View Single Post
Old 11-29-2018, 02:37
Turkuaz Turkuaz is offline
Join Date: Sep 2017
Posts: 145
Rept. Given: 3
Rept. Rcvd 6 Times in 3 Posts
Thanks Given: 31
Thanks Rcvd at 134 Times in 47 Posts
Turkuaz Reputation: 6
Guidance is needed for unpacking winlicence protected app

Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log ->!obgWiQgY
Ollydbg log ->!ZHRwUaJJ
Video of my trying ->!BLYU2YQD
Setup file in case you want to try yourself ->!IbR0VSAL or
Reply With Quote