EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 11-29-2018, 02:37
Turkuaz Turkuaz is offline
Friend
 
Join Date: Sep 2017
Posts: 78
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 61 Times in 21 Posts
Turkuaz Reputation: 5
Guidance is needed for unpacking winlicence protected app

Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is http://www.oxygen-forensic.com/en/products/oxygen-forensic-detective

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log -> https://mega.nz/#!obgWiQgY
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ
Video of my trying ->https://mega.nz/#!BLYU2YQD
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html
Reply With Quote
  #2  
Old 11-29-2018, 03:46
Megin Megin is offline
Banned User
 
Join Date: Jul 2018
Posts: 31
Rept. Given: 0
Rept. Rcvd 4 Times in 4 Posts
Thanks Given: 79
Thanks Rcvd at 78 Times in 31 Posts
Megin Reputation: 4
Quote:
Originally Posted by Turkuaz View Post
Hello all,
I am trying to unpack a mobile forensics programme protected by themida/winlicence using Ollydbg with Themida - Winlicense Ultra Unpacker 1.4.txt script. Then I will write a loader for it.

It is Oxygen Forensic Detective v10.4.0.54, one of the leading mobile forensics app and its official site is http://www.oxygen-forensic.com/en/products/oxygen-forensic-detective

I saw on a forum that someone cracked it but he put HWID restriction on it using zprotect.

My aim is to learn to crack it, by doing so I will be able to crack next versions too. I hope.

I did setup a virtual machine w7 x32 with olly and unpack script. Everything looks fine. Script runs, no debugger detection or error/warning and the programme asks license but there is no dump dialog and no dumped file.

I must miss something or do something wrong. I tried every combinations of the script, the same result, no dump

I'd be very appreciated if anybody can guide me.

Thanks in advance.

Notes and files:
Protection ID says Themida x86 V 2.4 Build 6 (reserved 0) detected !
RDG Packer Detector says Themida/Winlicense 2.x
Installation failed under xp so I have to use w7

Script log -> https://mega.nz/#!obgWiQgY
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ
Video of my trying ->https://mega.nz/#!BLYU2YQD
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html
You forgot the MEGA decryption keys...
Reply With Quote
  #3  
Old 11-29-2018, 03:46
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 988
Rept. Given: 816
Rept. Rcvd 85 Times in 57 Posts
Thanks Given: 2,078
Thanks Rcvd at 205 Times in 127 Posts
niculaita Reputation: 85
https://sanet.st/blogs/killdozer/mobiledit_forensic.2725407.html
free download https://rapidgator.net/file/8d67a638e4feb6a1a46b7d193d5131aa/SaNet.st_MOBILedit.For.10.0.0.24883.rar.html
__________________
Decode and Conquer
Reply With Quote
  #4  
Old 11-29-2018, 04:29
Turkuaz Turkuaz is offline
Friend
 
Join Date: Sep 2017
Posts: 78
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 61 Times in 21 Posts
Turkuaz Reputation: 5
Quote:
Originally Posted by Megin View Post
You forgot the MEGA decryption keys...
Thanks for warning, I updated

Script log -> https://mega.nz/#!IbR0VSAL!anWHqhYEmnaFfYxSj8yc4MUBlEgkXVLVwtRWW_68rvk
Ollydbg log ->https://mega.nz/#!ZHRwUaJJ!l6QB-IoLkqZ8QXL9sSDIm8mciwdnxoTSoklY1q9Ev1M
Video of my trying ->https://mega.nz/#!BLYU2YQD!imgDPrX-elq9ZsMx0DbJBd5aA2VgfvlzSIoMaZRV9hg
Setup file in case you want to try yourself ->https://mega.nz/#!IbR0VSAL!anWHqhYEmnaFfYxSj8yc4MUBlEgkXVLVwtRWW_68rvk or http://dosya.co/uu5j4p949d8o/OxyDetective_Setup_10.4.0.54.exe.html
Reply With Quote
  #5  
Old 11-29-2018, 04:31
Turkuaz Turkuaz is offline
Friend
 
Join Date: Sep 2017
Posts: 78
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 61 Times in 21 Posts
Turkuaz Reputation: 5
Quote:
Originally Posted by niculaita View Post
https://sanet.st/blogs/killdozer/mobiledit_forensic.2725407.html
free download https://rapidgator.net/file/8d67a638e4feb6a1a46b7d193d5131aa/SaNet.st_MOBILedit.For.10.0.0.24883.rar.html
This is another programme, thanks anyway.
Reply With Quote
  #6  
Old 11-29-2018, 04:32
Turkuaz Turkuaz is offline
Friend
 
Join Date: Sep 2017
Posts: 78
Rept. Given: 0
Rept. Rcvd 3 Times in 2 Posts
Thanks Given: 14
Thanks Rcvd at 61 Times in 21 Posts
Turkuaz Reputation: 5
Directory link on mega.nz
https://mega.nz/#F!ITBREQiS!QuYHwT6YrQcoTRU7F5IhCQ
Reply With Quote
Reply

Tags
forensics, unpack, winlicence

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 10:11.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX