Aguila Posted February 3, 2014 Share Posted February 3, 2014 Are you tough enough to break this? WinLicense with lowest possible protection options. Standard Virtual Machine: TIGER64 (Red)UnpackmeWLx64.rar Link to comment Share on other sites More sharing options...
mrexodia Posted February 4, 2014 Share Posted February 4, 2014 Doesn't seem like a tough challenge, but I didn't do anything with a VM... GreetingsUnpackmeWLx64_dump_size_SCY.rar 3 Link to comment Share on other sites More sharing options...
Aguila Posted February 4, 2014 Author Share Posted February 4, 2014 ok nice, thanks. Maybe I disabled too much options. Here is another unpackme with all standard settings. TIGER64 (Red)WLUnpackmeStandard.rar Link to comment Share on other sites More sharing options...
mrexodia Posted February 4, 2014 Share Posted February 4, 2014 (edited) Restoring the imports was possible, because there were only two (and I unpacked the other file). I couldn't do it when there were more virtualized imports... Bypassing the debug detections was easy I just used TitanHide (+ 'dbh' command, which does basic PEB hiding). Greetings, Mr. eXoDia EDIT: attached file WLUnpackmeStandard_dump_new_size_SCY.rar Edited February 4, 2014 by Mr. eXoDia 2 Link to comment Share on other sites More sharing options...
Aguila Posted February 4, 2014 Author Share Posted February 4, 2014 (edited) Very nice! I didn't expect that. And here is some max protection sample. Ultra anti-debug, will your TitanHide work? TIGER64 (Black) WLUnpackmeMax.rar Edited February 4, 2014 by Aguila Link to comment Share on other sites More sharing options...
mrexodia Posted February 4, 2014 Share Posted February 4, 2014 After some plugin writing...WLUnpackmeMax_dump_size_SCY.rar 4 Link to comment Share on other sites More sharing options...
ahmadmansoor Posted February 5, 2014 Share Posted February 5, 2014 (edited) Hi Aguila : thanks for unpack test file ,but I think it is not a big deal For the first unpack me. 2 steps to unpack it just here a tut on how to unpack by IDA 6.1 https://drive.google.com/file/d/0B402C-bcZm3lNG01Q29VMXpWSzA/edit?usp=sharing For me I solve the first one ,other file which need to work with hide debugger on x64 , I think I need more practice . I think Mr. eXoDia is rocker in x64 now Edited February 5, 2014 by ahmadmansoor 4 1 Link to comment Share on other sites More sharing options...
Dreamer Posted February 5, 2014 Share Posted February 5, 2014 (edited) here is attached UnpackmeWLx64ByIda.rar Ps: this is ahmadmansoor unpacking tut Edited February 5, 2014 by Dreamer 1 Link to comment Share on other sites More sharing options...
Aguila Posted February 5, 2014 Author Share Posted February 5, 2014 Thanks for the tutorial ahmadmansoor. Most people will not be able to do this, because they don't have OllyDbg and Olly Script ;-) Link to comment Share on other sites More sharing options...
mrexodia Posted February 5, 2014 Share Posted February 5, 2014 Hey,I'll also make a small tutorial for the stronger protections (especially restoring the imports)Greetings 7 Link to comment Share on other sites More sharing options...
ChVL Posted February 24, 2014 Share Posted February 24, 2014 Sorry, I can not check this tutorial.What plugin for IDA should be used? Link to comment Share on other sites More sharing options...
mrexodia Posted February 24, 2014 Share Posted February 24, 2014 @ChVL:try TitanHide (see my signature), then do a simple PEB patch and you're good. You can also try IDAStealth Greetings Link to comment Share on other sites More sharing options...
ChVL Posted February 24, 2014 Share Posted February 24, 2014 Mr. eXoDia, Thank you very much! I will try... I looked IDASealth, but it only for x32. Link to comment Share on other sites More sharing options...
SmilingWolf Posted January 23, 2015 Share Posted January 23, 2015 If I keep resurrecting old threads perhaps I'll become a necromancer even better than Sauron WLx64 2.2 MUPed.7z 3 Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now