Jump to content
Tuts 4 You

ASProtect SKE 2.56 SDK Sample (x32)


Go to solution Solved by TeRcO,

Recommended Posts

Posted

ASProtect SKE 2.56 SDK Sample (x32)


Coded by boot / Tuts4you,

ASProtect SKE 2.56 | UnPackMe x86 32-bit
Medium Protections + SDK
September 16, 2024

If you unpack it write a tutorial... :)

------------------------

HWID:
FBFFC7AD-5EF5

USER:
boot

SN:
YHRQ6C-WVDZ3-4X673-R6QSB-S7PBF-C52DP-WYDXK-RWJAB-2ZXJR-B4MY9-G5VUQ


  • Submitter
    boot
  • Submitted
    09/16/2024
  • Category

 

  • Thanks 1
  • The title was changed to ASProtect SKE 2.56 SDK Sample (x32)
  • 1 month later...
Posted (edited)

The easy way with "CodeDoctor" plugin  ==>> Unpack Asprotect .... & you just need to add aspr_ide.dll file

Capture.png

2.png

Edited by TeRcO
  • Like 2
  • Thanks 1
jackyjask
Posted

@TeRcO I can't repro your success, any pre-conditions to reach this out?

Got this when trying "Unpack AsProtect" in CodeDoctor menu

image.png.03eb60b6121a2b55041b09620ba922eb.png

  • Like 1
  • Solution
Posted (edited)
4 hours ago, jackyjask said:

I can't repro your success, any pre-conditions to reach this out?

i made a video for unpacking with tools .... ;)

Quote

"Reverse Engineering Tips":

Sometimes, after unpacking an asprotect target, the application may still rely on the functions and procedures provided by asprotect in its aspr_ide.dll. While the sdk allows for custom functions to be added to it, the generic functions include  CheckKeyAndDecrypt, SetUserKey, GetHardwareID, GetTrialExecs, GetExpirationDate, GetRegistrationKeys, CheckKey, GetModeInformation, GetRegistrationInformation, GetTrialDays, GetKeyDate, and GetKeyExpirationDate.

The aspr_ide.dll  simulate all of these functions and return the correct values to register the application.

 

 

 

 

asprotect_unpack_by_terco.txt

Edited by TeRcO
update link
  • Like 3
  • Thanks 2
Sean Park - Lovejoy
Posted
Quote

Edition    Windows 11 Home
Version    23H2
Installed on    ‎2024-‎10-‎07
OS build    22631.4317
Experience    Windows Feature Experience Pack 1000.22700.1041.0

Ollydbg 110 settings.

screenshot-14.png

Without this scyllahide selection, you will get errors to load the application.

Then use the CodeDoctor Unpack ASProtect feature.

No need to use StrongOD plugin.

Regards.

sean.

  • Like 2
Posted
3 minutes ago, The Binary Expert said:

No need to use StrongOD plugin.

No need scyllahide plugin .... in my case

i had only 2 plugins and raw ollydbg  :) ...... and the tut of course

  • Like 2
Sean Park - Lovejoy
Posted (edited)
6 minutes ago, TeRcO said:

No need scyllahide plugin .... in my case

i had only 2 plugins and raw ollydbg  :) ...... and the tut of course

@TeRcO Maybe both Scyllahide and old StrongOD have simillar features.

And notice that your OS is different from mine. Your setting doesn't work in my machine.

Regards.

sean.

Edited by The Binary Expert
  • Like 2
Posted (edited)
26 minutes ago, The Binary Expert said:

Maybe both Scyllahide and old StrongOD have simillar features

I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target

Best Regard Bro

Edited by TeRcO
  • Like 1
Sean Park - Lovejoy
Posted
10 minutes ago, TeRcO said:

I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target

Best Regard Bro

@TeRcO Yes, I learned to unpack this application from your easy solution.

Regards,

sean.

  • Like 1
jackyjask
Posted

@TeRcO I was able to reach the same success as in your flash tut, thanks a lot!

PS I was using Olly v1 + CodeDoctor 0.90beta + Phantom 1.20 with minimal anti-dbg features:

image.png.e22245eeb9725d5bf87553cb1de4880d.png

I was really impressed how much work was done by the CodeDoctor plugin! (inside the ASPRSDK_protected.exe__info.txt generated file)

the sad thing is that it looks & feels like black magic and there is no understanding what was really done under the hood...

Do you think it makes sense to try the same approach for newer builds? I"'ve got SKE 2.56 and 2.58

  • Like 3
ziyoulang168
Posted

image.png.54486092105d913365abaacd68b07751.png


What's wrong with the different interfaces

  • Like 1
Posted
13 hours ago, ziyoulang168 said:

What's wrong with the different interfaces

wrong file.... use one of :DecomAS and change name  => aspr_api.dll to aspr_ide.dll

  • Like 1
ziyoulang168
Posted
5 hours ago, TeRcO said:

wrong file.... use one of :DecomAS and change name  => aspr_api.dll to aspr_ide.dll

Thank you.such is the case

  • Like 1
Sean Park - Lovejoy
Posted
21 hours ago, ziyoulang168 said:

image.png.54486092105d913365abaacd68b07751.png


What's wrong with the different interfaces

@ziyoulang168 Use this.

aspr_api.zip

Regards.

sean.

  • Like 1
Posted

Hi, does anyone have 64-bit offline version of ASProtect (Demo version is also available). I want to try using the 64-bit SDK and publish a sample here.

  • Like 1
  • Haha 1

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...