Sean Park - Lovejoy Posted June 16, 2023 Posted June 16, 2023 3 hours ago, TRISTAN Pro said: So may be someone send it to me and I will attach it or check my tutorial in text Here just ask to someone upload asm.txt and yuo will get it. anyone has asm.txt ? sean.
Sean Park - Lovejoy Posted June 17, 2023 Posted June 17, 2023 add ecx,ebp mov ecx,dword ptr ds:[ecx] cmp dword ptr ds:[ecx],edi pushfd mov edx,ebp mov ebx,0 how should I inline codes in here ?
Sean Park - Lovejoy Posted June 18, 2023 Posted June 18, 2023 (edited) On 4/3/2023 at 9:50 PM, TRISTAN Pro said: Tutorial for winlicence(This target): make inline to make the same process to automate the target. @TRISTAN Prohow to inline ? Edited June 18, 2023 by windowbase
NEW-RE Posted June 18, 2023 Posted June 18, 2023 (edited) On 6/16/2023 at 11:10 AM, boot said: The tutorial link has been removed, you need to re-contact the uploader to get the backup of the tutorial... Deleted Tutorial Edited June 23, 2023 by NEW-RE 2 1
Sean Park - Lovejoy Posted June 19, 2023 Posted June 19, 2023 (edited) On 6/19/2023 at 5:42 AM, NEW-RE said: PM Me , I need your help regarding Engima HWID @NEW-RE I finally saw boot's main form. exactly same way in the tutorial video, it'd be shown. many thanks for the video tutorial upload. @NEW-RE sean. Edited June 24, 2023 by windowbase 1
Sean Park - Lovejoy Posted June 20, 2023 Posted June 20, 2023 (edited) Try this UnpackMe. this is protected of 3 virtualized code blocks. my intention is whether you can devirtualize them and unpack it. Protection info. Themida v3.1.4.18 1. 3 virtual machines used. 2. no api wrapping. 3. no anti-debug. 4. no compression. 5. no entry point virtualized. ThemidaUnpackMe_protected.exe sean. Edited June 20, 2023 by windowbase Editting words.
xxx22xxx Posted July 21, 2023 Posted July 21, 2023 hello, can someone share with me the asm.txt for bypass HWID ? Thanks & Regards
net21u Posted July 24, 2023 Posted July 24, 2023 On 7/22/2023 at 7:47 AM, xxx22xxx said: hello, can someone share with me the asm.txt for bypass HWID ? Thanks & Regards Your telegram ID?
Dino Posted July 24, 2023 Posted July 24, 2023 On 4/3/2023 at 8:01 PM, TRISTAN Pro said: Thank yuo bro I need time to create a video then I already share some video to another personne but I will do it with this full unpackme about hwid bypassing I want everybody know about it and let the Orean technology see how does it work(SHARING KNOWLEDGE) and change a bit them protection.😁 Here the video bypassing hwid winlicence for latest version of themida only include masm for inline patching the unpackme. hope it help someone and make understand Orean technology team change them protection and make newer challenge don't forget like it and share. Good luck. Hi TP, Please upload again the video, Thank's in advance Dino 1
Sean Park - Lovejoy Posted January 18 Posted January 18 On 4/26/2023 at 12:48 AM, X0rby said: Boot challenge unpacked by X0rby.7z 3.99 MB · 90 downloads Unpacked Edition Windows 10 Enterprise Version 22H2 Installed on 31/05/2023 OS build 19045.3693 Experience Windows Feature Experience Pack 1000.19053.1000.0 X64 OS What's wrong? @X0rby Regards. sean.
X0rby Posted January 18 Posted January 18 Dunno, check your system - works well here in a freshly installed Windows 10.
Sean Park - Lovejoy Posted January 22 Posted January 22 (edited) On 7/25/2023 at 6:49 AM, Dino said: Hi TP, Please upload again the video, Thank's in advance Dino Refer to this thread. Regards. sean. Edited February 4 by windowbase editing some words.
replican Posted March 16 Posted March 16 On 4/3/2023 at 7:50 PM, TRISTAN Pro said: Tutorial for winlicence(This target): This tutorial work only for themida latest version,learn from @quosego and @LCF-AT . Load the target in ollydbg(I have made tutorial Here for configuration),now let the run app and when it appear pause and make search all séquences with those command "mov r32,[r32];cmp [r32],r32;pushfd" ,make all breakpoint on all Result and let it run again and click ok so the first compare is on 00556b26 cmp ecx and edi and make it the same after that the second compare is on 005B3719 cmp esi,edx and make it the same too and make inline to make the same process to automate the target. Now click all nag and let it run till all nag pass and decrypt section code to break on oep. Hope it will works for yuo Good luck. For those want video,I have old tutorial video unpackme by @converse for bypassing HWID contact me via Telegram +012345678912 or Name:Tristan Prosper MIARANA I will share via Telegram and hope someone have the tutorial video share to another.I don't have enough data internet to share it here cause I using phone. How i can get the tutorial vidio? 2
Sean Park - Lovejoy Posted June 5 Posted June 5 Can anyone bypass this HWID protected application with a fake license key file? It is the WinLicense v.3.1.3.0 x64. Winlicense Test.zip Regards. sean. 1
Sean Park - Lovejoy Posted June 5 Posted June 5 On 1/18/2024 at 11:34 PM, X0rby said: Dunno, check your system - works well here in a freshly installed Windows 10. @X0rby Your unpacked one is not unvirtualized of the original entry point of the @boot's protected application. so, can you devirtualize the entry point? I guess that you just dumped at the entry point and fixed the IAT. @boot already uploaded the original one. And you are so long these days. you said that you have been in holidays though. coming back then, check this out again. Regards. sean.
boot Posted June 5 Author Posted June 5 14 minutes ago, Sean Park - Lovejoy said: devirtualize the entry point. If the target is a program compiled by VC 6.0, it is possible to quickly restore OEP. 1
Sean Park - Lovejoy Posted June 5 Posted June 5 4 hours ago, boot said: If the target is a program compiled by VC 6.0, it is possible to quickly restore OEP. @boot I think that your sample target is compiled with Visual C++ 6.0. Many thanks for your reply. Regards. sean.
Sean Park - Lovejoy Posted June 6 Posted June 6 @boot Is it feasible to bypass this below with a fake license key file? Regards. sean.
X0rby Posted June 6 Posted June 6 17 hours ago, Sean Park - Lovejoy said: @X0rby Your unpacked one is not unvirtualized of the original entry point of the @boot's protected application. so, can you devirtualize the entry point? Heeh digging a more than 1-year post - the challenge was to unpack it, not to de-virtualise it. Anyways, here is the full fu_cked one....WinLicense completely removed 100% un.exe 1
Sean Park - Lovejoy Posted June 6 Posted June 6 (edited) 11 minutes ago, X0rby said: Heeh digging a more than 1-year post - the challenge was to unpack it, not to de-virtualise it. Anyways, here is the full fu_cked one....WinLicense completely removed 100% un.exe 659 kB · 0 downloads @X0rby Really fantastic. I need your help. Is this feasible to bypass the HWID lock with a fake license key file? Regards. sean. Edited June 6 by Sean Park - Lovejoy
Sean Park - Lovejoy Posted June 6 Posted June 6 4 hours ago, X0rby said: Heeh digging a more than 1-year post - the challenge was to unpack it, not to de-virtualise it. Anyways, here is the full fu_cked one....WinLicense completely removed 100% un.exe 659 kB · 4 downloads @X0rby ".winlice" section is consist of virtual machine instructions of the WinLicense? Regards. sean.
Sean Park - Lovejoy Posted June 7 Posted June 7 On 6/5/2024 at 5:56 PM, Sean Park - Lovejoy said: Can anyone bypass this HWID protected application with a fake license key file? It is the WinLicense v.3.1.3.0 x64. Winlicense Test.zip 4.8 MB · 4 downloads Regards. sean. @boot Is this feasible to bypass without the valid key file? Regards. sean.
boot Posted June 7 Author Posted June 7 3 hours ago, Sean Park - Lovejoy said: Is this feasible to bypass without the valid key file? I'm afraid not. This depends on the options you have selected when protecting the application. 1
Sean Park - Lovejoy Posted June 7 Posted June 7 2 minutes ago, boot said: I'm afraid not. This depends on the options you have selected when protecting the application. @boot Can you test this for me? If it is possible to bypass or not? Regards. sean. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now