SecuROM & StarForce
 

hello everybody
These days i wanna learn how to unpack StarForce & SecuROM . I know that I should use Ring0 debugger for starforce but i don't know what should I do .
Can someone help whit unpacking these protectors please ?

BR
hepL3r

No need. OllyDbg enough.

you might want to start off with something easier, that is better documented.
armadillo, asprotect,...

As deepzero recommended use some easy stuff to get in reversing. But if u actually do ur homework try some older Securom 4.xx.xx thats pretty easy and the hastle ur way up to the current versions of securom (8.00.00)

total and utter nonsense.. have you actually EVER cracked starforce?

1. the virtualfile system goes through ring 0
2. there are various other mechanisms that go through ring 0

so how the hell are you going to debug the ring 0 code with ollydbg? (eg: int 3 handler, virtual file system, the ring 0 vm....)..

can u explain more what u want to work on .
make some flash about ur problem .
put the name of the software which u want to work on.
try to explain more my friend .

Edit :
@evlncrn8 : yes my friend Olly is enough .

For starforce my target is unpack me's in tuts4you and for securom I will upload them for u ;-) ofc they don't use any virtual machine so the problem is that they detect copy cd from original one .
I did them already ( Maximum Protection - Check my releases :-) )

BR
hepL3r

@Ahmadmansoor - seriously.. how is olly enough for starforce?.. starforce is ring 0 and ring 3.. with olly you will only see 1/2 of the whole picture... eg: virtual file system - md5 hashing lookup is in ring 0.. and so is many other things.... ever looked at it patching createfile etc with int 3's?.. where do you think they're handled?.. ring 0..

@evlncrn8: Maybe he thinks of latest versions of SF, where everything is r3 for shareware protection.

Since v4.5 protection was removed from kernel. Only SFFS and CD check were done in kernel. SFFS easy to hook in kernel and unpack by injecting own dll into target process. Other stuff(VM) done completely in user mode. And current v5.7 is driver less because using internet activation which is not require any drivers but still may use SFFS which is driver based.

In fact SF went from R0 to R3 around two years ago. This was probably caused by incompatibility problems with new OSes and incompatibility in general itself. In actual SF architecture they should have no more problems with new OSes. But they have other things to force - market.

i was Pm in tuts4you.about this, and shared my unpacked for SF, in a single version that was say ..not are packers easy to start to learn,

i suggest start with upx, aspack ,nspack, upack, stprotector, asprotect 1x ,armadillo 1x to 5 post, execryptor, asprotect 2x,, themida, enigma and others as vmprotector,safengine are more with more time without packing

nice packers but implement tutorials, must know more about..maybe is better think in hookings and import table to add and debug blocking/..

maybe the best is debug in virtual machine for not lock the trial days and can check more at 1 time

greetings Apuromafo