Jump to content
Tuts 4 You

Enigma Protector v7.5(Shell 示例)


Go to solution Solved by 2lht_love,

Recommended Posts

2lht_love
Posted

 

@boot is in the forum 52hb expert RE group, I think he can provide for you an invitation code 😁.

 

Posted
1 hour ago, 2lht_love said:

You're from China so there are a lot of forums looking for powerful debuggers.

https://www.52hb.com/

https://www.52pojie.cn/

 

There are many modified versions from these forums, I also learned from your country 😉.

Is this a seek-and-hide game? giving the forums links and he must search until he finds it?

Look at this (a random post), he gets the plugin from here and puts it for sale on that forum...

image.png.4f9f4e00d6d3412cdb6cd2309de0a020.png

  • Like 1
Posted (edited)

after a quick check what enigma attacks in the x32  engine and a slight fix. The latest vmp etc. can also be debugged freely. The fix is done I integrated it into scillahide.

Antidebug.jpg

Edited by azufo
  • Like 1
Posted
6 hours ago, X0rby said:

These Chinese forums are paid and you need to be Chinese to join....Chinese people want to learn from our forums but they don't accept any NO-Chinese to learn from them - using websites like Baidu to upload or video hosters that need Chinese number also.


I don't think what you said is true, the forum is free.Welcome!

www.chinapyg.com

www.52pojie.cn/

bbs.kanxue.com/

 

Posted (edited)
28 minutes ago, lengyue said:

You need to pay 19 yaun for the code to register :

image.png.6c206b73364418540bfbec0909d6df84.png

28 minutes ago, lengyue said:

 

www.chinapyg.com

 

 

image.png.beeeeafba3c66b39c470e8b464c13adf.png

90 yaun for this forum.

 

28 minutes ago, lengyue said:

Registration only via phone number?  and it must be Chinese also I think.

image.png.08cffcf7462f9a317d203c4188e18a0e.png

 

Even if you want to pay and join you can't because you need to be Chinese and have accounts in their payment systems and methods.

28 minutes ago, lengyue said:


I don't think what you said is true, the forum is free.Welcome!

 

@lengyue Thanks for welcoming me but as you can see what I said is true.

image.png

Edited by X0rby
  • Haha 1
Posted

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

Spoiler

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

 

  • Like 2
Sean Park - Lovejoy
Posted
17 minutes ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Reveal hidden contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

 

How do we find the CRC address?

Regards.

sean.

jackyjask
Posted
1 hour ago, boot said:

is needed to bypass the anti debugging mentioned above.

is it some new antidbg intorduced in Enigma, if yes, how would you name it?

Posted (edited)
4 hours ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Hide contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

 

Hello my friend please try to resolve the challenge hwid , the hwid there didn't generated as expeted, btw I'm using windows 11

Https://forum.tuts4you.com/topic/44662-simple-calculator-enigma-740-ilprotector-202214/?do=findComment&comment=218502

Edited by RADIOX
Posted (edited)
8 hours ago, windowbase said:

How do we find the CRC address?

Regards.

sean.

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Edited by lengyue
  • Thanks 1
Posted
9 hours ago, X0rby said:

You need to pay 19 yaun for the code to register :

image.png.6c206b73364418540bfbec0909d6df84.png

image.png.beeeeafba3c66b39c470e8b464c13adf.png

90 yaun for this forum.

 

Registration only via phone number?  and it must be Chinese also I think.

image.png.08cffcf7462f9a317d203c4188e18a0e.png

 

Even if you want to pay and join you can't because you need to be Chinese and have accounts in their payment systems and methods.

@lengyue Thanks for welcoming me but as you can see what I said is true.

image.png

The author of Baymax Patch Tools is an administrator from www.chinapyg.com, who shares excellent tools for free. Due to many people only coming to get results, the website has opened an invitation to register, and there are multiple ways for the website to obtain registration. You can write a technical article and get an invitation code for free. Welcome to China Piaoyun Pavilion.QQ20240215103623.png.752a91812fcc341a019df646a454036f.png

14 hours ago, X0rby said:

Is this a seek-and-hide game? giving the forums links and he must search until he finds it?

Look at this (a random post), he gets the plugin from here and puts it for sale on that forum...

undefined

As you said, such people also exist on our Chinese websites, so everyone is very disgusted. Opening invitation registration is also a helpless move.

  • Like 1
Posted (edited)
19 hours ago, azufo said:

after a quick check what enigma attacks in the x32  engine and a slight fix. The latest vmp etc. can also be debugged freely. The fix is done I integrated it into scillahide.

Antidebug.jpg

Very good!!You're amazing

Edited by lengyue
Sean Park - Lovejoy
Posted
1 hour ago, lengyue said:

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Many thanks.

Regards.

sean.

  • Like 1
Sean Park - Lovejoy
Posted
13 hours ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Reveal hidden contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

 

@boot How to debug the target? I can't debug this with ollydbg or x64dbg. no being shown the hardware id lock dialog box when running it with the debuggers.

Regards.

sean.

  • Like 1
Posted (edited)
4 hours ago, windowbase said:

... debug the target...

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

TEP_v7.5_Win_7_10_11_x64_Baymax_Patchers(updated).zip (10.37 MB)

Edited by boot
Correcting mistakes...
  • Thanks 1
Posted
17 minutes ago, boot said:

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

Yes true I wrote a simple shfolder before and very powerful thanks to @Sh4DoVV

Sean Park - Lovejoy
Posted
34 minutes ago, boot said:

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

@boot doesn't work at all.

Regards.

sean.

  • Like 1
Posted (edited)
23 minutes ago, lengyue said:

Patch&KegGen!But it doesn't work on  Windows 7.QQ20240215182133.png.e5a961eaf736933a2f55568b3b1dbd86.png

Hi, I just used the script and the hwid didn’t generate as expected this doesn't works only in that challenge, here is fine like @boot said nothing especial. I don’t have any idea what is wrong  because everyone else seems to bypass it easily 

Edited by RADIOX
Posted
8 hours ago, lengyue said:

изучаване на

изучаване на

В прикачения файл LastChanger.txt намерете кода на функцията: 4B75?? 83F0FFEB0233C0 и го потърсете във файла, лесно е да намерите CRC-адрес

 

8 hours ago, lengyue said:

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Nonsense... If they want to learn how to do that, they should hook the winapi CreateFileA, CreateFileW .So using rote stuff, find this or that, they won't learn anything.

  • Like 1
Sean Park - Lovejoy
Posted
3 minutes ago, azufo said:

 

Nonsense... If they want to learn how to do that, they should hook the winapi CreateFileA, CreateFileW .So using rote stuff, find this or that, they won't learn anything.

@azufo Hey. please write some kind and detailed tutorials for us. so we can learn something useful. do yourself all the things is not helpful.

Regards.

sean.

  • Like 1
2lht_love
Posted

@lengyue Can you provide target Enigma Protector 7.5 x64 ?

Sean Park - Lovejoy
Posted (edited)

Deleted.

Edited by windowbase
editing some words.
  • Like 1
Posted
1 hour ago, windowbase said:

doesn't work at all...

Due to only testing in the Win7 x64 and Win10 x64 operating environments before, the two patches are valid; In the Win11 x64 operating environment, two patches are invalid. After debugging && testing in the Win11 x64 environment, I re-used Baymax to generate these two patches. Just download this attachment again.
It supports the Win7/10/11 x64 operating environment.

TEP_v7.5_Win_7_10_11_x64_Baymax_Patchers(updated).zip (10.37 MB)

  • Like 1
  • Thanks 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...