GIV, is your mainform doesn't have any GUI components or texts ? I popup open your protected app. just in an easy way. see below.

Very interesting protection here.
bp breakpoints are detected; any change to enigma code section is detected.
The serial check is sometimes this:
0185E1F4    C2 0800         RETN 0x8 ; here is eax should be 1 not 0
0185E1F7    68 22FBE3BB     PUSH 0xBBE3FB22
0185E1FC  ^ E9 33C8CFFE     JMP Enigma_6.0055AA34
I don't know what's is going on.
 

Edited October 2, 20231 yr by CodeExplorer

1 hour ago, CodeExplorer said:

bp breakpoints are detected; any change to enigma code section is detected.

what anti-dbg plugins are you using?  what dbg engine

@jackyjask I am using SHADOW_FOR_ENIGMA olly debugger: https://workupload.com/file/YpxC9XhHEze
 

On 7/20/2021 at 4:48 PM, GIV said:

View File

Enigma Protector v6.9

---

I have protected a simple file with the Enigma Protector 6.9. Try to unpack.

For a skilled reverser will not be as hard as it seems.

HWID: A7707-65A71-43529-A59E1-41C2F-C5AA0-EB308-3F774
Name: tuts4you
Key: BG8QC4UMZW3QMTH99U6ZTF8FJJNDAPKY5E2XNL3CMHRVUMLSB2QWRBSYBGF4RNHX7WC26W2GQMNBNPUU3YUTDXDS387A2UURMUVJ88P5PPC9ZCEQHFHW4J6ZQRAK7GW6DRK4QH4CGCEQM7F9K39J89S4CRARX3L3LPABBXU23M8QXP6A85L2CZFJZF66KF5NFTZ557872DA3

 

---

• Submitter
  GIV
• Submitted
  07/20/2021
• Category
  UnPackMe

 

Unpacked with hight size on adding VM with Enigma section.

For the question all info is on this board thanks.

Enigma 6.9 - protected.rar

Edited November 23, 20231 yr by TRISTAN Pro

9 hours ago, TRISTAN Pro said:

为什么绕过注册后应用程序会出现然后消失并退出？

对于这个问题，所有信息都在这个板上，谢谢。

Enigma 6.9 - 受保护.rar 2.52MB · 11 次下载

VFP9RENU.DLL

vfp9r.dll---What is it for?

11 hours ago, kuazi GA said:

VFP9RENU.DLL

vfp9r.dll---What is it for?

Dll extract in the exe.

Edited November 5, 20231 yr by TRISTAN Pro
Response

On 10/2/2023 at 7:36 PM, CodeExplorer said:

@jackyjaskИзползвам SHADOW_FOR_ENIGMA olly debugger: https://workupload.com/file/YpxC9XhHEze
 

it's permanent encryption, but i don't know how to patch hwid perfectly. The Chinese have a tutorial for this, but it's no longer available... They also have script and a patching  tool for new version , but won't share them here.

Edited November 9, 20231 yr by azufo

 

PS  "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂

22 hours ago, kuazi GA said:

 

PS  "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂

yea this is very clear for me, but where to find the correct routine..

give some help 

You need to patch HWID because it uses constant encryption to the one provided by giv....

then you can either calculate the password md5 hash to get (tuts4you.com) or you can bypass the "invalid password" check.

After that, you can register it.

@TRISTAN Pro

--

Edited November 12, 20231 yr by X0rby
No problems in public, let's talk pm

😁😇

Edited November 12, 20231 yr by TRISTAN Pro
Ok

On 11/11/2023 at 11:39 PM, X0rby said:

You need to patch HWID because it uses constant encryption to the one provided by giv....

then you can either calculate the password md5 hash to get (tuts4you.com) or you can bypass the "invalid password" check.

After that, you can register it.

Bro im not NOOb, but i forgot some things and the password can be bp hooked without md5 calculation

just looking for the right place to change hwid without crc detecting me

 

On 20/07/2021 at 10:48, GIV said:

Visualizar arquivo

Protetor Enigma v6.9

---

Protegi um arquivo simples com o Enigma Protector 6.9. Tente desempacotar.

Para um reversor habilidoso não será tão difícil quanto parece.

 

---

• Remetente
  DAR
• Submetido
  20/07/2021
• Categoria
  Desempacote-me

 

what is the password because a window appears saying APPLICATION REQUIRES PASSWORD TO START, ENTER PASSWORD

 

 

The password is tuts4you.com

Used Olly SHADOW debugger modification with ScyllaHide plugin.
First you need to Set on all options from DRx Protection in ScyllaHide.

It has set number of run time allowed so after expired run Trial-Reset.v4.0.Final and clean Enigma registry key.

Noticed this call:
VirtualAlloc reached:
Stack pointer = 23FDD0
[ESP] (return address) = 55ABBD
[ESP+4] (lpAddress) = 0
[ESP+8] (dwSize) = 100000
[ESP+12] (flAllocationType) = 2000
[ESP+16] (flProtect) = 1
Thread id = 3352
Allocated address = 3550000
Thread id = 3352

RESERVE = 2000

I've noticed the presence of some memory blocks with size 100000 one after another - probable should be appended to dump.
 

Is anyone who loads this Enigma ver. 6.9 application successfully?

Regards.

sean.

33 minutes ago, windowbase said:

Is anyone who loads this Enigma ver. 6.9 application successfully?

Regards.

sean.

these cheap tricks don't work here, it's constant encryption.

Edited January 13, 20241 yr by X0rby

@X0rby Did you load it up successfully?

Regards.

sean.

Just now, windowbase said:

@X0rby Did you load it up successfully?

Regards.

sean.

ofc, check my older replies - you need to patch hwid to the valid one.

1 hour ago, X0rby said:

ofc, check my older replies - you need to patch hwid to the valid one.

@X0rby You did. How did you bypass CRC checking? maybe I have the CRC issue.

Regards.

sean.

Edited January 13, 20241 yr by windowbase
adding words.

On 11/10/2023 at 7:14 AM, kuazi GA said:

PS  "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂

@kuazi GA

How should I do without modifying the virtual machine entry point? You already did it.

Can you guide me to solve it?

Regards.

sean.

21 hours ago, windowbase said:

@夸子GA

不修改虚拟机入口点 怎么办？你已经做到了。

你能指导我解决它吗？

问候。

肖恩。

 

@kuazi GA I did it using the tool of @CodeExplorer.

Many thanks. by the way, did you do it using the tool? or in your own way?

And one more thing, the app closes when I click the window. is it intended by giv or any problem with me?

 

Regards.

sean.

Edited January 15, 20241 yr by windowbase
adding words.

Yeah, the windows closes after few time. Same thing here; I think was intended by giv.