boot Posted September 16 Posted September 16 View File ASProtect SKE 2.56 SDK Sample (x32) Coded by boot / Tuts4you, ASProtect SKE 2.56 | UnPackMe x86 32-bit Medium Protections + SDK September 16, 2024 If you unpack it write a tutorial... ------------------------ HWID: FBFFC7AD-5EF5 USER: boot SN: YHRQ6C-WVDZ3-4X673-R6QSB-S7PBF-C52DP-WYDXK-RWJAB-2ZXJR-B4MY9-G5VUQ Submitter boot Submitted 09/16/2024 Category UnPackMe 1
TeRcO Posted November 3 Posted November 3 (edited) The easy way with "CodeDoctor" plugin ==>> Unpack Asprotect .... & you just need to add aspr_ide.dll file Edited November 3 by TeRcO 2 1
jackyjask Posted November 3 Posted November 3 @TeRcO I can't repro your success, any pre-conditions to reach this out? Got this when trying "Unpack AsProtect" in CodeDoctor menu 1
Solution TeRcO Posted November 3 Solution Posted November 3 (edited) 4 hours ago, jackyjask said: I can't repro your success, any pre-conditions to reach this out? i made a video for unpacking with tools .... Quote "Reverse Engineering Tips": Sometimes, after unpacking an asprotect target, the application may still rely on the functions and procedures provided by asprotect in its aspr_ide.dll. While the sdk allows for custom functions to be added to it, the generic functions include CheckKeyAndDecrypt, SetUserKey, GetHardwareID, GetTrialExecs, GetExpirationDate, GetRegistrationKeys, CheckKey, GetModeInformation, GetRegistrationInformation, GetTrialDays, GetKeyDate, and GetKeyExpirationDate. The aspr_ide.dll simulate all of these functions and return the correct values to register the application. asprotect_unpack_by_terco.txt Edited November 3 by TeRcO update link 3 2
Sean the hard worker Posted November 3 Posted November 3 Quote Edition Windows 11 Home Version 23H2 Installed on 2024-10-07 OS build 22631.4317 Experience Windows Feature Experience Pack 1000.22700.1041.0 Ollydbg 110 settings. Without this scyllahide selection, you will get errors to load the application. Then use the CodeDoctor Unpack ASProtect feature. No need to use StrongOD plugin. Regards. sean.
TeRcO Posted November 3 Posted November 3 3 minutes ago, The Binary Expert said: No need to use StrongOD plugin. No need scyllahide plugin .... in my case i had only 2 plugins and raw ollydbg ...... and the tut of course 2
Sean the hard worker Posted November 3 Posted November 3 (edited) 6 minutes ago, TeRcO said: No need scyllahide plugin .... in my case i had only 2 plugins and raw ollydbg ...... and the tut of course @TeRcO Maybe both Scyllahide and old StrongOD have simillar features. And notice that your OS is different from mine. Your setting doesn't work in my machine. Regards. sean. Edited November 3 by The Binary Expert 1
TeRcO Posted November 3 Posted November 3 (edited) 26 minutes ago, The Binary Expert said: Maybe both Scyllahide and old StrongOD have simillar features I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target Best Regard Bro Edited November 3 by TeRcO 1
Sean the hard worker Posted November 3 Posted November 3 10 minutes ago, TeRcO said: I used the least available resources to solve the exercise & of course there are many methods and modified versions to bypass exceptions or detection, but what I focused on is How to unpack the target Best Regard Bro @TeRcO Yes, I learned to unpack this application from your easy solution. Regards, sean.
jackyjask Posted November 3 Posted November 3 @TeRcO I was able to reach the same success as in your flash tut, thanks a lot! PS I was using Olly v1 + CodeDoctor 0.90beta + Phantom 1.20 with minimal anti-dbg features: I was really impressed how much work was done by the CodeDoctor plugin! (inside the ASPRSDK_protected.exe__info.txt generated file) the sad thing is that it looks & feels like black magic and there is no understanding what was really done under the hood... Do you think it makes sense to try the same approach for newer builds? I"'ve got SKE 2.56 and 2.58 3
TeRcO Posted November 11 Posted November 11 13 hours ago, ziyoulang168 said: What's wrong with the different interfaces wrong file.... use one of :DecomAS and change name => aspr_api.dll to aspr_ide.dll 1
ziyoulang168 Posted November 12 Posted November 12 5 hours ago, TeRcO said: wrong file.... use one of :DecomAS and change name => aspr_api.dll to aspr_ide.dll Thank you.such is the case 1
Sean the hard worker Posted November 12 Posted November 12 21 hours ago, ziyoulang168 said: What's wrong with the different interfaces @ziyoulang168 Use this. aspr_api.zip Regards. sean.
boot Posted November 14 Author Posted November 14 Hi, does anyone have 64-bit offline version of ASProtect (Demo version is also available). I want to try using the 64-bit SDK and publish a sample here. 1 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now