Jump to content
Tuts 4 You

Enigma Protector v7.5(Shell 示例)

lengyue

By lengyue
in UnPackMe

 Share
Go to solution Solved by 2lht_love,

Recommended Posts

2lht_love

2lht_love

Posted
Posted

 

@boot is in the forum 52hb expert RE group, I think he can provide for you an invitation code 😁.

 

  • Replies 100
  • Created
  • Last Reply

Top Posters In This Topic

  • lengyue

    26

  • Sean the hard worker

    25

  • RADIOX

    9

  • azufo

    9

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

lengyue
lengyue

This is an Enigma Protector_7.5 shell sample, whether it is Unpack, PatchHWID, or KeyGen, as long as it can successfully bypass registration, it is sufficient. Welcome friends to test, Using hardware

azufo
azufo

My team and I created a debugger that is undetectable, including by drm, vpm, denuvo, etc. With real-time http debugger and detect hidden inject or integrated payload from the author  and more and mor

2lht_love
2lht_love

Constant value for your target : D6410E3B 😉

Posted Images

X0rby

X0rby

Posted
Posted
1 hour ago, 2lht_love said:

You're from China so there are a lot of forums looking for powerful debuggers.

https://www.52hb.com/

https://www.52pojie.cn/

 

There are many modified versions from these forums, I also learned from your country 😉.

Is this a seek-and-hide game? giving the forums links and he must search until he finds it?

Look at this (a random post), he gets the plugin from here and puts it for sale on that forum...

image.png.4f9f4e00d6d3412cdb6cd2309de0a020.png

  • Like 1
azufo

azufo

Posted
Posted (edited)

after a quick check what enigma attacks in the x32  engine and a slight fix. The latest vmp etc. can also be debugged freely. The fix is done I integrated it into scillahide.

Antidebug.jpg

Edited by azufo
  • Like 1
lengyue

lengyue

Posted
  • Author
Posted
6 hours ago, X0rby said:

These Chinese forums are paid and you need to be Chinese to join....Chinese people want to learn from our forums but they don't accept any NO-Chinese to learn from them - using websites like Baidu to upload or video hosters that need Chinese number also.


I don't think what you said is true, the forum is free.Welcome!

www.chinapyg.com

www.52pojie.cn/

bbs.kanxue.com/

 

X0rby

X0rby

Posted
Posted (edited)
28 minutes ago, lengyue said:

 

www.52pojie.cn/

 

You need to pay 19 yaun for the code to register :

image.png.6c206b73364418540bfbec0909d6df84.png

28 minutes ago, lengyue said:

 

www.chinapyg.com

 

 

image.png.beeeeafba3c66b39c470e8b464c13adf.png

90 yaun for this forum.

 

28 minutes ago, lengyue said:

 

bbs.kanxue.com/

 

Registration only via phone number?  and it must be Chinese also I think.

image.png.08cffcf7462f9a317d203c4188e18a0e.png

 

Even if you want to pay and join you can't because you need to be Chinese and have accounts in their payment systems and methods.

28 minutes ago, lengyue said:


I don't think what you said is true, the forum is free.Welcome!

 

@lengyue Thanks for welcoming me but as you can see what I said is true.

image.png

Edited by X0rby
  • Haha 1
boot

boot

Posted
Posted

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

Spoiler

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

Spoiler

 

  • Like 2
Sean the hard worker

Sean the hard worker

Posted
Posted
17 minutes ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Reveal hidden contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

  Reveal hidden contents

 

 

How do we find the CRC address?

Regards.

sean.

jackyjask

jackyjask

Posted
Posted
1 hour ago, boot said:

is needed to bypass the anti debugging mentioned above.

is it some new antidbg intorduced in Enigma, if yes, how would you name it?

RADIOX

RADIOX

Posted
Posted (edited)
4 hours ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Hide contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

  Hide contents

 

 

Hello my friend please try to resolve the challenge hwid , the hwid there didn't generated as expeted, btw I'm using windows 11

Https://forum.tuts4you.com/topic/44662-simple-calculator-enigma-740-ilprotector-202214/?do=findComment&comment=218502

Edited by RADIOX
lengyue

lengyue

Posted
  • Author
Posted (edited)
8 hours ago, windowbase said:

How do we find the CRC address?

Regards.

sean.

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Edited by lengyue
  • Thanks 1
lengyue

lengyue

Posted
  • Author
Posted
9 hours ago, X0rby said:

You need to pay 19 yaun for the code to register :

image.png.6c206b73364418540bfbec0909d6df84.png

image.png.beeeeafba3c66b39c470e8b464c13adf.png

90 yaun for this forum.

 

Registration only via phone number?  and it must be Chinese also I think.

image.png.08cffcf7462f9a317d203c4188e18a0e.png

 

Even if you want to pay and join you can't because you need to be Chinese and have accounts in their payment systems and methods.

@lengyue Thanks for welcoming me but as you can see what I said is true.

image.png

The author of Baymax Patch Tools is an administrator from www.chinapyg.com, who shares excellent tools for free. Due to many people only coming to get results, the website has opened an invitation to register, and there are multiple ways for the website to obtain registration. You can write a technical article and get an invitation code for free. Welcome to China Piaoyun Pavilion.QQ20240215103623.png.752a91812fcc341a019df646a454036f.png

14 hours ago, X0rby said:

Is this a seek-and-hide game? giving the forums links and he must search until he finds it?

Look at this (a random post), he gets the plugin from here and puts it for sale on that forum...

undefined

As you said, such people also exist on our Chinese websites, so everyone is very disgusted. Opening invitation registration is also a helpless move.

  • Like 1
lengyue

lengyue

Posted
  • Author
Posted (edited)
19 hours ago, azufo said:

after a quick check what enigma attacks in the x32  engine and a slight fix. The latest vmp etc. can also be debugged freely. The fix is done I integrated it into scillahide.

Antidebug.jpg

Very good!!You're amazing

Edited by lengyue
Sean the hard worker

Sean the hard worker

Posted
Posted
1 hour ago, lengyue said:

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Many thanks.

Regards.

sean.

  • Like 1
Sean the hard worker

Sean the hard worker

Posted
Posted
13 hours ago, boot said:

The main operation is to patch CRC_ADDRESS: 0x0078D881 three times.

There's nothing special about it. Just a simple method is needed to bypass the anti debugging mentioned above.

  Reveal hidden contents

2024-02-15_013119.jpg.fe1cd796811f4f36f014fb888d27349e.jpg

  Reveal hidden contents

 

 

@boot How to debug the target? I can't debug this with ollydbg or x64dbg. no being shown the hardware id lock dialog box when running it with the debuggers.

Regards.

sean.

  • Like 1
boot

boot

Posted
Posted (edited)
4 hours ago, windowbase said:

... debug the target...

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

TEP_v7.5_Win_7_10_11_x64_Baymax_Patchers(updated).zip (10.37 MB)

Edited by boot
Correcting mistakes...
  • Thanks 1
RADIOX

RADIOX

Posted
Posted
17 minutes ago, boot said:

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

Yes true I wrote a simple shfolder before and very powerful thanks to @Sh4DoVV

Sean the hard worker

Sean the hard worker

Posted
Posted
34 minutes ago, boot said:

Just need to configure some debugger plugins.
For patch HWID v7.x.x, I have found a relatively reliable method:
 - using Baymax is convenient and beginner friendly, but there is a small probability of incompatibility or crashes/instability
 - shfolder.dll can also be used, so I am trying to modify my original source code to make it effective

The Enigma Protector_7.5_Baymax_Patchers.zip (10.36 MB)

@boot doesn't work at all.

Regards.

sean.

  • Like 1
RADIOX

RADIOX

Posted
Posted (edited)
23 minutes ago, lengyue said:

Patch&KegGen!But it doesn't work on  Windows 7.QQ20240215182133.png.e5a961eaf736933a2f55568b3b1dbd86.png

Hi, I just used the script and the hwid didn’t generate as expected this doesn't works only in that challenge, here is fine like @boot said nothing especial. I don’t have any idea what is wrong  because everyone else seems to bypass it easily 

Edited by RADIOX
azufo

azufo

Posted
Posted
8 hours ago, lengyue said:

изучаване на

изучаване на

В прикачения файл LastChanger.txt намерете кода на функцията: 4B75?? 83F0FFEB0233C0 и го потърсете във файла, лесно е да намерите CRC-адрес

 

8 hours ago, lengyue said:

learning

learning

In the attachment , LastChanger.txt, find the feature code: 4B75?? 83F0FFEB0233C0 and search for it in the file, it is easy to locate CRC-address

Nonsense... If they want to learn how to do that, they should hook the winapi CreateFileA, CreateFileW .So using rote stuff, find this or that, they won't learn anything.

  • Like 1
Sean the hard worker

Sean the hard worker

Posted
Posted
3 minutes ago, azufo said:

 

Nonsense... If they want to learn how to do that, they should hook the winapi CreateFileA, CreateFileW .So using rote stuff, find this or that, they won't learn anything.

@azufo Hey. please write some kind and detailed tutorials for us. so we can learn something useful. do yourself all the things is not helpful.

Regards.

sean.

  • Like 1
2lht_love

2lht_love

Posted
Posted

@lengyue Can you provide target Enigma Protector 7.5 x64 ?

Sean the hard worker

Sean the hard worker

Posted
Posted (edited)

Deleted.

Edited by windowbase
editing some words.
  • Like 1
boot

boot

Posted
Posted
1 hour ago, windowbase said:

doesn't work at all...

Due to only testing in the Win7 x64 and Win10 x64 operating environments before, the two patches are valid; In the Win11 x64 operating environment, two patches are invalid. After debugging && testing in the Win11 x64 environment, I re-used Baymax to generate these two patches. Just download this attachment again.
It supports the Win7/10/11 x64 operating environment.

TEP_v7.5_Win_7_10_11_x64_Baymax_Patchers(updated).zip (10.37 MB)

  • Like 1
  • Thanks 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...