2days Posted August 2, 2023 Posted August 2, 2023 View File WinLicense v3.1.3.0 x64 (Bypass Without Unpacking) License User Details User Name=2days Tuts4you Company=The Terminator Hardware ID=6FF7-E7EF-5988-20FE-144E-865D-2D30-A73B Custom Data=<custom_start>Skynet, a global network of artificial intelligence machines.<custom_end> License Restrictions Days Expiration=365 Date Expiration=2029/12/12 Executions=999 Runtime execution=999 Global Time=999 Install Before Date=2029/01/01 Miscellaneous Unicode License=yes Generated License (FILE KEY) License Format=Binary License Data= <license_start> ghO1ud4wf14YNU87wUptZ1JTofTFErVAD+IwWKEjB/fxOtba9Vt0uasw45jdF3Yr9eGcJ/6h6lfad3d/MMYzxXYP7OZVGfHctljzMWS4H13UVl3DWBgWzCeozgy9k1UlULrL3/oKL/VdiS/BOJC98IgsF5+XT80xyGxos+Hcs4YdRarI9t0tj/+asJhpgN2KAXvH6lfp8qp0uvwZQUcnw/u+SpQjssOF5aAP9Bwweuw+6nfGxrZGcy8aNK3Kqo7rI5rLPk9Mzo1U0WkS1/I8lpQS1Mtticm1Am/eZCiCHJDMXDEfgTEuLGhQ9AItQtLQ2Fn8egx786AbJM09OEdiz5aGhz3kZfJZz8djMG3g8222gCmmDty8G4pBttMefKkVjKHoI2UXboNHpoOpxi53F6jldAhh3t+JoaOwa3Ng51uTfoNc2kLlCCP+jrjchZUNN9MY8y3kQ4K0Hd6eNkPAXwqbl2kakLZOlsmkkkVi9Pg620SzOt6YHh9iV1rS+TZ0jzWMvC9IakEgJionxYShgLg1Qkv6o4qIzP2ri9lMpM5eJK9Zo+Yl6K9HLnJ/gOE97Op7iAlywjsol5sunCIROe4pLHZo0PDNFJNZ4yy1VEgHp2+Qy/0nP55Fc8845MkE4hrjpg7SOFphFILgTuGVPG97nhRDTi05+f50WE2rl5PpuXnmeBblgD7S87p2tHUO7o2t8kvI/z7Xd9xNfw4HYJcbztKPxAkamUdIl0jmnhdIRGJMlYZm7rBgLd6dYhEu6Lo8P5vi7tydId4QsuwC7tv6+F8CQ1n6HpXSoPowKuMI/L2Zg1Ry3jlS2KUvH4spGy3URvJ8e2rFaDZpmQ== <license_end> File Information Platform: Windows Bits: 64-bit Type: Executable (Standard) Version: 1.0.0.2 Modified: 8/1/2023 12:09:04 PM Protection Macros Virtual Machine: 10 Mutate: 0 String Encrypt: 6 CheckProtection: 2 CheckCodeIntegrity: 0 CheckVirtualPC: 1 CheckDebugger: 1 Unprotected: 0 CheckRegistration: 0 Registered: 0 Unregistered: 0 WinLicense x64 (version 3.1.3.0) Unit_bypassme.pas Submitter 2days Submitted 08/02/2023 Category CrackMe 2
LCF-AT Posted August 2, 2023 Posted August 2, 2023 1 hour ago, 2days said: (Bypass Without Unpacking) 4 3
Solution boot Posted August 3, 2023 Solution Posted August 3, 2023 (edited) EDIT SLN You need to Hook MessageBoxW && Hook MessageBoxExW to mask the dialog box twice. And you also need to patch the register once, the specific method/step can be referred to here. The steps are similar to those of x86, you need to suspend the program and step over retn, then set breakpoints at all cmp addresses and select the correct one. I used Inline Assembly x64 for the Loader64, you can use other tools for bypass, such as Baymax x64... It's a friendly tool for users... Loader64_ByPassMe_x_protected.rar video_2023-08-03_090939.mp4 Edited August 3, 2023 by boot add... 1
2days Posted August 3, 2023 Author Posted August 3, 2023 5 hours ago, boot said: Loader64_ByPassMe_x_protected.rar 1.99 MB · 2 downloads video_2023-08-03_090939.mp4 194.12 kB · 0 downloads Legends never die. Kind regards
BlackHat Posted August 4, 2023 Posted August 4, 2023 (edited) Few Questions in my mind regarding the @solutions getting posted and even getting approved. How did you patch It? How did you unpack or crack It? What kind of debugging settings used by You? Have you used already available public tools or coded something private? (If you made something privately then how does It work?) How did you trace and reach to specific point for patching? (Anti debug bypass or CRC check for patch) What was the logic behind that? Do you guys know what a good @solution is? See this - Quote What is the logic of all these videos posted in threads (mostly related to Themida) ? are these Useful? No absolutely not. you all are just acting like an attention seeker by showing off that you can unpack or patch by making a 13-15 sec video with no info. in such videos, there is a loader and you launch and it works. BOOM ! If all the videos are like this then better not to post and increase burden on the site because in my point of view these kind of video proofs are pointless and senseless. We are here to read and increase the knowledge. If you don't wanna share, simply keep it up to you. No need to show off and even If you do, I have no problem with you when you show-off but It should not be marked as a Solution. P.S. - I am not asking you to share the source code or a complete private stuff but at least you can share steps in a descriptive manner. Edited August 4, 2023 by BlackHat 8 3 1
