mm10121991 Posted August 21, 2012 Posted August 21, 2012 (edited) this is a small easy unpackme good luck on unpacking it and tell me your opinion on it unpackme.rar Edited August 21, 2012 by mm10121991
Raham Posted August 21, 2012 Posted August 21, 2012 HiHere is unpacked file.ASPack + Self Modify.Kind Regards.Unpacked.rar
DMichael Posted August 24, 2012 Posted August 24, 2012 just give atry .. its semi unpacked xDsemiunpack.rar
quosego Posted August 24, 2012 Posted August 24, 2012 (edited) Here ya go: Clean dump everything returned to the original code and encryption removed as well as the macro. http://www.2shared.c...TA7j2/dump.html No keygen I'm not that kind of guy. Though one could easily rip the algo. Was quite fun, not hard but it has everything for someone that wants to get introduced into unpacking. Simple redirected API's, a macro, obfuscated oep. Not so much for the hardcore unpacker though. Found it over @ arteam.. but seems raham beat me to it doing a clean unpack. regards, q dump.rar Edited August 24, 2012 by Teddy Rogers Attached file...
DMichael Posted August 25, 2012 Posted August 25, 2012 hey Raham\quosego i just unpack but how you fully remove the crypt by hand or there away to auto do it?
quosego Posted August 25, 2012 Posted August 25, 2012 Well the oep obfuscation is only like 10 instructions interlaced with jumps. So that shouldn't be hard, simple manual copy paste. The other macro is a question of filtering out the useless functions and only retaining the original code which are only two/three instructions. It's obvious the PE header checking can be removed and then just dump the decrypted code to the exe. 1
tarequl.hassan Posted January 12, 2013 Posted January 12, 2013 does any one have a tutorial on this unpackme?
GIV Posted January 13, 2013 Posted January 13, 2013 (edited) 1. For me the serial was: 4848302. About the stolen OEP instructions was about 10 as mr. Q say : PUSH EBPMOV EBP,ESPPUSH -0x1PUSH 0x4050C0PUSH 0x402678MOV EAX,DWORD PTR FS:[0]PUSH EAXMOV DWORD PTR FS:[0],ESPSUB ESP,0x58PUSH 0x401242 Then i have 2 invalid imports:GetDlgItemTextAMessageBoxA Short video attached.The story.....rar Edited January 14, 2013 by GIV
tarequl.hassan Posted January 14, 2013 Posted January 14, 2013 Thanks GIV but i still could not unpack the exe. How to do that?
tarequl.hassan Posted January 14, 2013 Posted January 14, 2013 At last i could unpacked. Tutorial added.Many thanks to GIV for his help. Tutorial.rar
SmilingWolf Posted January 24, 2013 Posted January 24, 2013 Dumped, Size Reduced and Keygenned (well, really, I've ripped the algo ). This was funny to solve Solved.7z
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now