I have had a look at the liscence agreements that BitArts, have, and guess what I appear to have taken a dislike to the company

Although I have no intention of cracking Cruncher as such, I am going to have a look at the wrapper around it, and also at Softlocx itself, and if I can provide some usful nformation then I will pass it on.

I will have to wait until the weekend as I have a Win 2000 machine in work, and am experiancing great difficulty in hiding softice from all those nasty meltice style tricks

Regards,

Kilby...

Hi guys,
please don't get too exited at Bit-Arts old shits. Softlocx 4 and 5 were defeated last year...................

With SL4 just get the keycode at offset 452244 in the insXX.tmp file. With SL5 use Chafe's rebuilder or use my or TMG's keygens.

The mutant is dead.

Thats why they pulled SL5 from the site in November 2000 too embarrassing for them.

Actually I am blocked from accessing Bit-Arts
WWW shite as well.

We are awaiting TITY or whatever to come out
so we can play with this new mutant. An evaluation Cd has been ordered, but I hope they don't deliver it to Libya or Canada by mistake now

Se if we can make a better attack than Zd labs

CYA

+SplAj

Heheh,

I cant find Chafes unwrapper, and their licensing agreement offended me (it is pretty one sided).

I am just looking for some rebuilding practice, so I can have another go at Copylok (from panlock).

Cruncher 2 was the target I chose almost at random, as it was the newest packer listed on Sudden Discharge, basicaly it was so crap I took a dislike to the company.

Additionally theres no tuts on the subject as far as I can see, and in a way a tut is the final insult to such companys.

Kilby...

Hey +SplaJ and Kirby, thanks for your posts...

i also am interested in the information (or lack of) regarding softlocx, i know ive been told that its not special, but despite this i still am having trouble...

how can i see what version of softlocx it is? if you would like my target.exe plz email nchanta@nchanta.com

thanks guys

NchantA

Have't seen Cruncher2 yet......

You know last year I had my site pulled because I had
posted a keygen for all their products and rebuild Softlocx 5 without it's mutant protection.

Nobody came to my rescue after I asked about why nobody in the RCE seemed concerned about BA protection. I posted a story along the lines of Matrix
saying that all the old HCU members formed BA ......
quite untrue but there are a couple of ex-crackers working for BA.

Now I found TMG made keygens in November 2000 as well and after this extra pressure B-A pulled the DL section . B-A announced that TITTY would be available in late Dec2000. But now I don't know when.
Maybe soon by CD order only.
They had ZD labs attack it MMMMM but will not release it for public DL . How good is it then ?

If you want a good B-A Anti_SI / Frogs Ice tut then DzaKraker made a good report on this. To be honest use TRW if Win98 or ElicZ patches if WinNT/2K and youll never hit the mutant.

+Tsehp has made a great tool. Still in private Beta . But soon you will be able to rebuild stuff like this in seconds

It's game over for the redirected IT

BUT I think there is one other thing you should know about Softlocx5. I remember that it actually changes code. E.g. say you want the menu selection to work.
In MS compilers it's made in a standard way and SL REDIRECTS this code simililar to the API tricks. Or I least I think it did/does.

I'll check out Cuncher2....

SplAj

hi' i've checked crunch2 and fusion2 , they have a really easy
protections , dumping and rebuilding them take me about 10 mins.
I thinks that there are a lot of better protections around...

see yaa...

Yado of Lockless.

i cant wait for tsehp to release his little tool, itll make my life so much easier...

i officially hate IAT...*g*

NchantA

>Ive't seen Cruncher2 yet......

Personally I don't like it, SURPRISE !

It looks like they wrote a packer for their other products, and then decided to release the packer on it's own at a later date.


> There are a couple of ex-crackers working for BA.


Hehehe, obviously they didn't work on the Cruncher 2 side of things

>B-A announced that TITTY would be available in late Dec2000. But now I don't know when.

TITTY ?

I assume thats their new product !

>They had ZD labs attack it MMMMM but will not release it for public DL . How good is it then ?

Hmmm, but how good atre ZD labs, I remember MemMaker got a good review by some ZD publications, until Dr Dobbs totaled the product,, which eventually ended up in a complete dissassembly and critique of MemMaker.


>If you want a good B-A Anti_SI / Frogs Ice tut then DzaKraker made a good report on this. To be honest use TRW if Win98 or ElicZ patches if WinNT/2K and youll never hit the mutant.

I will look into this as Cruncher only features the old ../NTICE business, hence my comment that their tame crackers havn't worked on the project.

>+Tsehp has made a great tool. Still in private Beta . But soon you will be able to rebuild stuff like this in seconds


I'm sorry to say that for cruncher packed files, I havnt' had to rebuild anything

Everything appears to be unpacked before the tables are unpacked, all I have to do is dump BEFORE the table is screwed with and set the entrypoint, this may change before long

> It's game over for the redirected IT

OOPS or are you referring to my copylok woes ?

>BUT I think there is one other thing you should know about Softlocx5. I remember that it actually changes code. E.g. say you want the menu selection to work.

Well thats a change from the usual wrappers anyway

> I'll check out Cuncher2....

It also seems that BA or as I prefer to call them Bi Tarts as I am a complete sexist pig , really like Delphi.

The wrapper around cruncher appears to start off as a variation of the actual cruncher decompress, and there is no heavy duty anti sice code in there either, even icedump copes with it V Happily.

I'm bored with my everyday life lets have a jihad

Kilby...

Greetz Kilby

Was Salam Alaikum. Glad to have you on-board.

Where the hell were you last year when those bastards made me lose my cool and my web site
>

A JIHAD it is

hOrn_dOg is hot and ready to butt-f*ck the cross-dressed mutant from Bi-Tarts :*

.....but we are too late, Yoda beat us all .......

Greetz man, ace tool that Peditor .

SplAj

:-D LOL can't friggin read English...:-D

it was Yado not Yoda ........

Greetz all the same.

SplAj

Possibly so,

but he ain't told everybody else how to

It's like red alert 2 cut off their money supply, hahaha (evil laugh) !

English is supposed to be my native language and I regularly fail to read it properly.

Kilby...

Got home and had my dinner then settled down for battle. Fusion2 first :-

..... surprise the install password was the same 'noemail' but the protection is the new hairy scary TiTTY (Titanium)

But 10 minutes later I was at BPMB 69F7F8 X watching the IAT & IT at 649000 being built and then destroyed. So dump here while it's still alive

Then traced to OEiP at 401000. Dump here

Paste section raw offset 249000 to 24bfff from good IT dump to final dump and run the dumped exe like a charm. 15 MINUTES in total to butt f*ck the TiTTY.

Crunch 2 is similar . Different offsets but same procedure. Set a BPMB TerminateThread and get into the insXX.tmp process at it's hand over to the final unpack routine in Crunchv2........
Find the APIs (eg s 600000 l 800000 'USER32')

Now I can enjoy my weekend laughing my sick f*ckin arse off. Sweet dreams Bi-Tarts :*

SplAj
BTW here is the IT, zipped for you as proof..

forgot the zip

OEP @ 401000? Boy, that's original huh?

Hey, Bi-Tarts thanks for subscribing me to over 600 internet.com bulletins from internet.com. I'll enjoy reading them. 8)

I have plenty of time cos it only takes 10 mins to Butt F*Ck your products :P

SplAj

it's released now, you can find it on the main fravia's mirror page.
Iat based protection are not complicated at all, but much time consuming and repetitive, protection system are copying themselves
and relying more and more on iat based protection.
I'm watching what they'll do next
regards,

+Tsehp

thanks to all, especially splaj+ for his help and emails, i got my target unpacked perfectly, after figuring out how to add the virgin iat myself

hey tsehp. im practising your tool atm, i attempted to use it on the softlocx, but it seemed to only get the kernel imports????

anyway thanks everyone...

NchantA

Hi NchantA

to get the REAL 'IT' from say Fusionv2 with revirgin you have to MANUALLY change the 'IAT start RVA' from the default mutant IT to the destroyed IT. the real IT is not at 002A38A2

Try 249000 length F54, press resolve and the magic appears now

I hope everyone is having fun 'revirginating' those redirected API's ..... esp. 'hi' to Alexey :* (i love that emoticon)........and remember it's still a Beta tool...and will mature with feedback ;P

Thanks +Tsehp

+SplAj