EXETOOLS FORUM  

Go Back   EXETOOLS FORUM > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 10-04-2017, 03:42
Benten Benten is offline
Friend
 
Join Date: Sep 2017
Posts: 7
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
Benten Reputation: 1
Thumbs up [Help] Armadillo 9.66 dumping target with splices - [Now Working]

Hi there,

This is my first post here, forgive me if something is horribly wrong please

OK, here we go, it's an armadillo 9.66 protected target and I have unpacked the previous version of this target, which was last week, but it didn't came with the splices on. So that was rather easy to come by. Now that the splices are on, I find it quite hard to get through and needs a gentle nudge towards the right direction now. Please follow this video so you could see what I have done so far.

<<<<<<<Ok the Link's down for now I will put the all fixed video here, in a while>>>>>>>

May be I bite something a bit more than a newbie like me could chew. Please let me know of your valuable comments.

[Update1]
Use the "Armadillo_CodeSplicing.exe" tool in AKT as suggested by Mr. Exodia. It worked wonders..
Mr. SmilingWolf is a kind, cool person and a great guy.. he was the first one to help me with this protection..

[Update2]
I've managed to do it manually cool huh?.

[Issues]
Got some issues guys. Stupid Dump fails on different PC(I mean the VM), now it fails in my PC too after restart. So Suggestions guys. I think its because I put the splice in BSS section, stupid me. but other sections don't have enough space what am I supposed to do then.

>>>While you guys where enjoying your silence I was really struggling with my limited ability from my sickbed, then Mr.Haggar Happened. God<<<

[Update3]
Guys I just Fixed that loading issue on restart right now.

Notes:
It has been a real challenge and a very demanding journey till now. Really learned how much I have to learn. Found some great guys (I mean Mr. Exodia and Mr. SmilingWolf commented on my post how awesome is that). I am sick and tired so now am gonna take some time and make a video(so all links 've got to go down for a while ) to share my attempts. Oh my God, Awesomeee..

Respects,
Ben

Last edited by Benten; 10-13-2017 at 07:37.
Reply With Quote
  #2  
Old 10-04-2017, 03:54
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 834
Rept. Given: 482
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 85
Thanks Rcvd at 465 Times in 180 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Download Armadillo Key Tool v0.4 (https://github.com/mrexodia/akt/releases/tag/v0.4) and launch Armadillo_CodeSplicing.exe

You can use this to move the code splices to another section (I recommend .pdata, usually the second-last section).
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following 2 Users Say Thank You to mr.exodia For This Useful Post:
Benten (10-04-2017), TechLord (10-08-2017)
  #3  
Old 10-05-2017, 14:55
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 92
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 11 Posts
cybercoder Reputation: 11
Or use arminline
Reply With Quote
The Following User Says Thank You to cybercoder For This Useful Post:
niculaita (10-06-2017)
  #4  
Old 10-06-2017, 23:45
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 834
Rept. Given: 482
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 85
Thanks Rcvd at 465 Times in 180 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
Yeah that is if you want corrupt code +1 (SmilingWolf made a fixed version though).
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
  #5  
Old 10-08-2017, 06:14
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 92
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 11 Posts
cybercoder Reputation: 11
Either way it has source code to play with..
Reply With Quote
  #6  
Old 10-08-2017, 06:23
mr.exodia's Avatar
mr.exodia mr.exodia is offline
Super Moderator
 
Join Date: Nov 2011
Posts: 834
Rept. Given: 482
Rept. Rcvd 1,154 Times in 308 Posts
Thanks Given: 85
Thanks Rcvd at 465 Times in 180 Posts
mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299 mr.exodia Reputation: 1100-1299
https://bitbucket.org/mrexodia/splicerebase
__________________
x64dbg: http://x64dbg.com
My Blog: http://mrexodia.cf
Reply With Quote
The Following User Says Thank You to mr.exodia For This Useful Post:
Benten (10-08-2017)
  #7  
Old 10-08-2017, 08:08
cybercoder cybercoder is offline
Friend
 
Join Date: Aug 2005
Posts: 92
Rept. Given: 2
Rept. Rcvd 11 Times in 8 Posts
Thanks Given: 17
Thanks Rcvd at 22 Times in 11 Posts
cybercoder Reputation: 11
Here's the source for arminline 0.96f..
Attached Files
File Type: rar ArmInline Source (Eng).rar (36.3 KB, 15 views)
Reply With Quote
The Following User Says Thank You to cybercoder For This Useful Post:
Benten (10-08-2017)
  #8  
Old 10-10-2017, 17:56
Benten Benten is offline
Friend
 
Join Date: Sep 2017
Posts: 7
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
Benten Reputation: 1
Thumbs up Target Unpacked

Mr. Exodia is awesome. I am a big fan of yours.

Every word you said is true... Arminline works only in windows 7 and the code gets corrupted. Also it doesn't work in Win 10. (No offense please Mr. Admiral)

Armadillo_CodeSplicing.exe from AKT works fine. Awesomeeee

Now its unpacked.. all good

ExeTools dosen't load properly in my country that's why the comments got delayed.. Now am in vodafone n/w

Last edited by Benten; 10-10-2017 at 19:06.
Reply With Quote
  #9  
Old 10-11-2017, 18:53
DCA's Avatar
DCA DCA is offline
VIP
 
Join Date: Aug 2005
Posts: 126
Rept. Given: 33
Rept. Rcvd 26 Times in 11 Posts
Thanks Given: 11
Thanks Rcvd at 7 Times in 4 Posts
DCA Reputation: 26
For next time you could always try Armageddon van ARTeam. (just search this forum)
Great tool and easy to use :-)
Reply With Quote
  #10  
Old 10-12-2017, 00:20
Benten Benten is offline
Friend
 
Join Date: Sep 2017
Posts: 7
Rept. Given: 0
Rept. Rcvd 1 Time in 1 Post
Thanks Given: 3
Thanks Rcvd at 0 Times in 0 Posts
Benten Reputation: 1
Thanks for the suggestion, but Armag3ddon V2.2 fails at this target. And I am doing it for learning so using tools to the minimum is what I preffer. Idea is to do it manually and learn.

Last edited by Benten; 10-12-2017 at 00:44.
Reply With Quote
The Following User Gave Reputation+1 to Benten For This Useful Post:
DCA (10-13-2017)
Reply

Tags
armadillo, armadillo unpacking, splices

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



All times are GMT +8. The time now is 07:29.


ICP05004977
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX