Enigma Protector v7.5（Shell 示例）

[X0rby]

-

Edited February 15 by X0rby
no need

[lengyue]

6 hours ago, X0rby said:

This NOOB boi is trying to make some problems with people here - we don't have problems with Chinese, only some remarques.

@lengyueare you the author of Baymax? I just tried it and it's a nice tool btw.

I am not the author of Baymax. We  are friends.Even without his explanation, I am still very angry. I think there are also non Chinese people visiting on Chinese forums. Considering the difficulty of communication, many people have remained silent. I don't want to stir up trouble anymore, I hope this topic ends here. Looking forward to friendly exchanges with everyone

Edited February 16 by lengyue

[boot]

17 hours ago, lengyue said:

Your language is very unfriendly, I didn't want to reply to your messages anymore. Other friends should be friendly. Also, to clarify, my code project is not related to 52pojie.cn, but was generated using the Hijack Code Generator tool included in Baymax Patch Tools. Therefore, I have decided to take some time to create a copy of the Baymax Patch Tools project file for this example, as well as screenshots of my code snippets, and send them to other friends. Please ask your friends for guidance. To be clear, as a Chinese, I have not received anything from you.

shfolder.rar 101.57 kB · 18 downloads

CFF Explorer_CN.BPT 2.2 kB · 10 downloads

@converse the project file Baymax

In addition to the PatchHWID method, I have some new questions:

For this target:

Name: tuts4you
HWID: C16BF-8E2CA-FF15D-2CE16
KEY:    BA23FLLESM75MTHXKU3Z8JNA3VJWLKCSZWV3PS76NAMJK5D3MRQ5ZYJ5ZPE9EKA7SUS8YV6N2TQN

The Enigma Protector_7.5.rar (7.14 MB · 37 downloads)

The Constant_Value has been obtained:

Constant_Value: 0xD6410E3B

 - If I want to KeyGen this target. How to use Baymax or shfolder.dll to replace Public_Key?
 - Where is the memory address that should be patched?

[RADIOX]

9 hours ago, lengyue said:

I am not the author of Baymax

不予置评 是一个中文谚语，用阿拉伯语来说就是“不予置评或无意见”。这个谚语用在你想对某个话题保持中立或隐蔽的立场时，尤其是当这个话题很有争议或敏感时。这个谚语也可以作为你不想回答的问题的回应，或者是避免争论或分歧的方法。

Sorry i forget we should speak in English here my bad 

Edited February 16 by RADIOX

[lengyue]

2 hours ago, boot said:

In addition to the PatchHWID method, I have some new questions:

For this target:

Name: tuts4you
HWID: C16BF-8E2CA-FF15D-2CE16
KEY:    BA23FLLESM75MTHXKU3Z8JNA3VJWLKCSZWV3PS76NAMJK5D3MRQ5ZYJ5ZPE9EKA7SUS8YV6N2TQN

The Enigma Protector_7.5.rar (7.14 MB · 37 downloads)

The Constant_Value has been obtained:

Constant_Value: 0xD6410E3B

 - If I want to KeyGen this target. How to use Baymax or shfolder.dll to replace Public_Key?
 - Where is the memory address that should be patched?

Firstly, KeyGen cannot use Baymax. Baymax will detect it as shellcode, believing that the code has security risks and refusing to execute patch data.

Secondly, KegGen poses too much harm to some software authors who use The Enigma, as well as to it itself. Temporarily refuse to disclose. If Enigma fixes these issues in the future. Perhaps it will be made public. PatchHWID is currently in a public state, so I am willing to provide my patch data and some logic. The cracking technique itself is not wrong, it is the people who use it that are at fault. There are always some people who take advantage of the technology shared with others and do things that harm others to gain benefits.

Sorry!

[boot]

5 minutes ago, lengyue said:

Firstly, KeyGen cannot use Baymax.

There is doubt here.

Either the first solution (using shfolder.dll)

https://forum.tuts4you.com/topic/43133-enigma-protector-v69/?do=findComment&comment=212935

 

or the second solution (using Baymax)

https://forum.tuts4you.com/topic/43133-enigma-protector-v69/?do=findComment&comment=213863

None of them can solve this unpackme.

2 hours ago, boot said:

How to use Baymax or shfolder.dll to replace Public_Key?

Therefore, I think keygen needs to patch some hashes by using VEH Hook/Veh handle, but this Constant_Value is necessary. So I also think that the idea of keygen is to replace it with your own public_key after a specific value appears in the register or stack.

20 minutes ago, lengyue said:

harm others to gain benefits.

The Enigma 7.4 _x86_x64授权一份

https://www.52pojie.cn/thread-1870623-1-1.html

(出处: 吾爱破解论坛)

[lengyue]

15 minutes ago, boot said:

The Enigma 7.4 _x86_x64授权一份

https://www.52pojie.cn/thread-1870623-1-1.html

(出处: 吾爱破解论坛)

Because the main program has already been made public, and it's not my fault. At this point, I will provide you with a free crack patch and key specifically for The Enigma 7.4. I have previously released a cracking video targeting the reselling of patches by second tier vendors. This action does not seem to harm the author of The Enigma. The KeyGen vulnerability I found has been submitted to The Enigma author through a proxy. Looking forward to fixing it.

[Sean Park - Lovejoy]

Can anyone record the bypass process of this target for us and upload it to the cloud?

Regards.

sean.

Edited February 17 by windowbase
adding words.

[X0rby]

Arrived late to the party (was busy with real life) but better late than never.

Didn't change anything with my dbg, method or VM still works for this version.

[X0rby]

On 2/15/2024 at 12:23 PM, windowbase said:

Do this everyone. It is x64 enigma 7.40 protected application.

Win64GUI_Enigma v.7.40.zip 3.54 MB · 6 downloads

 

[Sean Park - Lovejoy]

1 minute ago, X0rby said:

Very good @X0rby. can you please share your solution with us?

Regards.

sean. 

[Sean Park - Lovejoy]

13 hours ago, windowbase said:

Very good @X0rby. can you please share your solution with us?

Regards.

sean. 

Don't you have this problem after entering the password? @X0rby.

Regards.

sean.

Edited February 20 by windowbase
adding words.

[2lht_love]

On 2/15/2024 at 6:23 PM, Sean Park - Lovejoy said:

Do this everyone. It is x64 enigma 7.40 protected application.

Win64GUI_Enigma v.7.40.zip 3.54 MB · 19 downloads

 

Const value: 0xF69CB31B

 

 

 

[Sean Park - Lovejoy]

9 hours ago, 2lht_love said:

Const value: 0xF69CB31B

 

 

What is the Const value? and how is it got?

thanks.

Regards.

sean.

Edited April 12 by Sean Park - Lovejoy

[CodeExplorer]

Quote

What is the Const value?

Encryption constant: constant used for decrypting the program.
 

[Sean Park - Lovejoy]

1 hour ago, CodeExplorer said:

Encryption constant: constant used for decrypting the program.
 

It would be symmetric. wouldn't it?

@CodeExplorer many thanks.

Regards.

sean.

[Sean Park - Lovejoy]

On 4/12/2024 at 12:41 AM, 2lht_love said:

Const value: 0xF69CB31B

 

 

How to find the constant value when debugging an enigma protected application?

Can anyone explain about it?

Regards.

sean.

 

[SAMY27]

How to find the constant value when debugging an enigma protected application?

no answer ???