Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 02-08-2011, 00:04
hepL3r
 
Posts: n/a
Smile SecuROM & StarForce

hello everybody
These days i wanna learn how to unpack StarForce & SecuROM . I know that I should use Ring0 debugger for starforce but i don't know what should I do .
Can someone help whit unpacking these protectors please ?

BR
hepL3r
Reply With Quote
  #2  
Old 02-08-2011, 00:22
BoRoV's Avatar
BoRoV BoRoV is offline
Lo*eXeTools*rd
 
Join Date: Aug 2009
Posts: 56
Rept. Given: 3
Rept. Rcvd 91 Times in 24 Posts
Thanks Given: 0
Thanks Rcvd at 0 Times in 0 Posts
BoRoV Reputation: 91
Quote:
Originally Posted by hepL3r View Post
hello everybody
I know that I should use Ring0 debugger for starforce but i don't know what should I do.
No need. OllyDbg enough.
Reply With Quote
  #3  
Old 02-08-2011, 04:13
deepzero's Avatar
deepzero deepzero is offline
VIP
 
Join Date: Mar 2010
Location: Germany
Posts: 301
Rept. Given: 114
Rept. Rcvd 64 Times in 42 Posts
Thanks Given: 183
Thanks Rcvd at 216 Times in 92 Posts
deepzero Reputation: 64
you might want to start off with something easier, that is better documented.
armadillo, asprotect,...
Reply With Quote
  #4  
Old 02-08-2011, 12:14
Nukacola's Avatar
Nukacola Nukacola is offline
Friend
 
Join Date: Sep 2004
Location: Germany
Posts: 49
Rept. Given: 0
Rept. Rcvd 2 Times in 2 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
Nukacola Reputation: 2
As deepzero recommended use some easy stuff to get in reversing. But if u actually do ur homework try some older Securom 4.xx.xx thats pretty easy and the hastle ur way up to the current versions of securom (8.00.00)
Reply With Quote
  #5  
Old 02-08-2011, 15:34
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 179
Rept. Given: 36
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 50
Thanks Rcvd at 118 Times in 70 Posts
evlncrn8 Reputation: 54
Quote:
Originally Posted by BoRoV View Post
No need. OllyDbg enough.
total and utter nonsense.. have you actually EVER cracked starforce?

1. the virtualfile system goes through ring 0
2. there are various other mechanisms that go through ring 0

so how the hell are you going to debug the ring 0 code with ollydbg? (eg: int 3 handler, virtual file system, the ring 0 vm....)..
Reply With Quote
  #6  
Old 02-08-2011, 15:51
ahmadmansoor's Avatar
ahmadmansoor ahmadmansoor is offline
Coder
 
Join Date: Feb 2006
Location: Syria
Posts: 1,047
Rept. Given: 514
Rept. Rcvd 374 Times in 142 Posts
Thanks Given: 375
Thanks Rcvd at 410 Times in 119 Posts
ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399 ahmadmansoor Reputation: 300-399
can u explain more what u want to work on .
make some flash about ur problem .
put the name of the software which u want to work on.
try to explain more my friend .

Edit :
@evlncrn8 : yes my friend Olly is enough .
__________________
Ur Best Friend Ahmadmansoor
Always My Best Friend: Aaron & JMI & ZeNiX
Reply With Quote
  #7  
Old 02-08-2011, 18:50
hepL3r
 
Posts: n/a
For starforce my target is unpack me's in tuts4you and for securom I will upload them for u ;-) ofc they don't use any virtual machine so the problem is that they detect copy cd from original one .
Quote:
you might want to start off with something easier, that is better documented.
armadillo, asprotect,...
I did them already ( Maximum Protection - Check my releases :-) )

BR
hepL3r
Reply With Quote
  #8  
Old 02-09-2011, 01:21
evlncrn8 evlncrn8 is offline
VIP
 
Join Date: Sep 2005
Posts: 179
Rept. Given: 36
Rept. Rcvd 54 Times in 24 Posts
Thanks Given: 50
Thanks Rcvd at 118 Times in 70 Posts
evlncrn8 Reputation: 54
@Ahmadmansoor - seriously.. how is olly enough for starforce?.. starforce is ring 0 and ring 3.. with olly you will only see 1/2 of the whole picture... eg: virtual file system - md5 hashing lookup is in ring 0.. and so is many other things.... ever looked at it patching createfile etc with int 3's?.. where do you think they're handled?.. ring 0..
Reply With Quote
  #9  
Old 02-11-2011, 17:57
deroko's Avatar
deroko deroko is offline
cr4zyserb
 
Join Date: Nov 2005
Posts: 217
Rept. Given: 13
Rept. Rcvd 30 Times in 14 Posts
Thanks Given: 7
Thanks Rcvd at 33 Times in 16 Posts
deroko Reputation: 30
@evlncrn8: Maybe he thinks of latest versions of SF, where everything is r3 for shareware protection.
__________________
http://accessroot.com
Reply With Quote
  #10  
Old 02-13-2011, 19:31
V0ldemAr
 
Posts: n/a
Since v4.5 protection was removed from kernel. Only SFFS and CD check were done in kernel. SFFS easy to hook in kernel and unpack by injecting own dll into target process. Other stuff(VM) done completely in user mode. And current v5.7 is driver less because using internet activation which is not require any drivers but still may use SFFS which is driver based.
Reply With Quote
  #11  
Old 02-17-2011, 18:12
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
In fact SF went from R0 to R3 around two years ago. This was probably caused by incompatibility problems with new OSes and incompatibility in general itself. In actual SF architecture they should have no more problems with new OSes. But they have other things to force - market.
Reply With Quote
  #12  
Old 02-21-2011, 00:42
Apuromafo Apuromafo is offline
Family
 
Join Date: Nov 2010
Location: Chile
Posts: 114
Rept. Given: 37
Rept. Rcvd 26 Times in 12 Posts
Thanks Given: 245
Thanks Rcvd at 169 Times in 61 Posts
Apuromafo Reputation: 26
i was Pm in tuts4you.about this, and shared my unpacked for SF, in a single version that was say ..not are packers easy to start to learn,

i suggest start with upx, aspack ,nspack, upack, stprotector, asprotect 1x ,armadillo 1x to 5 post, execryptor, asprotect 2x,, themida, enigma and others as vmprotector,safengine are more with more time without packing

nice packers but implement tutorials, must know more about..maybe is better think in hookings and import table to add and debug blocking/..

maybe the best is debug in virtual machine for not lock the trial days and can check more at 1 time

greetings Apuromafo
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Securom 7.x and CreateProcessA Human General Discussion 2 02-26-2007 21:11
Securom protection jonwil General Discussion 4 11-03-2004 15:39
New Securom... info about loman General Discussion 1 02-16-2004 09:49


All times are GMT +8. The time now is 09:33.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )