X0rby Posted April 26, 2023 Posted April 26, 2023 (edited) Correct password : a123-b567-2023! OEP RVA : 55A4 MEP RVA : 59CC Module IAT FIXED COMPLETELY I suggest using a no-console application as an unpackme. Edit 2 : Added the FILE. Keep Crying.exe Edited April 26, 2023 by X0rby added module entry point for the HATER, to make him keep crying 2 1
Teddy Rogers Posted April 27, 2023 Posted April 27, 2023 For those of you having a rant with each other, please take it up via PM. Posts removed, please stay on topic. Thank you... Ted. 2
TRISTAN Pro Posted April 27, 2023 Posted April 27, 2023 7 hours ago, Teddy Rogers said: For those of you having a rant with each other, please take it up via PM. Posts removed, please stay on topic. Thank you... Ted. Ok thank yuo admin.👍
Bidasci Posted April 28, 2023 Posted April 28, 2023 On 4/26/2023 at 1:13 AM, X0rby said: Correct password : a123-b567-2023! OEP RVA : 55A4 MEP RVA : 59CC Module IAT FIXED COMPLETELY I suggest using a no-console application as an unpackme. Edit 2 : Added the FILE. Keep Crying.exe 219 kB · 3 downloads Can you please create a video guide on how you were able to unpack this using x64dbg? Thank you!
badc0der Posted May 18, 2023 Posted May 18, 2023 On 4/26/2023 at 10:13 AM, X0rby said: Correct password : a123-b567-2023! OEP RVA : 55A4 MEP RVA : 59CC Module IAT FIXED COMPLETELY I suggest using a no-console application as an unpackme. Edit 2 : Added the FILE. Keep Crying.exe 219 kB · 11 downloads How did u bypass themida anti debugger for x32dbg? i can't find a solution for x32dbg, i use OD wit StrongOD and Scylla. Can u share some info how to unpack this version? woud be really nice. Thanks.
kuazi GA Posted June 4, 2023 Posted June 4, 2023 (edited) On 4/20/2023 at 7:42 PM, boot said: 根据上面回答者提供的教程附件。除了解压这个target,我们还可以做一个hijack DLL来达到目的。。。思路来自上面回答者教程的.asm附件。 DLL_This_target.rar video_2023-04-20_193641.mp4 340.35 kB · 0 downloads How to remove nag? Edited June 4, 2023 by kuazi GA 1 1
TRISTAN Pro Posted June 10, 2023 Posted June 10, 2023 @boot Can yuo upload the real target please?without protection for learning something if yuo can thanks in advanced. And source code for creating loader for TMD or VMP? 1
boot Posted June 10, 2023 Author Posted June 10, 2023 This is the original EXE sample without any protections. To make a Loader86, you need to know about DLL Hook /API Hook... Of course, a faster way is to use the existing patch tool. EXE_Original_x86.rar 1
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 Try this one. Winlicense Test.zip sean.
boot Posted June 16, 2023 Author Posted June 16, 2023 (edited) 34 minutes ago, windowbase said: Try this one. sean. EDIT: Your encrypted sample is not locked to my computer and it can be run directly. The usual solution is: bypass HWID (Necessary) + Unpack (If possible) https://www.mediafire.com/file/iofd7x113ourkss/Winlicense_Test_protected_dump_SCY.rar/file Edited June 16, 2023 by boot Add... 1
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 (edited) isn't it possible to just bypass hwid ? your solution is whole unpack . i just wanted to bypass hw license checking. anyway good job. how did you solve this? can you describe details for us ? sean. Edited June 16, 2023 by windowbase
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 (edited) 1 hour ago, boot said: EDIT: Your encrypted sample is not locked to my computer and it can be run directly. The usual solution is: bypass HWID (Necessary) + Unpack (If possible) https://www.mediafire.com/file/iofd7x113ourkss/Winlicense_Test_protected_dump_SCY.rar/file thank you for the comment. sean. Edited June 16, 2023 by windowbase
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 When i try to do Tristan pro's way, I get the debugger found message. though I set up plugin as like this.
boot Posted June 16, 2023 Author Posted June 16, 2023 40 minutes ago, windowbase said: When i try to do Tristan pro's way, I get the debugger found message. though I set up plugin as like this. For x64Dbg, Just try to remove ScyllaHide plugin and set SharpOD 0.6d plugin likes this... 1
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 (edited) okay, many thanks. and so many stopping at the compare commads, do I have to manipulate values manually? Tristan Pro said to automate the process, inlining. how do I inline codes in the block? sean. Edited June 16, 2023 by windowbase
boot Posted June 16, 2023 Author Posted June 16, 2023 (edited) You should find CMP_ADDRESS and modify it... This is similar to how x86 is handled, so you'll need to try it yourself. EDIT: You need to download and refer to Tristan Pro's tutorial, x64 is similar to x86, and you need to add the "Multiline Ultimate Assembler" plugin to x64dbg... Your target does not HWID_Lock my computer, it can run directly, and unpack is possible, so I do unpack... I remember there was a download link on this topic. Please contact the uploader for a backup of the tutorial... Edited June 16, 2023 by boot Add... 1
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 like this? mov edx,edi ? sean. 11 minutes ago, boot said: You need to download and refer to Tristan Pro's tutorial, x64 is similar to x86, and you need to add the "Multiline Ultimate Assembler" plugin to x64dbg... can you link Tristan Pro's tut address?
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 I just wanna bypass other target's hwid lock. can you link the address ? any Tristan Pro's video tut or document tut are there ? sean.
X0rby Posted June 16, 2023 Posted June 16, 2023 My 3rd challenge in this thread...😏 Unpacked. Original Size restored. 107kb Better_Size.exe 1
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 1 minute ago, X0rby said: My 3rd challenge in this thread...😏 Unpacked. Original Size restored. 107kb Good job. @X0rby. 1
boot Posted June 16, 2023 Author Posted June 16, 2023 4 minutes ago, windowbase said: I just wanna bypass other target's hwid lock. can you link the address ? any Tristan Pro's video tut or document tut are there ? sean. The tutorial link has been removed, you need to re-contact the uploader to get the backup of the tutorial...
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 25 minutes ago, boot said: I remember there was a download link on this topic. Please contact the uploader for a backup of the tutorial... okay.thanks.
X0rby Posted June 16, 2023 Posted June 16, 2023 (edited) Sean, go PM I'll help you with somethings.. Edited June 16, 2023 by X0rby
Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 I upload this locked to others version but i wonder why i can't run this in my machine either. Winlicense test.zip sean.
TRISTAN Pro Posted June 16, 2023 Posted June 16, 2023 2 hours ago, boot said: The tutorial link has been removed, you need to re-contact the uploader to get the backup of the tutorial... As I said my laptop was broken,so I don't have any script and all my data was disappear so I don't have even one. So may be someone send it to me and I will attach it or check my tutorial in text Here just ask to someone upload asm.txt and yuo will get it.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now