CodeExplorer Posted December 11, 2018 Share Posted December 11, 2018 (edited) Difficulty : 5 (I think) Not sure Language : Visual C++ 6.0 Platform : Windows x32 OS Version : Windows All Packer / Protector : Obsidium v1.6.1.9 Description : This is just one of my program protected The objective is unpack it. Screenshot : CompareInfo_Obs.zip Edited December 11, 2018 by CodeExplorer Link to comment Share on other sites More sharing options...
Lumusfor Posted December 19, 2018 Share Posted December 19, 2018 Is this protector really so tough to unpack 😮 ? I do not see an public unpackers for the present versions for the past 2-3 years? Link to comment Share on other sites More sharing options...
CodeExplorer Posted December 22, 2018 Author Share Posted December 22, 2018 Overall it isn't that hard. But nice anti-debug tricks, is the only protector I still can't debug! Link to comment Share on other sites More sharing options...
Mad Max Posted December 22, 2018 Share Posted December 22, 2018 I would be glad, it would also show someone how it was unpacked. Not always just unpackme's upload without a solution. Do not be against CodeCracker right now, it's common. Link to comment Share on other sites More sharing options...
GautamGreat Posted December 23, 2018 Share Posted December 23, 2018 not starting on win7 x86 Link to comment Share on other sites More sharing options...
CodeExplorer Posted April 3, 2019 Author Share Posted April 3, 2019 Found a olly modification that I've created that works ok with Obsidium; I called it OLLY_(Orig_Safengine).rar since it also works for Safengine. A tutorial by Nieo is the most recent: https://tuts4you.com/e107_plugins/download/download.php?view.3678 Let the cracking begin! OLLY_(Orig_Safengine).rar 2 1 Link to comment Share on other sites More sharing options...
CodeExplorer Posted April 8, 2019 Author Share Posted April 8, 2019 Used protector (I've forget to specify): https://www.52pojie.cn/thread-652274-1-1.html http://distro.crack.vc/index.php?dir=RceTools/Packers/ Finally made scripts and a tutorial on how to restore stolen bytes: https://forum.tuts4you.com/topic/41211-obsidium-olly-scripts/ BR. 4 Link to comment Share on other sites More sharing options...
Kalo Posted July 20, 2019 Share Posted July 20, 2019 On 4/3/2019 at 6:20 PM, CodeExplorer said: Found a olly modification that I've created that works ok with Obsidium; I called it OLLY_(Orig_Safengine).rar since it also works for Safengine. A tutorial by Nieo is the most recent: https://tuts4you.com/e107_plugins/download/download.php?view.3678 Let the cracking begin! OLLY_(Orig_Safengine).rar 1.46 MB · 97 downloads sorry, what are the configs on plugins? i still can't debug with this... Link to comment Share on other sites More sharing options...
Solution BambooQJ Posted January 5, 2020 Solution Share Posted January 5, 2020 My English is very poor,So, I recorded a tutorial...HAHAHAHA 思路 Quote 55 8B EC 6A FF 68 78 34 40 00 68 16 2C 40 00 //OEP 00402A8F 脱壳方法 先对 CreateThread 的CALL地址下断点,然后对新建线程的入口 RET 4 随后 为了过反调试,对kernel32. GetSystemTimeAsFileTime 的返回值 下断 单步跟踪到 CMP EAX, 0x7 下方jl 改为 jmp 绕过检测 对代码段下内存访问断点 找到偷取处理IAT地方. 然后 修改 处理call 记录特征码 50 52 E8 04 01 00 00 EB 05 稍后处理 重载程序 被偷取的代码 0040267D 0040256B 004018F3 004012B1 0040121F MOV REG32,[IAT] CALL REG32 脚本 var IAT_Statr var IAT_End var Temp_IAT Var bakup_EIP mov bakup_EIP,eip mov IAT_Statr,403000 //IAT表开始位置 mov IAT_End,403208 //IAT结束地址 bp 00414CA9 //85 C0 74 28 64 67 8F 06 00 00 83 C4 04 5F 5E 5B 8B E5 5D C2 14 00 GetAPIAddr: mov Temp_IAT,[IAT_Statr] cmp Temp_IAT,0 je INC_IATADDR cmp Temp_IAT,6FFFFFFF ja INC_IATADDR mov eip,Temp_IAT run mov [IAT_Statr],eax INC_IATADDR: add IAT_Statr,4 cmp IAT_Statr,IAT_End ja RETIATFIX jmp GetAPIAddr RETIATFIX: mov eip,bakup_EIP pause ret 教程(tutorial) https://mega.nz/#!AhFBCAzA!gCL_2iXmcvlwPCk8AQ31gSQbGEiulcdPpVBgKg8ke88 I hope it will help later people. CompareInfo_Obs_dump_.exe Obsidium unpack.7z 1 5 1 Link to comment Share on other sites More sharing options...
