Archive for September 19, 2008


Easy Crackme//KeyGenme.
=======================
Try to find a valid Key for your name.
NO PATCHING!

ZeroTen

Difficulty: 1 – Very easy, for newbies
Platform: Windows
Language: C/C++

Download crackme here: http://www.crackmes.de/users/zeroten/crackme_keygenme_by_zeroten_1
—————————-
Solution :

///////////////////////////////////////////////////////////////////////////////////////////
Program : CrackMe_KeyGenMe_by_ZeroTen_#1.exe
Description : Easy Crackme//KeyGenme.Try to find a valid Key for your name.NO PATCHING!
Tools : OllyDbg
Difficult : Easy (but not for newbies :D)
Packer/Protector/Compiler : N/A
Objective : Keygen
Cracker : kienmanowar
///////////////////////////////////////////////////////////////////////////////////////////

1. First, run this keygenme and input Name, Password and Serial then click Login. Hola, the keygenme terminate without Nag.
Retry to test with one char in Name textbox, blah blah i get the Nag : “At least, more than 4 letters”.

2. Okie, Load to Olly and search all ref strings. I find it here :

Text strings referenced in CrackMe_:.text, item 10
Address=00401C88
Disassembly=PUSH CrackMe_.004871A6
Text string=ASCII "At least, more than 4 letters"

3. Double click to this line, and scroll up to find the start point of this routine.And then set a BP :

00401A18 >/. 55 PUSH EBP ; _TForm1_Button1Click <== Set BP
00401A19 |. 8BEC MOV EBP, ESP
00401A1B |. 83C4 94 ADD ESP, -6C
00401A1E |. 53 PUSH EBX
00401A1F |. 56 PUSH ESI
00401A20 |. 57 PUSH EDI
00401A21 |. 8BD8 MOV EBX, EAX

4. F9 to run and input data (ex: kienmanowar / 1234 / 56789) then press Log in.Wow, stop at BP that i set.Trace downward i get the
the first point. That code will use the Lenght of szName to calculate and store the result in edi reg :

00401A43 >|. 8B83 64030000 MOV EAX, DWORD PTR DS:[EBX+364] ; *TForm1.Edit1:TEdit (szUserName)
00401A49 |. E8 42B40400 CALL ; <== eax : Length(szName)
00401A4E |. 837D FC 00 CMP DWORD PTR SS:[EBP-4], 0 ; <== Length(szName) != 0
00401A52 |. 74 08 JE SHORT
00401A54 |. 8B55 FC MOV EDX, DWORD PTR SS:[EBP-4] ; <== edx : szName
00401A57 |. 8B4A FC MOV ECX, DWORD PTR DS:[EDX-4] ; <== ecx : Length(szName)
00401A5A |. EB 02 JMP SHORT
00401A5C >|> 33C9 XOR ECX, ECX ; |> 8D3C89 LEA EDI, DWORD PTR DS:[ECX+ECX*4] ; <== edi = ecx + ecx*4 (LengthIsNotZero__)
00401A61 |. 8D45 FC LEA EAX, DWORD PTR SS:[EBP-4]
00401A64 |. BA 02000000 MOV EDX, 2 ; <== edx = 0x2
00401A69 |. 8D3CB9 LEA EDI, DWORD PTR DS:[ECX+EDI*4] ; <== edi = ecx + edi*4
00401A6C |. C1E7 03 SHL EDI, 3 ; <== edi = edi * 2^3
00401A6F |. 2BF9 SUB EDI, ECX ; <== edi = edi - ecx
00401A71 |. 8D3CF9 LEA EDI, DWORD PTR DS:[ECX+EDI*8] ; <== edi = ecx + edi*8
00401A74 |. 81C7 A31C0000 ADD EDI, 1CA3 ; <== edi = edi + 0x1CA3

5. Continue trace downward and analyze, i find 4 same forged codes to cheat my thinkin’ and one of them like this below 🙂 :

