Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 01-14-2010, 13:34
Wirestealth Wirestealth is offline
Friend
 
Join Date: Jan 2010
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Wirestealth Reputation: 0
Hiya - Nub just starting out - advice?

Heya mates.

Just started gettting the 'bug' to learn reverse engineering. This was motivated by a particular target I have in mind I want to defeat.

I have just started grabbing tutorials, scripts, etc to this end.

The target contains ASProtect but, and as many other posters have complained about, I can't reliably identify the version.

Thus far my readings have shown that the following do a good job:
PEID Ver 0.95 - ASProtect 1.2x - 1.3x [Registered] -> Alexey Solodovnikov

PEID Ver 0.95 w/VerA plugin - Version: [ Unknown! ], Signature: [ A6C838AE ], E-Mail: [ PE_Kill@mail.ru ]

Exeinfo Ver 0.0.26 - ASprotect ver 2.1 / 2.^ ( www.aspack.com/asprotect.htm )

Now I'm not really interested in taking the quick 'run this script in olly to unpack' approach as I really would like how to first do it manually.

My only concern is that if I don't know the exact version what would be the best approach from a tutoral standpoint? Do I just start at the ASPr 1.23 tutorial and work my way up to the current or does ASPr V2.x differ enough that it would be a waste of time to start at 1.23?

I appreciate your tolerance with this nub.

Best Regard, mates.
Reply With Quote
  #2  
Old 01-14-2010, 14:25
Wirestealth Wirestealth is offline
Friend
 
Join Date: Jan 2010
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Wirestealth Reputation: 0
One thing I meant to add is that I found that ASPack/ASPR offer a 'custom solution' for the protection products and I assume if this is what has been done for my target that no ASPR identification utility will ID it properly and that a manual unpack would be required anyway?
Reply With Quote
  #3  
Old 01-14-2010, 17:16
ZeNiX's Avatar
ZeNiX ZeNiX is offline
Administrator
 
Join Date: Feb 2009
Posts: 732
Rept. Given: 177
Rept. Rcvd 773 Times in 259 Posts
Thanks Given: 213
Thanks Rcvd at 885 Times in 242 Posts
ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899 ZeNiX Reputation: 700-899
If you just want to bypass the license check, it is not necessary to unpack it.
Unless you are an experienced reverser, you would probably get lost inside its VM.

If you have a valid license key, you can obtain the encryption constant and make your own keygen by patching RSA.

If you do not have a valid license key, brute force one first.
Reply With Quote
  #4  
Old 01-15-2010, 00:04
Wirestealth Wirestealth is offline
Friend
 
Join Date: Jan 2010
Posts: 6
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
Wirestealth Reputation: 0
Smile I'm up for a challenge

Heya mate, thanks for the reply.

If by the VM you mean the ASProtect code that decrypts/decodes the protection then I know with time I will understand this. I have already read some tutorials that have touched on this but I will require a better understanding of the engine to follow them precisely. I have professionally programmed for 18 years and so will not have a problem with the assembly but just need to augment my current knowledge with that of RE.

In all honesty I see I have got a lot to learn even regarding your post.

However, even though I have a target in mind, I want to use this as a way to learn and become proficient at actually unpacking. I realize that this is going to take a long time but I'm in no rush (this is a guy that would farm the Scarlet Spellbinders in WoW for (on average) 10 hours to get one Crusader Enchantment drop) and got title LDoA in GuildWars by death-levelling - nothing that couldn't be done by anyone else but shows that 1) I have the patience/dedication to achieve what I focus on and 2) I have no life. I believe that if I have a deep and thorough understanding of unpacking then it will lend itself nicely to other skills such as keygens, etc.

Summarizing my rather verbose initial post then:
- If I am not sure of the version of ASProtect (btw I have now tried AsprInf V1.6 Beta and it returned [1.4 build 11.20<±2pòö2½fz¸4t¶¶ª7û?zûv«¬) could I assume that it may be one of the 'custom solutions' offered by ASPack/ASProtect? This thread http://forum.exetools.com/showpost.php?p=52879&postcount=6 talks about manual detection via the TASP object and I was considering taking this approach if there were not other quick & dirty suggestions on determining the version
- Since I have yet to find a tutorial on 1.4 build 11.20 of ASProtect what would be the version of a tutorial most similar to this?

I am not looking to be spoon fed any information that is readily available with some simple googling/forum reading but just wish to ensure I focus my learning.

I am looking forward to both absorbing and ultimately contributing to the knowledge of RE - kinda sounds more like a cover letter than a post lol, but it's how I feel.

Cheers mates.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Starting .net deobfuscating yologuy General Discussion 9 04-29-2017 16:38


All times are GMT +8. The time now is 14:25.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )