Sean the hard worker Posted June 13, 2023 Posted June 13, 2023 GIV, is your mainform doesn't have any GUI components or texts ? I popup open your protected app. just in an easy way. see below. 1
CodeExplorer Posted October 2, 2023 Posted October 2, 2023 (edited) Very interesting protection here. bp breakpoints are detected; any change to enigma code section is detected. The serial check is sometimes this: 0185E1F4 C2 0800 RETN 0x8 ; here is eax should be 1 not 0 0185E1F7 68 22FBE3BB PUSH 0xBBE3FB22 0185E1FC ^ E9 33C8CFFE JMP Enigma_6.0055AA34 I don't know what's is going on. Edited October 2, 2023 by CodeExplorer 1
jackyjask Posted October 2, 2023 Posted October 2, 2023 1 hour ago, CodeExplorer said: bp breakpoints are detected; any change to enigma code section is detected. what anti-dbg plugins are you using? what dbg engine
CodeExplorer Posted October 2, 2023 Posted October 2, 2023 @jackyjask I am using SHADOW_FOR_ENIGMA olly debugger: https://workupload.com/file/YpxC9XhHEze 1
TRISTAN Pro Posted November 4, 2023 Posted November 4, 2023 (edited) On 7/20/2021 at 4:48 PM, GIV said: View File Enigma Protector v6.9 I have protected a simple file with the Enigma Protector 6.9. Try to unpack. For a skilled reverser will not be as hard as it seems. HWID: A7707-65A71-43529-A59E1-41C2F-C5AA0-EB308-3F774 Name: tuts4you Key: BG8QC4UMZW3QMTH99U6ZTF8FJJNDAPKY5E2XNL3CMHRVUMLSB2QWRBSYBGF4RNHX7WC26W2GQMNBNPUU3YUTDXDS387A2UURMUVJ88P5PPC9ZCEQHFHW4J6ZQRAK7GW6DRK4QH4CGCEQM7F9K39J89S4CRARX3L3LPABBXU23M8QXP6A85L2CZFJZF66KF5NFTZ557872DA3 Submitter GIV Submitted 07/20/2021 Category UnPackMe Unpacked with hight size on adding VM with Enigma section. For the question all info is on this board thanks. Enigma 6.9 - protected.rar Edited November 23, 2023 by TRISTAN Pro
kuazi GA Posted November 4, 2023 Posted November 4, 2023 9 hours ago, TRISTAN Pro said: 为什么绕过注册后应用程序会出现然后消失并退出? 对于这个问题,所有信息都在这个板上,谢谢。 Enigma 6.9 - 受保护.rar 2.52MB · 11 次下载 VFP9RENU.DLL vfp9r.dll---What is it for?
TRISTAN Pro Posted November 5, 2023 Posted November 5, 2023 (edited) 11 hours ago, kuazi GA said: VFP9RENU.DLL vfp9r.dll---What is it for? Dll extract in the exe. Edited November 5, 2023 by TRISTAN Pro Response
azufo Posted November 9, 2023 Posted November 9, 2023 (edited) On 10/2/2023 at 7:36 PM, CodeExplorer said: @jackyjaskИзползвам SHADOW_FOR_ENIGMA olly debugger: https://workupload.com/file/YpxC9XhHEze it's permanent encryption, but i don't know how to patch hwid perfectly. The Chinese have a tutorial for this, but it's no longer available... They also have script and a patching tool for new version , but won't share them here. Edited November 9, 2023 by azufo 1
kuazi GA Posted November 9, 2023 Posted November 9, 2023 PS "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂 1
azufo Posted November 10, 2023 Posted November 10, 2023 22 hours ago, kuazi GA said: PS "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂 yea this is very clear for me, but where to find the correct routine.. give some help 1
X0rby Posted November 11, 2023 Posted November 11, 2023 You need to patch HWID because it uses constant encryption to the one provided by giv.... then you can either calculate the password md5 hash to get (tuts4you.com) or you can bypass the "invalid password" check. After that, you can register it. 1
X0rby Posted November 12, 2023 Posted November 12, 2023 (edited) @TRISTAN Pro -- Edited November 12, 2023 by X0rby No problems in public, let's talk pm
TRISTAN Pro Posted November 12, 2023 Posted November 12, 2023 (edited) 😁😇 Edited November 12, 2023 by TRISTAN Pro Ok
azufo Posted November 13, 2023 Posted November 13, 2023 On 11/11/2023 at 11:39 PM, X0rby said: You need to patch HWID because it uses constant encryption to the one provided by giv.... then you can either calculate the password md5 hash to get (tuts4you.com) or you can bypass the "invalid password" check. After that, you can register it. Bro im not NOOb, but i forgot some things and the password can be bp hooked without md5 calculation just looking for the right place to change hwid without crc detecting me
nogues Posted December 17, 2023 Posted December 17, 2023 On 20/07/2021 at 10:48, GIV said: Visualizar arquivo Protetor Enigma v6.9 Protegi um arquivo simples com o Enigma Protector 6.9. Tente desempacotar. Para um reversor habilidoso não será tão difícil quanto parece. Remetente DAR Submetido 20/07/2021 Categoria Desempacote-me what is the password because a window appears saying APPLICATION REQUIRES PASSWORD TO START, ENTER PASSWORD
CodeExplorer Posted January 5 Posted January 5 The password is tuts4you.com Used Olly SHADOW debugger modification with ScyllaHide plugin. First you need to Set on all options from DRx Protection in ScyllaHide. It has set number of run time allowed so after expired run Trial-Reset.v4.0.Final and clean Enigma registry key. Noticed this call: VirtualAlloc reached: Stack pointer = 23FDD0 [ESP] (return address) = 55ABBD [ESP+4] (lpAddress) = 0 [ESP+8] (dwSize) = 100000 [ESP+12] (flAllocationType) = 2000 [ESP+16] (flProtect) = 1 Thread id = 3352 Allocated address = 3550000 Thread id = 3352 RESERVE = 2000 I've noticed the presence of some memory blocks with size 100000 one after another - probable should be appended to dump. 2 1
Sean the hard worker Posted January 13 Posted January 13 Is anyone who loads this Enigma ver. 6.9 application successfully? Regards. sean. 1
X0rby Posted January 13 Posted January 13 (edited) 33 minutes ago, windowbase said: Is anyone who loads this Enigma ver. 6.9 application successfully? Regards. sean. these cheap tricks don't work here, it's constant encryption. Edited January 13 by X0rby
Sean the hard worker Posted January 13 Posted January 13 @X0rby Did you load it up successfully? Regards. sean. 1
X0rby Posted January 13 Posted January 13 Just now, windowbase said: @X0rby Did you load it up successfully? Regards. sean. ofc, check my older replies - you need to patch hwid to the valid one. 1
Sean the hard worker Posted January 13 Posted January 13 (edited) 1 hour ago, X0rby said: ofc, check my older replies - you need to patch hwid to the valid one. @X0rby You did. How did you bypass CRC checking? maybe I have the CRC issue. Regards. sean. Edited January 13 by windowbase adding words. 2
Sean the hard worker Posted January 13 Posted January 13 On 11/10/2023 at 7:14 AM, kuazi GA said: PS "Do not modify the machine code at the virtual machine entry point as it will trigger the CRC check."🙂 @kuazi GA How should I do without modifying the virtual machine entry point? You already did it. Can you guide me to solve it? Regards. sean. 1
kuazi GA Posted January 14 Posted January 14 21 hours ago, windowbase said: @夸子GA 不修改虚拟机入口点 怎么办?你已经做到了。 你能指导我解决它吗? 问候。 肖恩。 2
Sean the hard worker Posted January 15 Posted January 15 (edited) @kuazi GA I did it using the tool of @CodeExplorer. Many thanks. by the way, did you do it using the tool? or in your own way? And one more thing, the app closes when I click the window. is it intended by giv or any problem with me? Regards. sean. Edited January 15 by windowbase adding words. 2
CodeExplorer Posted January 15 Posted January 15 Yeah, the windows closes after few time. Same thing here; I think was intended by giv. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now