Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[CrackMe/Unpackme]Enigma 4.xx

danmz
danmz
in UnPackMe

Featured Replies

this is not your hand made crackme/unpackme.

 

Salam

This is trash.

Just fix API redirection, VM'ed API, find OEP and restore OEP.

The OEP is like: 

        PUSH EBP
           MOV EBP, ESP
           ADD ESP, -10
           MOV EAX, 0047F234
           MOV ECX, 00537000
           MOV EDX, 0076A2F7
           CALL 040615C
           MOV EAX, DWORD PTR[4803C8]
           CALL 0459B7C
           MOV EAX, DWORD PTR[4803C8]
           MOV EDX, 0047F5B4
           CALL 045978C
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483EEC
           MOV EDX, 0047C144
           CALL 0459B94
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483F88
           MOV EDX, 0047DDE4
           CALL 0459B94
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 00483F88
           CALL 0459C14
           MOV EAX, DWORD PTR[4803C8]
           MOV ECX, 001AB1700
           CALL 0403D78

A moderator please put this to trash.

Well, I think it is hard for me to crack it because almost all important procedure is VMed.

I need to study devirtualizing VM harder.

 

Salam

You cannot devirtualize the VM you just reconstruct OEP in this case.

Take a look here:

Quote

https://forum.tuts4you.com/topic/36052-enigma-protector-410-unpacking-example/

You have all you need to know there.

If you want to adapt the devirtualizer to the new VM type just take a look here:

Quote

https://forum.tuts4you.com/topic/28847-c-the-enigma-protector-devirtualizer-source-code/#comment-136340

 

    • Like 1

    Yeah, I studied to reconstructing OEP from @SHADOW_UA and the OEP come more clean from @LCF-AT's guide. Amazing guide :)

    But I think this only works for OEP. not for VMed function like this crackme.

     

    Salam

    You cannot devirtualize the VM you just reconstruct OEP in this case.

    Take a look here:

    Quote

    https://forum.tuts4you.com/topic/36052-enigma-protector-410-unpacking-example/

    You have all you need to know there.

    If you want to adapt the devirtualizer to the new VM type just take a look here:

    Quote

    https://forum.tuts4you.com/topic/28847-c-the-enigma-protector-devirtualizer-source-code/#comment-136340

    You did not checked the second link.

    You have the sourcecode to the plugin for devirtualize the Enigma VM.

    You just need to adapt to newer versions.

    Just you have to work for that and not expect to receive for free.

    :)

    •
    • Like 1

    :D

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.