Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Guidance is needed for unpacking winlicence protected app (https://forum.exetools.com/showthread.php?t=19023)

Turkuaz 11-29-2018 02:37
Guidance is needed for unpacking winlicence protected app
 
Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is http://www.oxygen-forensic.com/en/products/oxygen-forensic-detective

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log -> https://mega.nz/#!obgWiQgY
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ
Video of my trying ->https://mega.nz/#!BLYU2YQD
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html

Megin 11-29-2018 03:46
Quote:
Originally Posted by Turkuaz (Post 115360)
Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is http://www.oxygen-forensic.com/en/products/oxygen-forensic-detective

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log -> https://mega.nz/#!obgWiQgY
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ
Video of my trying ->https://mega.nz/#!BLYU2YQD
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html
You forgot the MEGA decryption keys...

niculaita 11-29-2018 03:46
https://sanet.st/blogs/killdozer/mobiledit_forensic.2725407.html
free download https://rapidgator.net/file/8d67a638e4feb6a1a46b7d193d5131aa/SaNet.st_MOBILedit.For.10.0.0.24883.rar.html

Turkuaz 11-29-2018 04:29
Quote:
Originally Posted by Megin (Post 115365)
You forgot the MEGA decryption keys...
Thanks for warning, I updated

Script log -> https://mega.nz/#!IbR0VSAL!anWHqhYEmnaFfYxSj8yc4MUBlEgkXVLVwtRWW_68rvk
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ!l6QB-IoLkqZ8QXL9sSDIm8mciwdnxoTSoklY1q9Ev1M
Video of my trying ->https://mega.nz/#!BLYU2YQD!imgDPrX-elq9ZsMx0DbJBd5aA2VgfvlzSIoMaZRV9hg
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL!anWHqhYEmnaFfYxSj8yc4MUBlEgkXVLVwtRWW_68rvk or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html

Turkuaz 11-29-2018 04:31
Quote:
Originally Posted by niculaita (Post 115366)
https://sanet.st/blogs/killdozer/mobiledit_forensic.2725407.html
free download https://rapidgator.net/file/8d67a638e4feb6a1a46b7d193d5131aa/SaNet.st_MOBILedit.For.10.0.0.24883.rar.html
This is another programme, thanks anyway.

Turkuaz 11-29-2018 04:32
Directory link on mega.nz
https://mega.nz/#F!ITBREQiS!QuYHwT6YrQcoTRU7F5IhCQ


All times are GMT +8. The time now is 21:44.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX