ASProtect SKE 2.56 SDK Sample (x32)

Coded by boot / Tuts4you,

ASProtect SKE 2.56 | UnPackMe x86 32-bit
Medium Protections + SDK
September 16, 2024

If you unpack it write a tutorial...

------------------------

HWID:
FBFFC7AD-5EF5

USER:
boot

SN:
YHRQ6C-WVDZ3-4X673-R6QSB-S7PBF-C52DP-WYDXK-RWJAB-2ZXJR-B4MY9-G5VUQ

File Information

Submitter boot

Submitted 09/16/2024

Category UnPackMe

View File

The easy way with "CodeDoctor" plugin  ==>> Unpack Asprotect .... & you just need to add aspr_ide.dll file

Edited November 3, 2024Nov 3 by TeRcO

@TeRcO I can't repro your success, any pre-conditions to reach this out?

Got this when trying "Unpack AsProtect" in CodeDoctor menu

4 hours ago, jackyjask said:

I can't repro your success, any pre-conditions to reach this out?

i made a video for unpacking with tools ....

Quote

"Reverse Engineering Tips":

Sometimes, after unpacking an asprotect target, the application may still rely on the functions and procedures provided by asprotect in its aspr_ide.dll. While the sdk allows for custom functions to be added to it, the generic functions include  CheckKeyAndDecrypt, SetUserKey, GetHardwareID, GetTrialExecs, GetExpirationDate, GetRegistrationKeys, CheckKey, GetModeInformation, GetRegistrationInformation, GetTrialDays, GetKeyDate, and GetKeyExpirationDate.

The aspr_ide.dll  simulate all of these functions and return the correct values to register the application.

 

 

 

 

asprotect_unpack_by_terco.txt

Edited November 3, 2024Nov 3 by TeRcO
update link

Quote

Edition    Windows 11 Home
Version    23H2
Installed on    ‎2024-‎10-‎07
OS build    22631.4317
Experience    Windows Feature Experience Pack 1000.22700.1041.0

Ollydbg 110 settings.

Without this scyllahide selection, you will get errors to load the application.

Then use the CodeDoctor Unpack ASProtect feature.

No need to use StrongOD plugin.

Regards.

sean.

3 minutes ago, The Binary Expert said:

No need to use StrongOD plugin.

No need scyllahide plugin .... in my case

i had only 2 plugins and raw ollydbg  ...... and the tut of course

6 minutes ago, TeRcO said:

No need scyllahide plugin .... in my case

i had only 2 plugins and raw ollydbg  ...... and the tut of course

@TeRcO Maybe both Scyllahide and old StrongOD have simillar features.

And notice that your OS is different from mine. Your setting doesn't work in my machine.

Regards.

sean.

Edited November 3, 2024Nov 3 by The Binary Expert

26 minutes ago, The Binary Expert said:

Maybe both Scyllahide and old StrongOD have simillar features

I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target

Best Regard Bro

Edited November 3, 2024Nov 3 by TeRcO

10 minutes ago, TeRcO said:

I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target

Best Regard Bro

@TeRcO Yes, I learned to unpack this application from your easy solution.

Regards,

sean.

@TeRcO I was able to reach the same success as in your flash tut, thanks a lot!

PS I was using Olly v1 + CodeDoctor 0.90beta + Phantom 1.20 with minimal anti-dbg features:

I was really impressed how much work was done by the CodeDoctor plugin! (inside the ASPRSDK_protected.exe__info.txt generated file)

the sad thing is that it looks & feels like black magic and there is no understanding what was really done under the hood...

Do you think it makes sense to try the same approach for newer builds? I"'ve got SKE 2.56 and 2.58

What's wrong with the different interfaces

13 hours ago, ziyoulang168 said:

What's wrong with the different interfaces

wrong file.... use one of :DecomAS and change name  => aspr_api.dll to aspr_ide.dll

5 hours ago, TeRcO said:

wrong file.... use one of :DecomAS and change name  => aspr_api.dll to aspr_ide.dll

Thank you.such is the case

21 hours ago, ziyoulang168 said:

What's wrong with the different interfaces

@ziyoulang168 Use this.

aspr_api.zip

Regards.

sean.

Hi, does anyone have 64-bit offline version of ASProtect (Demo version is also available). I want to try using the 64-bit SDK and publish a sample here.