Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Berio V1.0

lena151
lena151
in UnPackMe

Featured Replies

Posted

berio v1.0 is a promising packer/protector, out for about a month now.

I packed an exe : have some fun :D

- *FIXED - Executables protected with Berio won't always run right away and may need to be click on a few times to work. I realize this is a big problem and I'm trying to fix it as soon as possible.

- There is a major compatibility issue with his program so it currently only works on Windows 2000/Windows XP

What will be in the next version:

- More advanced protection options

- Icon and version changer

- CRC and checksum checker

- Improved GUI

Future Versions:

- Better compression

- Better encryption

- Better protection

- Better Compatibility

This is Beria not Berio - unless the name has changed?... :)

Ted.

  • Author

It's the successor of beria --> see version.

This one emphasises on debugger detection and has some nice tricks like SUB Z3RO says.

The author is still working on it, especially because it's not winall.

Hehe, it's not newbie stuff ;)

lena151

Is the protector itself available or is it currently private?

Maybe I should stop being lazy and Google it....

EDIT:

For all those as lazy as me:


/>http://berioprotector.tripod.com/

Edited by FaTaL_PrIdE

  • Author
This packer has one major flaw and weakness. I didn't even use Olly to unpack this, Lena SC will be happy to hear this... :P

Ted.

Ah ! I see what you mean. Nice hint, I didn't think of that yet.

Hehe, takes only 1 minute.

Thanks Teddy. :hug::thumbsup:

To Teddy Roggers :

I didn't use olly too ! hehe :D !

just dump child process with Lord PE ! ( as easy as dumping !!! )

( this packer comes from mixing of ASPack + ACProtector + Self Debugging + some nice debugger detection tricks ! )

Edited by SUB Z3R0

Nice debugger detection tricks are useless, if you can dump it in few seconds. Even IAT fixing is not necessary. :D

  • Author

But take a look inside : it checks for a bunch of stuff ... even PETools, but the author forgot LordPE (and some others too :^ )

I couldn't get it to dump with LordPE but I had no problem with other tools. It is a similar flaw to Beria that hasn't been fixed in this release...

Ted.

Hi Ted! Hi Lena !

Did you know this packer is written by VB ?!?!!!!

I have bring you some analyzation about this packer's anti-debugging tricks ...

1,It Creates 500ms Timer .....

{

CreateFile : \\.\SICE

CreateFile : \\.\NTICE

Looking For : "TIdaWindow"

Looking For : ">TRACING wait!"

Looking For : ">TRACING"

Looking For : "OWL_Window"

Looking For : "OLLYDBG"

Looking For : "18467-41"

Looking For : "NMSCMW50"

Looking For : "HexWorks"

//

Looking For : "Unpacker Status"

Get PID By The Handle ... Open Process By PID ... Send it a Termination Code ...

( NoDebugger -> Result = 0 / Debugger -> Result = Kernel32.Terminate Processs )

Same Work For These :

Looking For : "Select Filename for saving..."

Looking For : "Save process memory to..."

Looking For : "Save module memory to..."

// End

Looking For : "APIMonitor By Rohitab" -> Try To Hide "SysListView32"

Try To Delete : "$$TEMP$$.$$$"

}

If Detects Debugger .... It Creates A Command.Bat File And Execute It ...

{ Command.Bat :

@ECHO OFF

:START

IF Not EXIST ".\UnpackMe.exe" Goto FILENOTFOUND

DEL ".\UnpackMe.exe"

GOTO START

:FILENOTFOUND

ATTRIB COMMAND.BAT -H -S

DEL COMMAND.BAT

CLS

EXIT

}

2,It Creates 500ms Timer .....

{

Looking For : "Procs32.dll" Module In All Processes

Looking For : "NDump.dll" Module In All Processes

Looking For : "RebPE32.dll" Module In All Processes

Looking For : "HideDebugger.dll" Module In All Processes

}

3,It Corruptes PE Header By Calling Ntdll.ZwUnmapViewOfSection

  • Author
I have bring you some analyzation about this packer's anti-debugging tricks ...

Good job SUB Z3RO :thumbsup:

This packer is insane anti reversing. Every berio packed file that runs deletes itself when a tool from its blacklist is opened.

Hehe, imagine some unfortunate chap has bought a soft packed by berio but uses e.g. IDA for his job.

Of course he has no backup from his soft. Hehe, bye bye software whenever both are running :P;)

lena151

[EDIT] Euhm, BTW, did you notice that the author promises us "More advanced protection options" for the next version :wacko::worthy::zorro:

Edited by lena151

Create an account or sign in to comment

Go to topic listing

Configure browser push notifications
Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.