Xjun Posted January 10, 2020 Share Posted January 10, 2020 On 1/5/2020 at 7:56 PM, BambooQJ said: My English is very poor,So, I recorded a tutorial...HAHAHAHA 思路 脚本 var IAT_Statr var IAT_End var Temp_IAT Var bakup_EIP mov bakup_EIP,eip mov IAT_Statr,403000 //IAT表开始位置 mov IAT_End,403208 //IAT结束地址 bp 00414CA9 //85 C0 74 28 64 67 8F 06 00 00 83 C4 04 5F 5E 5B 8B E5 5D C2 14 00 GetAPIAddr: mov Temp_IAT,[IAT_Statr] cmp Temp_IAT,0 je INC_IATADDR cmp Temp_IAT,6FFFFFFF ja INC_IATADDR mov eip,Temp_IAT run mov [IAT_Statr],eax INC_IATADDR: add IAT_Statr,4 cmp IAT_Statr,IAT_End ja RETIATFIX jmp GetAPIAddr RETIATFIX: mov eip,bakup_EIP pause ret 教程(tutorial) https://mega.nz/#!AhFBCAzA!gCL_2iXmcvlwPCk8AQ31gSQbGEiulcdPpVBgKg8ke88 I hope it will help later people. CompareInfo_Obs_dump_.exe 140 kB · 8 downloads Obsidium unpack.7z 37.76 MB · 16 downloads 刀哥牛逼 Link to comment Share on other sites More sharing options...
MR.Med.Ali Posted May 22, 2021 Share Posted May 22, 2021 On 1/5/2020 at 2:56 PM, BambooQJ said: My English is very poor,So, I recorded a tutorial...HAHAHAHA 思路 脚本 var IAT_Statr var IAT_End var Temp_IAT Var bakup_EIP mov bakup_EIP,eip mov IAT_Statr,403000 //IAT表开始位置 mov IAT_End,403208 //IAT结束地址 bp 00414CA9 //85 C0 74 28 64 67 8F 06 00 00 83 C4 04 5F 5E 5B 8B E5 5D C2 14 00 GetAPIAddr: mov Temp_IAT,[IAT_Statr] cmp Temp_IAT,0 je INC_IATADDR cmp Temp_IAT,6FFFFFFF ja INC_IATADDR mov eip,Temp_IAT run mov [IAT_Statr],eax INC_IATADDR: add IAT_Statr,4 cmp IAT_Statr,IAT_End ja RETIATFIX jmp GetAPIAddr RETIATFIX: mov eip,bakup_EIP pause ret 教程(tutorial) https://mega.nz/#!AhFBCAzA!gCL_2iXmcvlwPCk8AQ31gSQbGEiulcdPpVBgKg8ke88 I hope it will help later people. CompareInfo_Obs_dump_.exe 140 kB · 58 downloads Obsidium unpack.7z 37.76 MB · 168 downloads Thank yuo very much can yuo PM me please? Link to comment Share on other sites More sharing options...
Stuttered Posted October 9, 2021 Share Posted October 9, 2021 Anyone has the key for the Mega link? Link to comment Share on other sites More sharing options...
tonyweb Posted October 10, 2021 Share Posted October 10, 2021 (edited) @Stuttered Just use the full link: copy also the red text. Anyway @BambooQJ attached the file to the post (.7z file), so there's no need to use mega link at all, actually. Thanks to him Regards, Tony Edited October 13, 2021 by tonyweb little formatting 1 Link to comment Share on other sites More sharing options...
Stuttered Posted October 11, 2021 Share Posted October 11, 2021 (edited) 13 hours ago, tonyweb said: @Stuttered Just use the full link: copy also the red text. Anyway @BambooQJ attached the file to the post (.7z file), so there's no need to use mega link at all, actually. Thanks to him Regards, Tony I see now! The red was the key (my old eyes)... And didn't notice EXE was a VID TUT. 😄 Edited October 11, 2021 by Stuttered Link to comment Share on other sites More sharing options...
LordGarfio Posted October 22, 2021 Share Posted October 22, 2021 On 4/8/2019 at 3:06 PM, CodeExplorer said: Used protector (I've forget to specify): https://www.52pojie.cn/thread-652274-1-1.html http://distro.crack.vc/index.php?dir=RceTools/Packers/ Finally made scripts and a tutorial on how to restore stolen bytes: https://forum.tuts4you.com/topic/41211-obsidium-olly-scripts/ BR. Hi, The aforementioned websites do not allow downloads without registration and the Chinese do not allow registration easily outside of China. distro.crack.vc is completely died. Obsidium.v1.6.1.9_x32.NONAG from Mega download link needs a password. pan.baidu.com/s/1gfcTv83 needs account for download. For the above, can anyone provide the password for the mega.nz .rar for Obsidium.v1.6.1.9_x32.NONAG (Yoza's release) ? Cheers. Link to comment Share on other sites More sharing options...
h4sh3m Posted October 23, 2021 Share Posted October 23, 2021 Hi this isn't what you want but may help you. Obsidium1.6.7.b1.rar 2 Link to comment Share on other sites More sharing options...
vosiyons Posted September 1, 2022 Share Posted September 1, 2022 On 10/9/2021 at 11:07 PM, Stuttered said: Anyone has the key for the Mega link? !gCL_2iXmcvlwPCk8AQ31gSQbGEiulcdPpVBgKg8ke88 Link to comment Share on other sites More sharing options...
windowbase Posted June 20 Share Posted June 20 Obsidium Test x86-Protected.exelicense.key Version v1.6.7 (build 1) [Jan 27 2019] protected one. try to unpack it. or bypass license. password is "789". sean. Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now