Jump to content
Tuts 4 You

[unpackme] UnpackMe Enigma 4.10 maximum protection + HWID


converse

Recommended Posts

Teddy Rogers

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Link to comment
Share on other sites

Hi,


 


just any VM which used tons of memory. :) Also at the end you only need to de-obfuscate the entire OEP routine which you can handle manually.The file was also not maximum protected as converse told us. ;) Just fix OEP routine + VMed imports who calling the Inner VM + pre push value creater (lea esp...).So in any other last postet unpacked there is also same new VM used but there I just redirected / added the VM sections to dump but not this time.


 


greetz


  • Like 5
Link to comment
Share on other sites

I thought so :)


 


For the rebuild of OEP i think its just fixed as all other Delphi 7 apps but how would one find that Mov eax,address at first and the other calls?


Edited by Lostin
Link to comment
Share on other sites

Just stop at OEP 005DF3B8 VA then set mem BP access at code = 0040DE3C VA first routine call and in eax you see the value you need to know.Also the same with the rest,just trace till routine end = back to VM set mem access code = next stop at routine X.Now check register values and find them if needed to create the other commands between the calls in OEP routine.Pretty simple = good for me to play a little ping pong match. :)


 


greetz


  • Like 3
Link to comment
Share on other sites

Hi,

 

The file was also not maximum protected as converse told us.  ;)

 

greetz

 

file is protected with all options, with what you have that no maximum protection? (I purposely did not crypted file if you about it,everything else is the maximum)

Edited by converse
Link to comment
Share on other sites

So you did not use any Outer VM in your UnpackMe only the protector layer used Inner VM (default) but the Outer VM you have to enable and choose manually to VM the code in codesection itself.Also I see no stolen codes too etc.Only protection in codesection itself is the obfuscated OEP routine thats all.There are many more features which you can add and create a make a real maximum protected UnpackMe.Maybe next time. :)


 


greetz


  • Like 1
Link to comment
Share on other sites

  • 3 weeks later...

@LCF-AT, what version of Ollydbg do you use to unpack enigma? can you be kind enough to share your tool that works with Enigma? thanks


Link to comment
Share on other sites

"Know is power - nothing know does nothing" :)


 


Just grab a Olly and necessary plugins then setup and start and thats all already and now you can also play with Enigma.No super duper hyper dyper special Olly necessary. :) For more infos check out the Enigma topics around you.


 


greetz


  • Like 1
Link to comment
Share on other sites

  • 4 weeks later...

@ converse


 


So I downloaded your HWID UnpackMe now and I see you didn't added any valid HWID / Name / Key datas.Could you please post them for your UnpackMe Enigma 4.10 (maximum protection+HWID).exe file.I need to check your file + valid datas together (with my new script) :)


 


Thank you


Link to comment
Share on other sites

  • 7 months later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...