Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-31-2004, 21:27
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 134 Times in 36 Posts
taos Reputation: 54
Exclamation Ilok -> Pace-> A solution ;-)

Hi:
I've worked very hard with a program packed with ILOK (last version 2004).

1st. It's very hard to break this protection (you know uses ring 0 driver).
2nd. There is not information about his driver TPKD.SYS
3.It searchs the file NTICE.SYS and the registry key of Numega.

Well, there's a solution to renew the trial date.
If you have not a dongle (usb) then you have a trial demo (xx days and fully).

In older versions (Installshield program protected) used 2 keys in the registry, if you delete the keys then renew the trial period.
In this version it stores 4 keys in the registry, 2 with a unique name and 2 with random names, and in the HD stores several files (a file with Javathread.mxp name,etc...) , but the most important it's that USES ALTERNATE DATA STREAMS!!!!

In the folder program files\internet explorer and in the folder outlook express, it's attach information using ALTERNATE DATA STREAMS.
If you delete the keys in the registry, the files and the ADS files then.... voilá, RENEW your trial date, you have xx days again.
The ADS are attached to a folder, not to a file, and when you're going to rename this folders, the SO tell you that the folders are been used by another person or program.
To delete the ADS I use a freeware tool from Sysinternals (Streams v1.5).
If someon is interesting in this method of renew the trial I can do a program that make it.

Regards.
Reply With Quote
  #2  
Old 09-01-2004, 14:56
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
Hi,

My comments:

1. Pace isn't hard to break. The hardest part in Pace is anti-debug driver, only the driver. The rest of protection doesn't contain anything strong, new or incovex.

2. Some versions indeed search for ntice and reg keys but that doesn't matter - you can still run Pace protected software without the need to hide these data. Of course the problem begin when you turn on SICE.

Anyway, Pace seems to be out of the game nowadays. There have been some titles protected with it, some even known (e.g. BodyStudio) but most commonly it is/was used in audio software. There are two unpackers.


Regards.
Reply With Quote
  #3  
Old 09-02-2004, 02:47
taos's Avatar
taos taos is offline
The Art Of Silence
 
Join Date: Aug 2004
Location: In front of my screen
Posts: 580
Rept. Given: 65
Rept. Rcvd 54 Times in 19 Posts
Thanks Given: 69
Thanks Rcvd at 134 Times in 36 Posts
taos Reputation: 54
Hi

I am totally in agreement with you except in a thing, the antidebug-driver do not detect ring 3 debuggers (Olly) and if you want to unpack manually it's very hard.
Unpack a file (DLL) with Pace for me and with the last version it's no possible...

I don't understand you when you say:"you can still run Pace protected software without the need to hide these data"- How???

Actually it's used in audio programs, but it's very agressive with the SO and many companys refuse to buy it (Inaccessable floppy drives. This could also apply to any other device using IRQ 6.,BSOD on shutdown or startup with "DRIVER_POWER_STATE_ERROR",Spontaneous reboots,corrupt registry entries (could be related to spontaneous reboots if Windows is writing to the registry when this occurs.) missing (not zero-byte, but none) paging file (swapfile.) ,etc...)
And of course it's very expensive

Use ADS in folder systems, create ghost cookies files... it's very stupid but how pack the files Ipace, it's not stupid.

are the 2 unpackers older?
where are the unpackers?
I've found 1 from TNT but it's for a old version.
If you can,please send me a link for this unpackers.
Regards
Reply With Quote
  #4  
Old 09-02-2004, 20:54
dyn!o's Avatar
dyn!o dyn!o is offline
Friend
 
Join Date: Nov 2003
Location: Own mind
Posts: 214
Rept. Given: 1
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 8
Thanks Rcvd at 0 Times in 0 Posts
dyn!o Reputation: 1
"It searchs the file NTICE.SYS and the registry key of Numega". So, I understood you suggest that SICE can't be even installed. I had in mind that SICE can be installed but not RUNNING. I didn't tried it with user level debuggers like Ollydbg since I'm not using Olly at all. I use Olly to discover software compatibility malfunctions, not for cracking.

"you can still run Pace protected software without need to hide these data"
I mean with installed (but not running) SICE.

About incompatibility. As I said in "StarForce going down?" thread: in my humble opinion it's not wise to use drivers to protect any software. As life shows, it usually ends with USB/FDD/HDD problems. Can anyone pay such a high price? Ask XtremeProtector, StarForce and PACE developers... do they have new customers?

Mentioned unpackers were build for v4 and v5 and stay pretty private (I don't have them too). In my opinion all powerful unpackers should stay private, at least not accessible to the developer who made the defeated protection. It's endless job and if someone want to learn then he/she has a lot tutorials including XtremeProtector (Ukraininan) and Armadillo.

Everything is unpackable... it's always matter of time only.

Regards.
Reply With Quote
  #5  
Old 01-27-2024, 09:01
/dev/null /dev/null is offline
Guest
 
Join Date: Jan 2024
Posts: 1
Rept. Given: 0
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 1
Thanks Rcvd at 0 Times in 0 Posts
/dev/null Reputation: 0
22 years later, any updates on this? hehe i've been on this journey for a week, diving into research -- with almost zero knowledge on rev, but there's so little information about it online :/ i have found quosego/snd doc but it's outdated, so any docs, tips or pointers would be great. thanks!
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
iLok Pace protected app terminates... Black_Legion General Discussion 2 07-24-2015 16:11
ILOK pace taos General Discussion 2 08-19-2004 21:27


All times are GMT +8. The time now is 17:54.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )