#1
|
|||
|
|||
SVKP, Armadillo or SDProtector
Hi,
just a stupid question, but what packer do you think is the more difficult to unpack between SVKP, Armadillo or SDProtector? I'm talking only of packing, not about registration algorithms or other. Consider: SVKP: Main packing with compression without RSA encrypted features Armadillo: Copymem+Nanomites+Code splicing without secured sections SDProtector: Main packing with compression without RSA encrypted features What you think is the most hard? |
#2
|
|||
|
|||
To me,it's Armadillo
|
#3
|
|||
|
|||
SDProtector aka SoftDefender very simple and looks like UPX-based
|
#4
|
|||
|
|||
for me....Armadillo + Nanomites protection...
|
#5
|
|||
|
|||
Armadillo with nanomites look's trouble but not unbeatable.
But if you add Serial + CopyMemII, then it's look's like solid stone without holes. I can't do anything with it, but i'm not a guru |
#6
|
||||
|
||||
newer armadillos with serial can't be keygenned and so not unpacked. only way are leaked keys.
|
#7
|
|||
|
|||
Quote:
|
#8
|
|||
|
|||
Quote:
Go to the end of packed stream and look for code like this Code:
pop edx pushad mov ebx, PackedStreamSize mov esi, offset PackedStream lea edi, RawDataOffset P.S. There is an original PE header at the end of unpacked stream . So as I told before it looks like UPX-based product ;) Last edited by nikita@work; 12-10-2004 at 07:44. |
#9
|
|||
|
|||
Just rip decompress function, To decrypt imports you will need RC4 key.
Could just be me but I fail to see how that description of how to unpack sd can be described as simple or compared to unpacking upx. Still if you don't have time for a more in-depth tutorial then to bad for us.
|
#10
|
|||
|
|||
nothing is impossible,
give to an dumped program what it needs, it is my philosophy |
#11
|
|||
|
|||
armadillo with copymem2
armadillo with copymem2 and nanomites are not hard to unpack, is only hard mechanichal work.
If you have the correct scritps made for help you in the task, the hard task is made by your machine and you go to sleep and when you return the 90% of the work is made automatically and with injects and scripts. I unpack the armadillo.exe (3.77 version), make the dump takes 10 minutes with known methods, repair the table is a little more slow for the found of magic call is more difficult than previous versions but in 30 minutes the table is repaired and you are in the oep with all table perfect. The last task is the nanomites, the first time is difficult for is needed write the scrits and injects to make the work this take me 1 or 2 days, but this will be write one only time, for the futures armadillos you have the hard work maded. Next you put the injects and scripts to work for bruteforce the original program to try injecting in the nanomite routine starting in GetThreadContext and ending in SetThreadContext) you inject the address of the first nanomites and try for this value the 8 flag conbination for look all posibilities and store the results for each nanomite and posibilities of combination of flags,the second phase, with other script with the values stored you determine what type of jump is, where go to jump, and is ready, the last script acomodate the correct values in the dumped. Is the better solution to the hard encription of the tables 1 to 4 than in newer versions are imposible to find and look for the values. With this method you only need adjust your scripts to the new version (slightly changes) and the machine work for you, only you need a little manual adjust and the dumped is running. Ricardo Narvaja |
#12
|
|||
|
|||
softdefender
sofdefender is very easy to unpack only work with times.
if you look the api GetTickCount the program take the time, but in a moment compare the time witha previous time and decide if create the second process or not. In this form altering only one jump or playing with the times you can run in one single process mode and the unpack is very easy. armadillo is very more difficult obviously. Ricardo |
#13
|
|||
|
|||
Ricardo
Quote:
|
#14
|
|||
|
|||
Quote:
|
#15
|
|||
|
|||
I have a old tut
than is based in old softdefender and with non registered version but i think the idea for make one only single process is the same in sdpro, i don't know if all is exactly in the last version and when i look i add the newer additions but i think the idea can help others here the tuts of softdefender.
Ricardo Narvaja |
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
Problem with old SDProtector | Newbie_Cracker | General Discussion | 8 | 01-28-2008 07:16 |
Unpacking SdProtector Pro | bLaCk-eye | General Discussion | 2 | 08-12-2004 22:10 |