Bang1338 Posted January 15 Posted January 15 View File TinyCrackMe - WinLicense 3.1.7.0 Edition === SPOILER INSIDE SOURCE CODE TAB === A WinLicense'd version of TinyCrackMe Rules: 1. Unpack first 2. Do whatever you want after unpack, as long as ":3" MessageBox appear :3 Just want to see how long ppl will crack the latest version of WinLicense... WL Protection: - Anti-Debugger - Advanced API-Warping - Compress And Encrypt (all 3 options) - Full Encrypt Strings - Detect File/Registry Monitor - Entry Point Virt - Anti File Patching - Perform Protection Check - VMware/Virtual PC Allowed WLVM: - SHARK32 (Black, Red) - PUMA32 (Black, Red) - EAGLE32 (Black) Happy reversing :3 Submitter Bang1338 Submitted 01/14/2024 Category CrackMe 1
Sean Park - Lovejoy Posted January 15 Posted January 15 (edited) It's hard to me. Regards. sean. Edited January 15 by windowbase editing some words. 1
InvizCustos Posted January 15 Posted January 15 (edited) 4 hours ago, Bang1338 said: Just want to see how long ppl will crack the latest version of WinLicense... It's not enough to have the latest version of the protector. You must also know how to use the protector. You have not used all of the available settings. Nor have you used the SDK. Edited January 15 by InvizCustos 2
TRISTAN Pro Posted January 15 Posted January 15 (edited) No protection apply (code not virtualized), so it can be unpacked easily,I already post script,so use it for repair iat and dump. pass is eXcElLEnt at 004018FB. Mazotoa daholy.😁 Edited January 25 by TRISTAN Pro Tested on VM boot win 7 2
Bang1338 Posted January 16 Author Posted January 16 (edited) 4 hours ago, TRISTAN Pro said: No protection apply (code not virtualized), damn excellent 5 hours ago, InvizCustos said: Nor have you used the SDK. Will use SDK next time 7 hours ago, X0rby said: Unpacked and patched (accepting any input) ok.exe 441.5 kB · 8 downloads excellent :3 Edited January 16 by Bang1338 1
X0rby Posted January 16 Posted January 16 (edited) In this sample you asked for unpack, when you add virtualization to the code you need to name it de-virtualize me not unpackme - there's a difference. and those who are talking I bet any one of them can do it, it's not an easy task - it will take like a week of group work to do it. unless you have already did a reseach on the vms and made a tool that can automate the process. Edited January 16 by X0rby 1
InvizCustos Posted January 16 Posted January 16 5 hours ago, Bang1338 said: Will use SDK next time Also, much of the settings can be found here - https://oreans.com/help/advopt/ 1 1
wilaper Posted November 13 Posted November 13 On 1/15/2024 at 4:42 PM, Sean the hard worker said: It's hard to me. Regards. sean. Greetings, could you provide me with the winlicense 3.1.70 installer? 1
Sean Park - Lovejoy Posted November 13 Posted November 13 (edited) 1 hour ago, wilaper said: Greetings, could you provide me with the winlicense 3.1.70 installer? @wilaper No, I can not do it. 'cause that I do not have it. but I have the winlicense v3.1.3.0 x86 x64. Regards. sean. Edited November 13 by Sean the hard worker 1
Noob boy Posted December 11 Posted December 11 (edited) winlicense 3.2.2 Edited December 11 by Noob boy 1
Noob boy Posted December 13 Posted December 13 (edited) WinLicense 3.2.2 x64.zipWinLicense 3.2.2 x86Dome.rar Winlicense 3.2.2 has updated the verification method. The old method cannot be bypassed. So how can the new method bypass it Edited December 13 by Noob boy 1
Bang1338 Posted December 13 Author Posted December 13 (edited) 39 minutes ago, Noob boy said: WinLicense 3.2.2 x64.zip 5.87 MB · 1 download WinLicense 3.2.2 x86Dome.rar 5.34 MB · 3 downloads Winlicense 3.2.2 has updated the verification method. The old method cannot be bypassed. So how can the new method bypass it thank for updating my crackme i only have Winlicense 3.2.0.0 in my hand Edited December 13 by Bang1338 woops, not my crackme, it's CFF explorer :P 1
Noob boy Posted December 13 Posted December 13 1 hour ago, Bang1338 said: thank for updating my crackme i only have Winlicense 3.2.0.0 in my hand Then update the English version of the x86 x64 examples. 2
Bang1338 Posted December 15 Author Posted December 15 (edited) On 12/13/2024 at 9:42 PM, Noob boy said: Then update the English version of the x86 x64 examples. sure 👌 Note: i will only gave x86 ver Edited December 15 by Bang1338 not gonna do x64 because it's pain to recompile and reprotect 1 1
Bang1338 Posted December 15 Author Posted December 15 (edited) Rules: 1. Unpack first (extra, optional: devirtualize will get extra respects) 2. Do whatever you want after unpack, as long as ":3" MessageBox appear :3 3 (extra, optional). Extract the splash screen (no screenshot pls) Note: Flags is now different. Just want to see how long ppl will crack the latest 3.2.0.0 version of WinLicense... WL Protection: - Anti-Debugger - Advanced API-Warping - Compress And Encrypt (all 3 options) - Full Encrypt Strings - Detect File/Registry Monitor - Entry Point Virt - Anti File Patching - Perform Protection Check - VMware/Virtual PC Allowed - Four Two macros WLVM: - DOLPHIN32 (White) - FISH32 (Red, White) - TIGER32 (White) Splash screen by eintim23 (not in tuts4you), thank you. LargerThanColonThree.zip Edited December 15 by Bang1338 forgot to mention that flags changed to uhhhh i can't tell | forgot to mention that devirtualize is optional 1 1
boot Posted December 15 Posted December 15 3 hours ago, Bang1338 said: Rules: 1. Unpack first (extra, optional: devirtualize will get extra respects) 2. Do whatever you want after unpack, as long as ":3" MessageBox appear :3 This is a sample that I manually unpacked. Unpacked_InlinePatch.zip 3 hours ago, Bang1338 said: 3 (extra, optional). Extract the splash screen (no screenshot pls) I haven't thought of a good way to satisfy the third rule yet... 1 1
Bang1338 Posted December 15 Author Posted December 15 4 hours ago, boot said: I haven't thought of a good way to satisfy the third rule yet... You can skip rule 3 if you can't, since rule 3 is optional 4 hours ago, boot said: This is a sample that I manually unpacked. Bravo 🎉 1
Sean Park - Lovejoy Posted December 16 Posted December 16 (edited) How to recover api wrapping? And what is the advanced api wrapping? Regards. sean. Edited December 16 by Sean Park - Lovejoy 1
Bang1338 Posted December 16 Author Posted December 16 2 hours ago, Sean Park - Lovejoy said: And what is the advanced api wrapping? 1
Sean Park - Lovejoy Posted December 16 Posted December 16 GPT says that Quote Themida's Advanced API Wrapping is a feature provided by the Themida software protection tool, which is designed to protect applications from reverse engineering, debugging, and tampering. This feature involves modifying the way your application's API calls interact with the operating system or other external libraries by "wrapping" them, which adds an additional layer of security and obfuscation. How Advanced API Wrapping Works Intercepting API Calls: Themida replaces or modifies standard API calls (such as calls to Windows APIs) in your program with protected versions. Wrapper Code Injection: A wrapper layer is inserted between the application and the API. This wrapper can: Obfuscate API arguments and return values. Encrypt or encode the API communication. Perform additional checks or validations (e.g., anti-debugging or anti-tampering). Runtime Security: At runtime, the wrapped API calls execute through the Themida protection mechanism. This makes it significantly harder for attackers to understand the functionality of the program, as: API call logic becomes non-standard. Debugging tools may fail to track or hook into the API calls. The program may detect reverse engineering attempts and react accordingly. Key Benefits of Advanced API Wrapping Obfuscation: Hides the logic of API calls, making it difficult to analyze or intercept. Anti-Hooking: Prevents attackers from hooking APIs to monitor or alter program behavior. Tamper Resistance: Ensures that if the wrapping is modified or bypassed, the application may stop working. Enhanced Debugging Resistance: Introduces anti-debugging techniques that trigger errors or disrupt analysis tools. Use Cases Game Protection: Prevents cheats or hacks by obfuscating how the game communicates with its environment. DRM (Digital Rights Management): Protects software from piracy by securing sensitive API interactions. Commercial Software Security: Shields proprietary algorithms or sensitive functionality from reverse engineering. Potential Drawbacks Performance Overhead: The additional layer of API wrapping can introduce performance penalties, especially for applications with frequent API calls. Complex Debugging: Even legitimate debugging of protected applications becomes more challenging. Compatibility Issues: Some protected APIs might not work correctly on all systems or configurations. If you are considering using Themida's Advanced API Wrapping, evaluate your application's needs, test extensively to ensure compatibility, and weigh the trade-offs between security and potential impact on performance and usability. Regards. sean. 1
Bang1338 Posted December 16 Author Posted December 16 48 minutes ago, Sean Park - Lovejoy said: GPT says that Regards. sean. don't ask GPT for very such a far thing consider reading documentation 1