00401A9B >|. 8B83 70030000 MOV EAX, DWORD PTR DS:[EBX+370] ; *TForm1.Edit2:TEdit (szPassWord)
00401AA1 |. E8 EAB30400 CALL ; <== eax : Length(szPassWord)
00401AA6 |. 8D55 F8 LEA EDX, DWORD PTR SS:[EBP-8]
00401AA9 |. 52 PUSH EDX
00401AAA |. 8D45 F4 LEA EAX, DWORD PTR SS:[EBP-C]
00401AAD |. 8B55 A0 MOV EDX, DWORD PTR SS:[EBP-60] ;
00401AB0 |. E8 5B110700 CALL ; <== Convert int to string
00401AB5 |. FF46 1C INC DWORD PTR DS:[ESI+1C] ;
00401AB8 |. 8D55 F4 LEA EDX, DWORD PTR SS:[EBP-C]
00401ABB |. 58 POP EAX
00401ABC |. E8 D7110700 CALL ;
00401AC1 |. 50 PUSH EAX
00401AC2 |. FF4E 1C DEC DWORD PTR DS:[ESI+1C]
00401AC5 |. 8D45 F4 LEA EAX, DWORD PTR SS:[EBP-C]
00401AC8 |. BA 02000000 MOV EDX, 2
00401ACD |. E8 82110700 CALL
00401AD2 |. FF4E 1C DEC DWORD PTR DS:[ESI+1C] ; |
00401AD5 |. 8D45 F8 LEA EAX, DWORD PTR SS:[EBP-8] ; |
00401AD8 |. BA 02000000 MOV EDX, 2 ; |
00401ADD |. E8 72110700 CALL ; \CrackMe_.00472C54
00401AE2 |. 59 POP ECX
00401AE3 |. 84C9 TEST CL, CL
00401AE5 |. 74 0C JE SHORT
00401AE7 |. A1 CCF44800 MOV EAX, DWORD PTR DS:[48F4CC]
00401AEC |. 8B00 MOV EAX, DWORD PTR DS:[EAX]
00401AEE >|. E8 9D260400 CALL ; ->:TApplication._Terminate()

6. By pass all of this code, i land here :

00401C47 >|. 8B83 64030000 MOV EAX, DWORD PTR DS:[EBX+364] ; *TForm1.Edit1:TEdit (szName)
00401C4D |. E8 3EB20400 CALL ; <== eax = Length(szName)
00401C52 |. 837D D8 00 CMP DWORD PTR SS:[EBP-28], 0
00401C56 |. 74 08 JE SHORT
00401C58 |. 8B55 D8 MOV EDX, DWORD PTR SS:[EBP-28] ; <== edx : szName
00401C5B |. 8B4A FC MOV ECX, DWORD PTR DS:[EDX-4] ; <== ecx : Length(szName)
00401C5E |. EB 02 JMP SHORT
00401C60 >|> 33C9 XOR ECX, ECX ; loc_401C60
00401C62 >|> 83F9 04 CMP ECX, 4 ; loc_401C62
00401C65 |. BA 02000000 MOV EDX, 2
00401C6A |. 0F9CC0 SETL AL
00401C6D |. 83E0 01 AND EAX, 1
00401C70 |. 50 PUSH EAX ; /Arg1
00401C71 |. 8D45 D8 LEA EAX, DWORD PTR SS:[EBP-28] ; |
00401C74 |. FF4E 1C DEC DWORD PTR DS:[ESI+1C] ; |
00401C77 |. E8 D80F0700 CALL ; \CrackMe_.00472C54
00401C7C |. 59 POP ECX
00401C7D |. 84C9 TEST CL, CL
00401C7F |. 74 18 JE SHORT
00401C81 |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00401C83 |. 68 C4714800 PUSH CrackMe_.004871C4 ; |Title = "BEEP!"
00401C88 |. 68 A6714800 PUSH CrackMe_.004871A6 ; |Text = "At least, more than 4 letters"
00401C8D |. 6A 00 PUSH 0 ; |hOwner = NULL
00401C8F >|. E8 204D0800 CALL ; \->UnrealizeObject.MessageBoxA()
00401C94 |. E9 F6000000 JMP

7. Ok my UserName has the length greater than 4 letters so that i bypass this check.After bypass, hola i land at the second important point.
The edx = edi + 0x1CA3 and will be converted to String and save into the szTruePassWord :

