Aguila Posted February 3, 2014 Posted February 3, 2014 Are you tough enough to break this? WinLicense with lowest possible protection options. Standard Virtual Machine: TIGER64 (Red)UnpackmeWLx64.rar
mrexodia Posted February 4, 2014 Posted February 4, 2014 Doesn't seem like a tough challenge, but I didn't do anything with a VM... GreetingsUnpackmeWLx64_dump_size_SCY.rar 3
Aguila Posted February 4, 2014 Author Posted February 4, 2014 ok nice, thanks. Maybe I disabled too much options. Here is another unpackme with all standard settings. TIGER64 (Red)WLUnpackmeStandard.rar
mrexodia Posted February 4, 2014 Posted February 4, 2014 (edited) Restoring the imports was possible, because there were only two (and I unpacked the other file). I couldn't do it when there were more virtualized imports... Bypassing the debug detections was easy I just used TitanHide (+ 'dbh' command, which does basic PEB hiding). Greetings, Mr. eXoDia EDIT: attached file WLUnpackmeStandard_dump_new_size_SCY.rar Edited February 4, 2014 by Mr. eXoDia 2
Aguila Posted February 4, 2014 Author Posted February 4, 2014 (edited) Very nice! I didn't expect that. And here is some max protection sample. Ultra anti-debug, will your TitanHide work? TIGER64 (Black) WLUnpackmeMax.rar Edited February 4, 2014 by Aguila
mrexodia Posted February 4, 2014 Posted February 4, 2014 After some plugin writing...WLUnpackmeMax_dump_size_SCY.rar 4
ahmadmansoor Posted February 5, 2014 Posted February 5, 2014 (edited) Hi Aguila : thanks for unpack test file ,but I think it is not a big deal For the first unpack me. 2 steps to unpack it just here a tut on how to unpack by IDA 6.1 https://drive.google.com/file/d/0B402C-bcZm3lNG01Q29VMXpWSzA/edit?usp=sharing For me I solve the first one ,other file which need to work with hide debugger on x64 , I think I need more practice . I think Mr. eXoDia is rocker in x64 now Edited February 5, 2014 by ahmadmansoor 4 1
Dreamer Posted February 5, 2014 Posted February 5, 2014 (edited) here is attached UnpackmeWLx64ByIda.rar Ps: this is ahmadmansoor unpacking tut Edited February 5, 2014 by Dreamer 1
Aguila Posted February 5, 2014 Author Posted February 5, 2014 Thanks for the tutorial ahmadmansoor. Most people will not be able to do this, because they don't have OllyDbg and Olly Script ;-)
mrexodia Posted February 5, 2014 Posted February 5, 2014 Hey,I'll also make a small tutorial for the stronger protections (especially restoring the imports)Greetings 7
ChVL Posted February 24, 2014 Posted February 24, 2014 Sorry, I can not check this tutorial.What plugin for IDA should be used?
mrexodia Posted February 24, 2014 Posted February 24, 2014 @ChVL:try TitanHide (see my signature), then do a simple PEB patch and you're good. You can also try IDAStealth Greetings
ChVL Posted February 24, 2014 Posted February 24, 2014 Mr. eXoDia, Thank you very much! I will try... I looked IDASealth, but it only for x32.
SmilingWolf Posted January 23, 2015 Posted January 23, 2015 If I keep resurrecting old threads perhaps I'll become a necromancer even better than Sauron WLx64 2.2 MUPed.7z 3
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now