Unknown Packer

[Beyond2000!]

Hi guys

i´m trying to find what packer/crypter was used with PentiumTools

http://www.pentiumtools.com
http://rapidshare.com/files/221467191/PentiumTools.1.06.rar

PEId can´t identiofy what packer/cryptr it was made. Anyone have any idea which one was used and also what unpacker use on it ?

Regards

[quosego]

It's Armadillo;

[PROTECTiON SYSTEM]
Professional Edition
[PROTECTiON OPTiONS]
Debug-Blocker protection detected
CopyMem-II protection detected
Memory-Patching Protections enabled
Strategic Code Splicing enabled
Import Table Elimination enabled

[Beyond2000!]

Tks,

but it is not working.. I tested with many armadillo unpackers and the file refuses to be unpacked.

What is the neecssary (and working) tool to unpack this ?

Have any idea which file to use ?

[quosego]

Well I don't like using unpackers, if you can't do it manually...
However armageddon 1.33, with name hack (changing the window name) unpacks it fine.

q.

[Beyond2000!]

Done

Many thanks

[Git]

Quote:

Originally Posted by quosego

Well I don't like using unpackers, if you can't do it manually...

Do you use a spoon to stir your tea or your finger?

Git

Well, knowing to use your finger to stir your tea, is good when you lack of a spoon, isnt it?

[Git]

Indeed it is, but refusing to use a spoon that is in the saucer and using your finger instead is uncivilised

Git

[quosego]

But it requires way more skill if your tea is hot enough.

No, what I meant is that unpackers don't teach you anything.. They're there to speed up the process once you've mastered a protection and it gets boring... ( Note I said 'can't' not can in my first statement. Most likely you interpreted it as 'can'.. ) Just using some unpacker defeats the imho the purpose of reversing.. It's the challenge of defeating a protection for the first time that's fun, not using a a program and click some buttons,

It's only a pitty that not everybody is here for the challenge. Only the result "whoaah I crackzorred it using unpacker x"..
(Though depending on your goal that isn't necessarily a bad thing, I mean there are pure keygenners around. That just hate unpacking.. ..)

[Nacho_dj]

As quosego wisely pointed, it is an Armadillo target, and last released version of Armageddon (v1.6) can unpack it without problems; no need to change the window name since this 'bug' has been solved...

Best regards

Nacho_dj

[ahmadmansoor]

yes Armageddon (v1.6) is very Good Tools but it fail in some target especially ...with target like :
target <<VB6.0>> with this options
Debug-Blocker protection detected
CopyMem-II protection detected
Memory-Patching Protections enabled
Strategic Code Splicing enabled
Import Table Elimination enabled

it can't unpack it ....and I can give u some example ..
so I agree with quosego in this point ...man must not depended on unpacker unless he know how to unpack it ,and he need to save some times ,not else .
I like to work on Armadillo ( as all know ) .
but I like very much to use Armageddon (v1.6) ,which is very amazing ...
big Thanks go to Condzero and Arteam.

[Nacho_dj]

We are working to get ALL Armadillo targets unpacked by Armageddon, so please, when you find any target failing, as you mentioned in your post, report a target link to us, any of ARTeam members...

Thanks for your feedback.

Cheers

Nacho_dj

[ahmadmansoor]

http://download.cnet.com/FlashCards-2003/3000-2051_4-10022954.html

I don't know I have try to unpack it under VMware i don't if this affect .
many thanks

[trickyboy]

Armadillo was a old story. I think if Armadillo's author change all structure of protection,it will be better.

[ahmadmansoor]

@trickboy: Hi my friend
Long time we didn't hear ur voice ....
nice to see u around .