00401CAC >|. 8B83 70030000 MOV EAX, DWORD PTR DS:[EBX+370] ; *TForm1.Edit2:TEdit (szPassWord)
00401CB2 |. E8 D9B10400 CALL ; <== eax : Length(szPassWord)
00401CB7 |. 8D55 D4 LEA EDX, DWORD PTR SS:[EBP-2C]
00401CBA |. 52 PUSH EDX
00401CBB |. 8D97 A31C0000 LEA EDX, DWORD PTR DS:[EDI+1CA3] ; <== edx = edi + 0x1CA3
00401CC1 |. 8D45 D0 LEA EAX, DWORD PTR SS:[EBP-30] ; <== szTruePassWord
00401CC4 |. E8 470F0700 CALL ; <== ConvertIntToString (&szTruePassWord, edx)
00401CC9 |. FF46 1C INC DWORD PTR DS:[ESI+1C]
00401CCC |. 8D55 D0 LEA EDX, DWORD PTR SS:[EBP-30]
00401CCF |. 58 POP EAX
00401CD0 |. E8 C30F0700 CALL
00401CD5 |. 50 PUSH EAX
00401CD6 |. FF4E 1C DEC DWORD PTR DS:[ESI+1C]
00401CD9 |. 8D45 D0 LEA EAX, DWORD PTR SS:[EBP-30]
00401CDC |. BA 02000000 MOV EDX, 2
00401CE1 |. E8 6E0F0700 CALL
00401CE6 |. FF4E 1C DEC DWORD PTR DS:[ESI+1C] ; |
00401CE9 |. 8D45 D4 LEA EAX, DWORD PTR SS:[EBP-2C] ; |
00401CEC |. BA 02000000 MOV EDX, 2 ; |
00401CF1 |. E8 5E0F0700 CALL ; \CrackMe_.00472C54
00401CF6 |. 59 POP ECX
00401CF7 |. 84C9 TEST CL, CL
00401CF9 |. 0F84 83000000 JE

8. Lets continue, i found the last important point.The edx = edi – 0x1CA3 and will be converted to String and save into the szTrueSerial :

00401D12 >|. 8B83 78030000 MOV EAX, DWORD PTR DS:[EBX+378] ; *TForm1.Edit3:TEdit (szSerial)
00401D18 |. E8 73B10400 CALL ; <== eax = Length(szSerial)
00401D1D |. 8D55 CC LEA EDX, DWORD PTR SS:[EBP-34]
00401D20 |. 52 PUSH EDX
00401D21 |. 8D97 5DE3FFFF LEA EDX, DWORD PTR DS:[EDI-1CA3] ; <== edx = edi - 0x1CA3
00401D27 |. 8D45 C8 LEA EAX, DWORD PTR SS:[EBP-38] ; <== szTrueSerial
00401D2A |. E8 E10E0700 CALL ; <== ConvertIntToString (&szTruePassWord, edx)
00401D2F |. FF46 1C INC DWORD PTR DS:[ESI+1C]
00401D32 |. 8D55 C8 LEA EDX, DWORD PTR SS:[EBP-38]
00401D35 |. 58 POP EAX
00401D36 |. E8 5D0F0700 CALL
00401D3B |. 50 PUSH EAX
00401D3C |. FF4E 1C DEC DWORD PTR DS:[ESI+1C]
00401D3F |. 8D45 C8 LEA EAX, DWORD PTR SS:[EBP-38]
00401D42 |. BA 02000000 MOV EDX, 2
00401D47 |. E8 080F0700 CALL
00401D4C |. FF4E 1C DEC DWORD PTR DS:[ESI+1C] ; |
00401D4F |. 8D45 CC LEA EAX, DWORD PTR SS:[EBP-34] ; |
00401D52 |. BA 02000000 MOV EDX, 2 ; |
00401D57 |. E8 F80E0700 CALL ; \CrackMe_.00472C54
00401D5C |. 59 POP ECX
00401D5D |. 84C9 TEST CL, CL
00401D5F |. 74 13 JE SHORT

9. And finally we have the Good boy :

00401D61 |. 6A 00 PUSH 0 ; /Style = MB_OK|MB_APPLMODAL
00401D63 |. 68 EB714800 PUSH CrackMe_.004871EB ; |Title = "Correct!!by ZeroTen"
00401D68 |. 68 CA714800 PUSH CrackMe_.004871CA ; |Text = "Now post your solution/KeyGen ;)"
00401D6D |. 6A 00 PUSH 0 ; |hOwner = NULL
00401D6F >|. E8 404C0800 CALL ; \->UnrealizeObject.MessageBoxA()

/

//////////////////////////////////
// Keygen source code //
//////////////////////////////////
int iDefault = 0x1CA3;

// Calculate Value
Value=0;
Value = LenUser + LenUser*4;
Value = LenUser + Value*4;
Value = Value * 8;
Value = Value – LenUser;
Value = LenUser + Value*8;
Value = Value + iDefault;

//Calculate szPassWord
iTemp = Value + iDefault;
wsprintf(szPassWord,”%i”,iTemp);

//Calculate szSerial
iTemp = Value – iDefault;
wsprintf(szSerial,”%i”,iTemp);

SetDlgItemText(IDC_PassWord,szPassWord);
SetDlgItemText(IDC_Serial,szSerial);

///////////////////////
The realkey for my username :
Username : kienmanowar
Password : 29369
Serial : 14707
///////////////////////

That’s all. Thanx for reading my tutor.
Sorry for my bad English!!! 😐

–++–==[ Greatz Thanks To ]==–++–
My family, Computer_Angel, Moonbaby , Zombie_Deathman, Littleboy, Benina, QHQCrker,
the_Lighthouse, Merc, Hoadongnoi, Nini … all REA‘s members, TQN, HacNho, RongChauA,
Deux, tlandn, light.phoenix, dqtln, ARTEAM …. all my friend, and YOU.

–++–==[ Thanks To ]==–++–
iamidiot, WhyNotBar, trickyboy, dzungltvn, takada, hurt_heart, haule_nth, hytkl, moth, XIANUA, nhc1987 v..v..

I want to thank Teddy Roggers for his great site, Reversing.be folks(especially haggar),
Arteam folks(Shub-Nigurrath, MaDMAn_H3rCuL3s) and all folks on crackmes.de, thank
to all members of unpack.cn (especially fly and linhanshi). Great thanks to lena151(I like your tutorials).
And finally, thanks to RICARDO NARVAJA and all members on CRACKSLATINOS.

If you have any suggestions, comments or corrections email me: kienmanowar[at]reaonline.net


After 2 months…
KLiZMA wrote another unpackme for you.

Rulz:

1. Unpack it maliciously…
2. Change “UNREGISTERED” to “REGISTERED”
3. Write tutorial about…

Download unpackme here: http://www.crackmes.de/users/klizma/unpackme_1

——

Solution by me:

+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+
| Solution:     UnpackMe#1_by_KLiZMA           |
| Author:     kienmanowar                    |
| Protection:    Unknown packer (like Upx)      |
| Language:      Borland Delphi                 |
| Date:        05/13/06               |
| Great thanx to iamidiot for give me your hint |
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~+

Tools: Ollydbg, PEid v0.94, RDG Packer Detector v0.6.3 Beta, ImpRec v1.6

ÛÛÛ [ Manual Unpacking ] ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ

Try to detect this Unpackme with PEid and RDG, i get some information :

PEiD :
+ Normal Scan : Nothing found *
+ Hardcore Scan : UPolyX v0.5 *

RDG :
+ Normal Scan : UG2002 Cruncher v0.3b3
+ Advanced Scan : UPX v0.8x (UPX Heuristico Scrambler)

With these information, i don’t know what exactly packer in which this UnpackMe used. So I use PEid plugin (Generic OEP Finder)to find OEP of UnpackMe, It gives me : 00463C80. Okie 🙂 may be this is the right OEP!!!

Close PeID and open Ollydbg to load this UnpackMe in. A messagebox apears, choose No. I have :

0047E000 >  60              pushad            <== Stop here (EP)
0047E001    E8 00000000     call    unpackme.0047E006
0047E006    5D              pop     ebp
0047E007    81ED 48124000   sub     ebp, unpackme.00401248
0047E00D    60              pushad
0047E00E    E8 2B030000     call    unpackme.0047E33E
0047E013    61              popad
0047E014    8A7D 60         mov     bh, byte ptr ss:[ebp+60]
0047E017    6262 DB         bound   esp, qword ptr ds:[edx-25]
0047E01A    6A 62           push    62
0047E01C    6262 EF         bound   esp, qword ptr ds:[edx-11]
0047E01F    D7              xlat    byte ptr ds:[ebx+al]
0047E020    EA 7022628A 496>jmp     far 6049:8A622270
0047E027    6262 9D         bound   esp, qword ptr ds:[edx-63]
0047E02A    F7              ???                                      ; Unknown command
0047E02B    8D70 22         lea     esi, dword ptr ds:[eax+22]
0047E02E    62E9            bound   ebp, ecx                         ; Illegal use of register
0047E030    BA F2F29DF7     mov     edx, F79DF2F2

Oh !! I see Pushad signature, like UPX. Press Alt + M to open Memory map Window.

Memory map
Address    Size     (  Owner       Section    Contains      Type   Access    Initial   Mapped as
................................................................................................
00370000   00003000 (           0                           Map    R         R
00400000   00001000 (  unpackme 0             PE header     Imag   R         RWE
00401000   0004B000 (  unpackme 0  .KLiZMA                  Imag   R         RWE
0044C000   00031000 (  unpackme 0  .KLiZMA    code          Imag   R         RWE
0047D000   00001000 (  unpackme 0  .rsrc      data,imports  Imag   R         RWE
0047E000   00001000 (  unpackme 0  .KLiZMA    SFX           Imag   R         RWE
00480000   00004000 (           0                           Map    R E       R E
00540000   00002000 (           0                           Map    R E       R E
00550000   00103000 (           0                           Map    R         R
00660000   0006A000 (           0                           Map    R E       R E
.................................................................................................

In this Window, select section :

00401000   0004B000 (  unpackme 0  .KLiZMA                  Imag   R         RWE

And Right click and set a Memory Breakpoint on Access.And then Press F9 to Run, Olly breaks here :

0047CCA3    8807            mov     byte ptr ds:[edi], al    <== Stop here after Press F9 (1st)
0047CCA5    47              inc     edi
0047CCA6    01DB            add     ebx, ebx
0047CCA8    75 07           jnz     short unpackme.0047CCB1
0047CCAA    8B1E            mov     ebx, dword ptr ds:[esi]
0047CCAC    83EE FC         sub     esi, -4
0047CCAF    11DB            adc     ebx, ebx
0047CCB1  ^ 72 ED           jb      short unpackme.0047CCA0

Come back Memory Map Window and clear Memory BP.And then back to CPU Window, scroll down to find the signature 🙂 :

0047CDEB    83C3 04         add     ebx, 4
0047CDEE  ^ EB E1           jmp     short unpackme.0047CDD1
0047CDF0    FF96 84CE0700   call    near dword ptr ds:[esi+7CE84]
0047CDF6    61              popad                <=== Aha Popad
0047CDF7  ^ E9 846EFEFF     jmp     unpackme.00463C80        <=== Jmp to OEP (Like OEP found in Peid)

As you see, this signature like UPX. And now, set BP at : 0047CDF7  ^ E9 846EFEFF     jmp     unpackme.00463C80
Press F9 to Run, Break at this BP, remove this and Press F8 , kaka we stop at OEP of UnpackMe :

00463C80    55              push    ebp                <=== Right OEP
00463C81    8BEC            mov     ebp, esp
00463C83    83C4 F0         add     esp, -10
00463C86    B8 903A4600     mov     eax, unpackme.00463A90
00463C8B    E8 A41FFAFF     call    unpackme.00405C34
00463C90    A1 F8584600     mov     eax, dword ptr ds:[4658F8]
00463C95    8B00            mov     eax, dword ptr ds:[eax]
00463C97    E8 14B2FEFF     call    unpackme.0044EEB0

Now, dump with Ollydump Plugin, not check Rebuilt Import. Press Dump and Save as : dumped.exe. Fire up ImportRec, select Process, write OEP , Press IAT Auto Search, Get Imports and finally Fix Dump.We have dumped_.exe. Test it: kaka it runs before i double click 🙂 lol and detect again by PEid : Borland Delphi 6.0 – 7.0.

ÛÛÛ [ Cracking ] ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ

After MUP this UnpackMe, come to part 2 to change “UNREGISTERED” to “REGISTERED”. To do this task, Load dumped_.exe into Ollydbg. Press F9 to Run it, we’ll see a beautiful girl with “UNREGISTERED” string below. Back to Ollydbg, Press Alt+M to open Memory map Window, here we select :

Memory map, item 0
Address=00010000
Size=00001000 (4096.)
Owner=         00010000 (itself)
Section=
Type=Priv 00021004
Access=RW
Initial access=RW

Right click and select Search (or Ctrl+B),then type : UNREGISTERED in Ascii textbox and Press OK to Search this string.After that Olly break at :

Memory map, item 25
Address=0047D000
Size=00001000 (4096.)
Owner=dumped_  00400000
Section=.rsrc
Contains=data,resources
Type=Imag 01001002
Access=R
Initial access=RWE

and we have in Dump window :
00479140  55 4E 52 45 47 49 53 54 45 52 45 44 0C 46 6F 6E  UNREGISTERED.Fon
00479150  74 2E 43 68 61 72 73 65 74 07 0F 44 45 46 41 55  t.CharsetDEFAU
00479160  4C 54 5F 43 48 41 52 53 45 54 0A 46 6F 6E 74 2E  LT_CHARSET.Font.
00479170  43 6F 6C 6F 72 07 08 63 6C 57 69 6E 64 6F 77 0B  ColorclWindow

Okies, the string which we want to find is in Section : .rsrc (resource). So back to CPU Window, right click in Dump Window and Select Go to (Ctrl+G), we type the address of string : 00479140. Select UNREGISTERED string and edit this to REGISTERED. Finally, Save this edited file : dumped_edited.exe. Ok, Run this and see the result :).

Finish!
Best Regards
_[Kienmanowar]_

ÛÛÛ [ Thanz ] ÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛÛ

–++–==[ Greatz Thanks To ]==–++–
My family, Computer_Angel, Moonbaby , Zombie_Deathman, Littleboy, Benina, QHQCrker, the_Lighthouse, Merc, Hoadongnoi, Nini … all REA’s members, TQN, HacNho, RongChauA, Deux, tlandn, light.phoenix, dqtln, ARTEAM …. all my friend, and YOU.

–++–==[ Thanks To ]==–++–
iamidiot, WhyNotBar, trickyboy, dzungltvn, takada, hurt_heart, haule_nth, hytkl v..v..

–++–==[ Special Thanks  ]==–++–
And then thanx to the Author : KLiZMA and all the people read my tutor!

If you have any suggestions, comments or corrections email me: kienbigmummy[at]gmail.com

Sorry in my bad English. Because English is not my mother language, I’m VietNamese.

Welcome all to : reaonline.net

ÚÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄ¿
³    °±²Û CONTACT INFORMATION                                                ³
ÀÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÄÙ

URL : http://www.reaonline.net
contact me : kienbigmummy@gmail.com


Unpacking Armadillo 4.xx-5.xx (Overlays Series), Other Signatures for Overlays by ChOoKi

Unpacking Armadillo 4.66 (10JP Overlay @ +20h)
DownloadLink: http://rapidshare.com/files/132457664/UA46610JPO_20h.zip

Unpacking Armadillo 4.66 (10JP Overlay Hidden)
DownloadLink: http://rapidshare.com/files/132456775/UA46610JPOH.zip

Armadillo & Overlays – mdmwrdata123456789testx (PEiD)
DownloadLink: http://rapidshare.com/files/132455528/E01.zip

Armadillo & Overlays – wwwwI‡G (PEiD)
DownloadLink: http://rapidshare.com/files/132455991/E02.zip

Armadillo & Overlays – [ZIP SFX] (PEiD)

