|
|
#32
11-08-2017, 03:08
|
|||
|
|||
 Sleeping is more important than reversing this app... Regardless, every Armadillo app always calculates all hardware id types from what I know. That tutorial is also a bit shit, but the LocalAlloc method was only to locate the 'certificate' functions (ReadByte, ReadWord, ReadDword). It might make more sense to try to follow along with what AKT is doing to see how it works (you can always do it on some unpackme later to learn how it works better). The relevant (terrible) code for the ECDSA_Replace plugin starts at https://github.com/mrexodia/akt/blob/master/plugins/Arma_InlineHelper_Plugin_ECDSA_Replace/src/main.cpp#L115 Basically what the plugin does is hook that function, wait until a certain DWORD is found (part of the project ID I believe) and it will then just alter the ASCII of the ECDSA parameters before it's read into BigNumbers. This is similar how the 'certificates' tab of AKT works, but then it reads instead of writes. Note that you cannot register EZ CD through their registration dialog (probably it calls their server/does validation or something). You can use the EnableRegister plugin and call "ezcd.exe REGISTER" from the command line to get the stock Armadillo registration dialog. |
| Tags |
| armadillo, armadillo unpacking, import elimination, tutorial request |
|
|
Threaded Mode