Crypto
June 10th, 2009, 18:07
This is the Protector:
Here is the exe uploaded to sendspace and rapidshare:
The size of this .rar is 21.98MB, Here is the link:
COMMERCIAL SOFTWARE - LINK DELETED BY MODERATOR
I have been to tuts4you forum, arteam forum, exetools forum, OpenRCE forums, Black Storm forum, and along with this forum. I have also searched google extensively and came up with this.
I know squidge here at RCE woodmans claims he has a unpacker for crypkey 6.x applications. But its not public.
I know that there is a Site Key Generator program. Along with another program called Isomething.
Anyway, It seems like everyone is flaming this protector, Lets see if anyone can unpack it. If you do unpack it let me know a few details on how you did unpack it. If you want to write a tutorial on this, that is ok too.
The forums and google came up with a few tutorials also which I have read for the most part:
I found this tutorial on cryptkey here:
http://www.woodmann.com/crackz/Tutorials/Crypkey1.htm ("http://anonym.to/?http://www.woodmann.com/crackz/Tutorials/Crypkey1.htm")
Along with lena151's tutorial:
snd-reversingwithlena-tutorial20
There is also a pdf and rtf file hanging around called:
CrypKey with Self-Debugger.pdf <-- I think i got this off the tuts4you main page.
There has been some promise with "CrypKey with Self-Debugger.pdf" tutorail. I have overlooked this part in it.
4. Reaching OEP in protected application
After rereading the tutorial I started to follow its steps. This is what i came up with:
I can't seem to get past step 10. I go into more detail in my post below this.
Quote:
CrypKey Instant 6.x -> CrypKey Inc. Big number :: 003A6207 :: 00C58207 <-- I seen this with a kanal scan. Thought I thro this in there. |
Here is the exe uploaded to sendspace and rapidshare:
The size of this .rar is 21.98MB, Here is the link:
COMMERCIAL SOFTWARE - LINK DELETED BY MODERATOR
I have been to tuts4you forum, arteam forum, exetools forum, OpenRCE forums, Black Storm forum, and along with this forum. I have also searched google extensively and came up with this.
I know squidge here at RCE woodmans claims he has a unpacker for crypkey 6.x applications. But its not public.
I know that there is a Site Key Generator program. Along with another program called Isomething.
Anyway, It seems like everyone is flaming this protector, Lets see if anyone can unpack it. If you do unpack it let me know a few details on how you did unpack it. If you want to write a tutorial on this, that is ok too.
The forums and google came up with a few tutorials also which I have read for the most part:
I found this tutorial on cryptkey here:
http://www.woodmann.com/crackz/Tutorials/Crypkey1.htm ("http://anonym.to/?http://www.woodmann.com/crackz/Tutorials/Crypkey1.htm")
Along with lena151's tutorial:
snd-reversingwithlena-tutorial20
There is also a pdf and rtf file hanging around called:
CrypKey with Self-Debugger.pdf <-- I think i got this off the tuts4you main page.
There has been some promise with "CrypKey with Self-Debugger.pdf" tutorail. I have overlooked this part in it.
4. Reaching OEP in protected application
After rereading the tutorial I started to follow its steps. This is what i came up with:
Code:
0. Open 1st instance of olly and locate target.
1. Patch jump to oep to this CC EB FE 90 90 90
2. Place bp on CreateProcessA, then Run process till bp.
3. Locate and open .tmp file in a new instance of Olly.
4. Patch OEP to EB FE 00 00 00
5. Save Changes and close olly.
6. Goto Location 011856F3 in first olly instance and Patch to 6A FF 90 90 90
7. Hit Shift F9 to run .exe and attach the .tmp file in the 2nd instance of olly.
8. Open 3rd instance of olly and attach it to the first instance of ollydbg.exe that has the target open in it.
9. Place bp on WaitForDebugEvent, after breaking here retn to ollydbg code.
10. Patch TEST EAX, EAX with 68 C0 04 00 00 E8 65 0D 42 7C 90
11. The .tmp file olly instance should be the only one running at this point.
12. Hit Shift F9 and then F12 to land on OEP.
13. Patch OEP to E8 07 00 00 00 6A 00
14.More to come when I figure this out
I can't seem to get past step 10. I go into more detail in my post below this.