View Single Post
Old 11-29-2018, 03:46
Megin Megin is offline
Banned User
Join Date: Jul 2018
Posts: 31
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 79
Thanks Rcvd at 98 Times in 40 Posts
Megin Reputation: 4
Originally Posted by Turkuaz View Post
Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log ->!obgWiQgY
Ollydbg log ->!ZHRwUaJJ
Video of my trying ->!BLYU2YQD
Setup file in case you want to try yourself ->!IbR0VSAL or
You forgot the MEGA decryption keys...
Reply With Quote