#1
|
|||
|
|||
Samsung Kies with Themida?
Today I was trying to transfer some eBooks in PDF to a friend's Samsung Phone with Kies (version 2.5.3.13043_14) while Ollydbg was loaded and was greeted with the nasty message
"A debugger has been found running in your system. Please, unload if from memory and restart your program" with "Themida" in the Title of the message. At first I thought it was a mistake. But after a second pop up Kies was closed. I then restarted it and the same message poped up with Olly loaded. Interestingly I had used KIES some days earlier on the same computer without Olly and there was no such message. So the question is whether Samsung is protecting KIES with Themida or a third party program inside KIES is using Themida. |
#2
|
||||
|
||||
Seeing that kies is freeware that would not make a lot of sense.
Check which process fires the message and check it with pid...or scan the entire kies installation folder. |
#3
|
||||
|
||||
no themida i am found this two only in common folder
Common basscd.dll===Petite [unknown version] compressed ! bassenc.dll===Petite [unknown version] compressed ! |
#5
|
||||
|
||||
Quote:
Is a freeware and IMHO is much weaker than Nokia PC Suite. |
#6
|
||||
|
||||
Scanning -> C:\Program Files\Samsung\Kies\External\FirmwareUpdate\CommonModule.dll
File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1012176 (0F71D0h) Byte(s) -> File Appears to be Digitally Signed @ Offset 0F5A00h, size : 017D0h / 06096 byte(s) [File Heuristics] -> Flag : 00000000000001001101000000110111 (0x0004D037) [!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected ! [i] Hide PE Scanner Option used - Scan Took : 0.47 Second(s) [00000002Fh tick(s)] [229 scan(s) done] Scanning -> C:\Program Files\Samsung\Kies\External\FirmwareUpdate\AgentModule.dll File Type : 32-Bit Dll (Subsystem : Win GUI / 2), Size : 1626576 (018D1D0h) Byte(s) -> File Appears to be Digitally Signed @ Offset 018BA00h, size : 017D0h / 06096 byte(s) [File Heuristics] -> Flag : 00000000000001001101000000110111 (0x0004D037) [!] Themida v2.0.1.0 - v2.1.8.0 (or newer) detected ! [i] Hide PE Scanner Option used - Scan Took : 0.62 Second(s) [00000003Eh tick(s)] [229 scan(s) done]
__________________
SnD |
The Following 2 Users Gave Reputation+1 to JeRRy For This Useful Post: | ||
TempoMat (05-25-2013) |
#7
|
||||
|
||||
great JeRRy you found that i was scan but there is to many files to scan
|
#8
|
|||
|
|||
Quote:
So what is the point of you mentioning Nokia PC Suite here, knowing well that they are both meant for different products, unless perhaps you have a special version of Nokia PC Suite which also works for Samsung phones? Nevertheless I was just surprise to see signs of Themida in a FREEWARE (as already noted by you) from Samsung. |
#9
|
||||
|
||||
Quote:
Quote:
Is not a rule that only comercial apps to be protected. |
#10
|
|||
|
|||
maybe Samsung wants to protect their products from eyes that want to steal their source...
|
#11
|
|||
|
|||
Or they are (beta)testing the "technology" behind Themida.
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
# Z3X Samsung Pro v24.3 Not Box Required. Patch# | RDGMax | General Discussion | 1 | 04-09-2017 19:01 |