Sean Park - Lovejoy Posted August 4, 2023 Posted August 4, 2023 Give some infos please. about the loader. sean. 1
Barestra Posted August 6, 2023 Posted August 6, 2023 On 8/5/2023 at 2:58 PM, bon said: easy. thank boot BOOM..! Untitled.mp4 1
Sean Park - Lovejoy Posted January 18 Posted January 18 How should I configure anti debug setting? I have a problem to debug this. Regards. sean. 1
Sean Park - Lovejoy Posted January 18 Posted January 18 (edited) Quote @boot The steps are similar to those of x86, you need to suspend the program and step over retn, then set breakpoints at all cmp addresses and select the correct one. I have some trouble with debugging x64 target. at first antidebug issue. I can't bypass it with x64dbg using the scyllahide and sharpOD x64 plugins. My settings are below. And I don't know how to find the cmp commands in x64 envirnment. 'cause we can't use the ollydbg for x64 apps. so we can't use the finding sequence of commands feature. How should I find the cmp commands with x64dbg? Waiting for help. Regards. sean. Edited January 18 by windowbase editing some words. 1
Sean Park - Lovejoy Posted January 26 Posted January 26 On 1/19/2024 at 6:08 AM, windowbase said: And I don't know how to find the cmp commands in x64 envirnment. 'cause we can't use the ollydbg for x64 apps. so we can't use the finding sequence of commands feature. How should I find the cmp commands with x64dbg? Waiting for help. Regards. sean. @boot specifically in this target, how should I find all matches of "cmp x,x" in the ".winlice" section? I used "cmp dword ptr ds: [rdi],r13d" but nothing matches. Regards. sean. 1
Sean Park - Lovejoy Posted January 29 Posted January 29 (edited) On 8/3/2023 at 10:12 AM, boot said: EDIT SLN You need to Hook MessageBoxW && Hook MessageBoxExW to mask the dialog box twice. And you also need to patch the register once, the specific method/step can be referred to here. The steps are similar to those of x86, you need to suspend the program and step over retn, then set breakpoints at all cmp addresses and select the correct one. I used Inline Assembly x64 for the Loader64, you can use other tools for bypass, such as Baymax x64... It's a friendly tool for users... Loader64_ByPassMe_x_protected.rar 1.99 MB · 130 downloads video_2023-08-03_090939.mp4 194.12 kB · 0 downloads @boot Not with loader, Not with dll hijacking. I just want to know how to bypass this specific target using with x64dbg. because that I can't understand well what you explained in the summary above. Many thanks in advance. Regards. sean. Edited January 29 by windowbase Editting words. 1
Sean Park - Lovejoy Posted January 29 Posted January 29 (edited) On 8/4/2023 at 5:32 PM, Barestra said: search for CMP x,x What is the correct value? Search for the every CMP instructions. using the trace feature with a condition (streq(dis.mnemonic(cip), "cmp") of the debugger like x64dbg will do the job for you. set breakpoints all of them and find a correct one. Regards. sean. Edited January 29 by windowbase adding words. 1
Sean Park - Lovejoy Posted January 30 Posted January 30 (edited) On 1/29/2024 at 1:57 PM, windowbase said: @boot Not with loader, Not with dll hijacking. I just want to know how to bypass this specific target using with x64dbg. because that I can't understand well what you explained in the summary above. Many thanks in advance. Regards. sean. When I try to bypass this target with x64dbg, The process suspends after all the messageboxes. Not Showing TMainForm. Can anyone let me know why this happens? View these images below. then ... Regards. sean. Edited January 30 by windowbase editing some words. 1
Sean Park - Lovejoy Posted February 1 Posted February 1 On 1/30/2024 at 10:37 PM, windowbase said: When I try to bypass this target with x64dbg, The process suspends after all the messageboxes. Not Showing TMainForm. Can anyone let me know why this happens? View these images below. then ... Regards. sean. This target also needs the "dll","drv" hooking, hijacking or a loader application. we cannot bypass it just with the debuggers like x64dbg. Correct me if I am wrong. Regards. sean. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now