Sean Park - Lovejoy Posted December 16 Posted December 16 31 minutes ago, Bang1338 said: don't ask GPT for very such a far thing consider reading documentation @Bang1338 Wrapping means that using different apis to make an api call be obfuscated? Regards. sean. 1
Sean Park - Lovejoy Posted December 16 Posted December 16 52 minutes ago, Sean Park - Lovejoy said: @Bang1338 Wrapping means that using different apis to make an api call be obfuscated? Regards. sean. Themida’s Advanced API Wrapping doesn’t mean using different APIs to make a call but rather involves wrapping and obfuscating existing API calls to make them more difficult to analyze, intercept, or manipulate by attackers. Here's a detailed explanation: What Happens with Advanced API Wrapping? Interception and Wrapping: Themida intercepts standard API calls made by your program (e.g., calls to Windows APIs or libraries) and replaces them with custom “wrapped” versions. These wrapped versions act as intermediaries between the application and the actual API. Obfuscation of Parameters and Flow: Parameters passed to the API can be encoded, encrypted, or altered by the wrapper. The wrapper logic itself is obfuscated, making it difficult for an attacker to understand how the API call is being processed or what arguments are being passed. Redirection and Layering: Calls may be redirected through additional layers of code or custom logic before reaching the actual API. These layers might perform security checks (e.g., anti-debugging, anti-tamper) or simply add noise to confuse reverse engineers. Dynamic Behavior: The wrapper might dynamically adjust how it interacts with the API based on runtime conditions, making static analysis tools ineffective. For example, some wrapped API calls may only function correctly in a valid execution environment, preventing sandboxed analysis. What This Means for API Calls Obfuscation: While the actual API (e.g., CreateFile or ReadProcessMemory) remains the same, the way it is invoked appears obfuscated due to the added wrapper logic. Attackers analyzing the program won't see straightforward API calls. Instead, they'll encounter a chain of custom function calls or complex operations obscuring the original API call. Security Checks: The wrapper might add security checks (e.g., validating the environment) before deciding whether to allow the API call to proceed. Anti-Hooking: By wrapping API calls, Themida makes it harder for attackers to use hooking techniques to monitor or modify API calls, as they can't directly intercept the standard APIs. What Advanced API Wrapping Does NOT Mean Using Different APIs: It doesn't replace one API with another (e.g., using OpenFile instead of CreateFile); rather, it modifies how the original API call is invoked and processed. Changing API Functionality: The underlying functionality of the API remains the same; the changes are in how the application interacts with it. Example (Simplified) Consider a program that calls CreateFile. Without Themida, it might look like this in pseudo-code: c Copy code HANDLE fileHandle = CreateFile("example.txt", GENERIC_READ, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); With Themida's API Wrapping, this might become: c Copy code HANDLE fileHandle = Wrapped_API_XYZ_123("encoded_example.txt", obfuscated_flags, security_token); Obfuscated Call: Instead of calling CreateFile directly, it goes through Wrapped_API_XYZ_123, which contains complex and obfuscated logic. Encoded/Encrypted Parameters: The string "example.txt" and other arguments might be encoded or encrypted before being passed to the wrapper. Decryption at Runtime: The wrapper decrypts and processes the parameters, performs additional security checks, and then calls CreateFile internally. Why Use This Technique? To protect sensitive functionality from being understood or manipulated. To make reverse engineering harder by complicating the flow of API calls. To deter common hacking methods like API hooking, parameter sniffing, or call redirection. In summary, Advanced API Wrapping modifies and obfuscates how API calls are made without fundamentally changing the APIs themselves. Best Regards. sean. 1
Sean Park - Lovejoy Posted December 16 Posted December 16 14 hours ago, boot said: This is a sample that I manually unpacked. Unpacked_InlinePatch.zip 13.84 MB · 11 downloads I haven't thought of a good way to satisfy the third rule yet... @boot How to unwrap wrapped apis? Regards. sean. 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now