Jump to content
Tuts 4 You
Sound

[unpackme] WinLicense_2.3.8.0.UnpackMe

Rate this topic

Recommended Posts

Sound

Unpackme : WinLicense_2.3.8.0

Linker : Delphi 

Hardware ID: 1057-C911-F86F-03EB-CB96-290C-7855-2BAE

Download: 

http://release.crack4r.cc/Exercise/WinLicense_2.3.8.0.UnpackMe.7z

Have fun ! :)

 

Best regards,

Sound

 

 

 

 

Edited by Sound (see edit history)

Share this post


Link to post
Share on other sites
Sound

Hear your views for this version. :)

Best regards,

Sound

Share this post


Link to post
Share on other sites
Teddy Rogers

The [unpackme] tag has been added to your topic title.

Please remember to follow and adhere to the topic title format - thankyou!

[This is an automated reply]

Share this post


Link to post
Share on other sites
GIV

Hat off.

 

  • Like 1

Share this post


Link to post
Share on other sites
Sound

Hat off.

Share this post


Link to post
Share on other sites
Sound
3 hours ago, LCF-AT said:

Hi,

no special / script still working.Below my files x2.


quick bypass: 008490A1  00000001 <-- set condition

greetz

WinLicense_2.3.8.0_Unpackedx2.rar

Great script, everyone knows that.   :)

Best regards,

Sound

Edited by Sound (see edit history)

Share this post


Link to post
Share on other sites
mcr65

hi

 

please take video tutorial

thanks

Share this post


Link to post
Share on other sites
collins
On 2016/1/5 at 1:00 AM, LCF-AT said:

Hi,

no special / script still working.Below my files x2.


quick bypass: 008490A1  00000001 <-- set condition

greetz

WinLicense_2.3.8.0_Unpackedx2.rar

lcf-at how to find address : 008490A1  ?

Share this post


Link to post
Share on other sites
icarusdc

Hi, @LCF-AT

VA  008490A1 is empty. I put a HWBP on it and F9, target exits.

 

Salam

Share this post


Link to post
Share on other sites
LCF-AT

Just run the target till you get the HWID NAG then go to the VA (target base 400000) address and enter value 1 inside then press Ok on tne NAG.Try again.

greetz

  • Like 1

Share this post


Link to post
Share on other sites
converse
	Bypass HWID
004D8279         CMP DWORD PTR DS:[EDX],EBX   //patch EBX = 1
0059002E         CMP DWORD PTR DS:[ESI],EAX   //patch EAX = 1

 

unpacked.rar

Edited by converse (see edit history)
  • Like 1

Share this post


Link to post
Share on other sites
GIV
On 04.03.2016 at 11:29 AM, converse said:

	Bypass HWID
004D8279         CMP DWORD PTR DS:[EDX],EBX   //patch EBX = 1
0059002E         CMP DWORD PTR DS:[ESI],EAX   //patch EAX = 1

 

unpacked.rar

For me was enough to patch EBX at VA 

004D8279         

and the app run.

Edit. APR. 04 2016

Here is attached unpacked file.

HWID is bypassed by hand the rest is done via LCF-AT script.

Removed useless sections.

 

 

WinLicense_Unpacked.rar

Edited by GIV (see edit history)

Share this post


Link to post
Share on other sites
0000001
On 1/5/2016 at 12:00 PM, LCF-AT said:

Hi,

no special / script still working.Below my files x2.


quick bypass: 008490A1  00000001 <-- set condition

greetz

WinLicense_2.3.8.0_Unpackedx2.rar

@LCF-AT how were you able to clean the size of the dump? removing useless sections?

Edited by 0000001 (see edit history)

Share this post


Link to post
Share on other sites
LCF-AT

Hi,

just check out the raw sizes of your dumped section and set them new if needed and make a rebuild.Use any PE tool for that.Useless section are for example the protector / packer section if they are not needed anymore to access datas from there etc.Also other target sections like TLS etc can be removed if was used.Just check that out and then reduce your unpacked files to make them smaller.

greetz

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×
×
  • Create New...