DownloadLink: http://rapidshare.com/files/132455050/E03.zip

Armadillo & Overlays – 5A5A74DFC50229B2 (PEiD)
DownloadLink: http://rapidshare.com/files/132458070/E04.zip

Armadillo & Overlays – mdmwrdata123456789testx (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132450253/H01.zip

Armadillo & Overlays – mdmwrdata123456789testx (Hidden)
DownloadLink: http://rapidshare.com/files/132450995/H02.zip

Armadillo & Overlays – FWS (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132451486/H03.zip

Armadillo & Overlays – FWS (Hidden)
DownloadLink: http://rapidshare.com/files/132452174/H04.zip

Armadillo & Overlays – CWS (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132452723/H05.zip

Armadillo & Overlays – CWS (Hidden)
DownloadLink: http://rapidshare.com/files/132453266/H06.zip

Armadillo & Overlays – Hex=1409134949130914 (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132448015/H07.zip

Armadillo & Overlays – SWFKit (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132448713/H08.zip

Armadillo & Overlays – FlashJester (Hidden@20h)
DownloadLink: http://rapidshare.com/files/132449588/H09.zip

Armadillo & Overlays – 10JP (Hidden) + DCR
DownloadLink: http://rapidshare.com/files/132454595/H10.zip

—————–

All in one package:

hxtp://rapidshare.com/files/133286977/Unpacking_Armadillo_Overlays_Series.part2.rar
hxtp://rapidshare.com/files/133291521/Unpacking_Armadillo_Overlays_Series.part1.exe

Thanx ChOoki for sharing his knowledge!


Basic types of software of protection

Bài viết của LuCiFer trên diễn đàn REA

1. Registration – Number (Serial – Number) Protection :

Những chương trình sử dụng loại này yêu cầu người sử dụng nhập vào một registration – number để đăng ký. Có nhiều loại registration – number ,bao gồm :

Registraion – number luôn luôn giống nhau.

Registration – number thay đổi dựa vào các thông tin nhập vào như tên công ty,tên người sử dụng v.v…

Registration – number thay đổi dựa vào máy của người dùng.

Registration – number được bảo vệ trong các chương trình được viết bằng Visua Basic hoặc Borland Delphi.

Registration – number được kiểm tra online.

Registration – number Không Đổi :

Một chương trình được bảo vệ bằng phương pháp này yêu cầu người dùng nhập vào một số đăng ký như hình bên :

Tiện lợi của phương pháp bảo vệ này so với các kĩ thuật bảo vệ Registration – number khác là correct Registration- number không cần lưu trong bộ nhớ rồi đem so sánh với Registration- number được nhập vào mà cả hai sẽ được XORed hoặc tính toán rồi lấy hai kết quả đó để so sánh với nhau. Dĩ nhiên là các lập trình viên có thể sử dụng các phép tính phức tạp hoặc mã hóa nhiều sections của chương trình để làm cho các crackers khó mà tìm được một Registration-number chính xác.

Registration-number Thay Đổi Dựa Vào Thông Tin Nhập Vào :

Đây là một protection được sử dụng phổ biến. Với loại protection này thì trước khi nhập vào Registration-number bạn phải nhập tên, công ty, hoặc các thông tin khác và một Correct Registration-number sẽ thay đổi dựa vào các thông tin bạn nhập vào

……………….

………………..

Download toàn bộ bài viết:

the-basic-types-of-software-of-protection

Thanx to LuCiFer

Best Regards

kienmanowar


diablo2oo2’s Universal Patcher – [dUP]

[Current Version]

Version: 2.17

[Features]
-multiple file patcher
-create Offset and Search&Replace patch/loader
-compare files (RawOffset and VirtualAddress) with different filesize
-registry patcher, also for loaders
-attach files to patcher
-get filepaths from registry
-usage of CRC32 and filesize checks
-patching packed files
-compress patcher with your favorite packer
-saving projects
-use custom skin in your patcher
-add music (Tracker Modules: xm,mod,it,s3m,mtm,umx,v2m,ahx,sid) to patcher
-and many more…

Download : http://free.pages.at/d2k2//downloads/dup2.rar