacked By a stupid technic!

Note:

if a license manager has very huge security..but its protection technic be poor

in my opinion its not a valuable protection.

even if we need valid license to run it...but after run we can unpack it veryyyy easy.

like this Protector.

Regards

Raham

UnPacked_By_Raham.rar

Edited May 11, 201114 yr by Raham

Hi

Unpacked By a stupid technic!

will not work for other compiler

Note:

if a license manager has very huge security..but its protection technic be poor

in my opinion its not a valuable protection.

even if we need valid license to run it...but after run we can unpack it veryyyy easy.

like this Protector.

Regards

Raham

Hi Dear Raham

File Unpacked Full and Worked Fine.LOL

Tnx

anyone plz write tut. raham refused for tutorial.

Maybe he traced out a serial or keygenned it allowing him to get to OEP? Either way Good job Raham!

any one can write a tut for this

any tutorial on it will be highly appreciated waiting for tutorial on this protection

i am waiting for tut

Hey Guys

you can't fix imports without valid key in Intelli Protector

if See Raham Post.you can see he said:Unpacked Intelli Protector with Stupid Method but this method is not for big programs

anyway Unpacking Intelli Protector With Valid Key is very Easy it's Like UPX (but with valid key)

maybe Can Keygen it ! but is not my Specialty.Please Reply Keygenners Friends

Serial checking is done in a server.

Send: Return Code: 0x00000000
GET /IntelliProtectorChild2/register.ashx?USec=IPL456789012345-78901234567890123456789012345678DF4E&ActNum=vYzgaqdX6QWOlYQ5HtOsl41YeeT4Jl2AqFSQbIXyZF1afnnxNiglMZk7lAxt7eA3nGTQiE3w0cGcyL5hSNVgiZiSqHVJRp3BhIWdaBjBHSHpSAAAAAAAAAAUAAAAAAAAA HTTP/1.1
User-Agent: my s
Host: license3.intelliprotector.com
Connection: Keep-Alive

Receive: Return Code: 0x00000000
HTTP/1.1 200 OK
Date: Sat, 30 Jul 2011 16:14:40 GMT
Server: Microsoft-IIS/6.0
X-Powered-By: ASP.NET
X-AspNet-Version: 4.0.30319
Cache-Control: private
Content-Type: text/plain; charset=utf-8
Content-Length: 118770af612dbeb40baa28ed08563de989a7Wrong license code. Please, recheck data you entered.79d602c89c604f33afc43ad961aae960

Sends the key to one of the servers:

http://license1.intelliprotector.com
http://license2.intelliprotector.com
http://license3.intelliprotector.com

But if you enter the following key and are not connected to the internet or have blocked the app with your firewall,

then it will go to some sort of a manual file activation:

IPL456789012345-78901234567890123456789012345678DF4E

Thank You Saduff For Info

Here's my try at unpacking it, though I'm no good at unpacking.

Getting to the OEP is easy, but fixing IAT is not.

unpacked_by_Saduff.zip

yes.is good mate.but this method not work in big Targets ( and you know )

saduff now you will also refuse for tutorial or you make one for all ?

Well, if you look at my unpacked file, you'll see that many imports are unresolved and only 3 are fixed.

It works only because the other imports are not called by this app. I would also like to know how Raham fixed all the imports.

OK, getting to the OEP is very easy:

Search for this binary string (hex):

75 ?? 53 68 ?? ?? ?? ?? 53 8D 4D D4 51 53

And set a bp on the found JNZ and run.

Once it breaks, change the zero flag to take the jump.

Step over the code, until RET.

Once you step over the RET, you're at the OEP.

Now, you can't fix Imports with ImportREC automatically.

I fixed the 3 Imports manually by hand.

If you study a VB6 app EP, you'll see that the first call is to MSVBVM60.ThunRTMain, so you can fix that Import immediately.

After you try to run it with that 1 Import fixed, it will crash immediately. That's because ThunRTMain tries to call MSVBVM60.EVENT_SINK_AddRef.

Since the address of that API is unresolved, it will call 00000000, which is not accessible by Win32 apps, so the app will crash with an access violation exception.

To fix that, you have to locate the JMP NEAR [<some address>] that is called and fix that to MSVBVM60.EVENT_SINK_AddRef.

Now the app should run, but you will soon see that when you try to close it, it will crash instead of close normally.

That's because it calls another API when closing. That API is MSVBVM60.EVENT_SINK_Release. You have to fix that one too.

After you've done that, the app should work normally. For a real app, you will have to fix many more APIs for it to work properly.

I fixed these Imports by creating an IAT Tree .txt file for ImportREC. Here's the file I created:

; Syntax for each function in a thunk (the separator is a TAB)
; ------------------------------------------------------------
; Flag   RVA   ModuleName   Ordinal   Name
;
; Details for <Valid> parameter:
; ------------------------------
; Flag:  0 = valid: no  -> - Name contains the address of the redirected API (you can set
;                            it to zero if you edit it).
;                          - Ordinal is not considered but you should let '0000' as value.
;                          - ModuleName is not considered but you should let '?' as value.
;
;        1 = valid: yes -> All next parameters on the line will be considered.
;                          Function imported by ordinal must have no name (the 4th TAB must
;                                                                          be there though).
;
;        2 = Equivalent to 0 but it is for the loader.
;
;        3 = Equivalent to 1 but it is for the loader.
;
;        4 = Equivalent to 0 with (R) tag.
;
;        5 = Equivalent to 1 with (R) tag.
;
; And finally, edit this file as your own risk! :-)Target: C:\IntelliProtect v2.15\IntelliProtect v2.15.exe
OEP: 00001128	IATRVA: 00001000	IATSize: 00000070FThunk: 00001024	NbFunc: 00000001
1	00001024	msvbvm60.dll	0191	EVENT_SINK_AddRefFThunk: 0000102C	NbFunc: 00000001
1	0000102C	msvbvm60.dll	0192	EVENT_SINK_ReleaseFThunk: 0000105C	NbFunc: 00000001
1	0000105C	msvbvm60.dll	0064	ThunRTMain

Edited July 31, 201114 yr by Saduff