Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   [Help] Armadillo 9.66 dumping target with splices (https://forum.exetools.com/showthread.php?t=18433)

Benten 10-04-2017 03:42

[Help] Armadillo 9.66 dumping target with splices - [Now Working]
 
Hi there,

This is my first post here, forgive me if something is horribly wrong please :p

OK, here we go, it's an armadillo 9.66 protected target and I have unpacked the previous version of this target, which was last week, but it didn't came with the splices on. So that was rather easy to come by. Now that the splices are on, I find it quite hard to get through and needs a gentle nudge towards the right direction now. Please follow this video so you could see what I have done so far.

As Promised the Videos are here,
Quote:

1. Armadillo Minimal protection + Splices (Full Manual no tools except Scylla)

Notes: Here in first video, you may choose a different section there is an Armadillo section with size 10,000. Choosing .BSS is not good its a mistake, and it makes the dump huge(275MB). But choosing .yvjtgm or .pbscxm (Haven't tried it) makes the dump really smaller (23.6MB)

2. Armadillo Debug Blocker (Full Manual no tools except Scylla)


May be I bite something a bit more than a newbie like me could chew. Please let me know of your valuable comments.

[Update1]
Use the "Armadillo_CodeSplicing.exe" tool in AKT as suggested by Mr. Exodia. It worked wonders..
Mr. SmilingWolf is a kind, cool person and a great guy.. he was the first one to help me with this protection..

[Update2]
I've managed to do it manually:cool: cool huh?.

[Issues]
Got some issues guys. Stupid Dump fails on different PC(I mean the VM), now it fails in my PC too after restart. So Suggestions guys. I think its because I put the splice in BSS section, stupid me. but other sections don't have enough space what am I supposed to do then.

>>>While you guys where enjoying your silence I was really struggling with my limited ability from my sickbed, then Mr.Haggar Happened. God<<<

[Update3]
Guys I just Fixed that loading issue on restart right now.:)

Notes:
It has been a real challenge and a very demanding journey till now. Really learned how much I have to learn. Found some great guys (I mean Mr. Exodia and Mr. SmilingWolf commented on my post how awesome is that). I am sick and tired so now am gonna take some time and make a video(so all links 've got to go down for a while :o) to share my attempts. Oh my God, Awesomeee..:):):)

Respects,
Ben

mr.exodia 10-04-2017 03:54

Download Armadillo Key Tool v0.4 (https://github.com/mrexodia/akt/releases/tag/v0.4) and launch Armadillo_CodeSplicing.exe

You can use this to move the code splices to another section (I recommend .pdata, usually the second-last section).

cybercoder 10-05-2017 14:55

Or use arminline ;)

mr.exodia 10-06-2017 23:45

Yeah that is if you want corrupt code +1 (SmilingWolf made a fixed version though).

cybercoder 10-08-2017 06:14

Either way it has source code to play with.. :)

mr.exodia 10-08-2017 06:23

https://bitbucket.org/mrexodia/splicerebase

cybercoder 10-08-2017 08:08

1 Attachment(s)
Here's the source for arminline 0.96f..

Benten 10-10-2017 17:56

Target Unpacked
 
Mr. Exodia is awesome. I am a big fan of yours. :p

Every word you said is true... Arminline works only in windows 7 and the code gets corrupted. Also it doesn't work in Win 10. (No offense please Mr. Admiral)

Armadillo_CodeSplicing.exe from AKT works fine. Awesomeeee:p:p:p:p

Now its unpacked.. all good

ExeTools dosen't load properly in my country that's why the comments got delayed.. Now am in vodafone n/w

DCA 10-11-2017 18:53

For next time you could always try Armageddon van ARTeam. (just search this forum)
Great tool and easy to use :-)

Benten 10-12-2017 00:20

Thanks for the suggestion:), but Armag3ddon V2.2 fails at this target:eek:. And I am doing it for learning so using tools to the minimum is what I preffer. Idea is to do it manually and learn.:rolleyes:


All times are GMT +8. The time now is 12:34.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX