Hi all.

Have not been around a long time - nice to see the board still is active .

Well now that I'm back to cracking...
Does anybody have information about how XtreamLok works, or any programs that are using this protection?
General info on w*w.xtreamlok.com is just like everywhere:
"Our protection is unbeatable and the best and blabla... BUY IT"...
But no detailed technical information given and (so sad) no possibility to check if its really that hard :x

Unfortunately the only program I saw yet using xlok was one also protected by softwrap, so i just kicked softwrap - well to be honest i kicked the program, too after cracking it and forgot its name without checking the xtreamlok part .

If anybody has information about this protection scheme I'd be glad to hear

Have a nice day,

tCr

hi, tCr..

you ca test the last version of SoftWrap v4.

"Softwrap version 4.0 has several distinctive added functionalities, including:
· Significantly enhanced security with the addition of full Xlok integration
· Facility to wrap from any machine that is connected to the Internet, using an ActiveX wrapper as opposed to the application; this ensures that the publisher is always wrapping the latest offering from Softwrap".

It use the full Xlok integration.

Good Luck.

Well, we successfuly trying to crack example of latest XLock/SoftWrap protector. Only interesting thing IMHO is fully changed import mechanism - their wrapper changes code in protected module so now all refs to import processed over two or three functions which do dynamic API function resolving - protected module even haven`t valid IAT at all. It seems like

was:
mov ecx, ds:[IAT entry]
now:
call ecx, dynamic_resolver

But code for decrypting function is very simple (differs by three constant from module to module) so you can rip it in SI for half hour. May be there is sence to do emulator for such import mechanism ?

can you share direct link for downlad?

Download wrapper:
softwrap.com/download/Wrapper.exe

Wrap any program and you get at least softwrap.dll encrypted by xLock (we unwrap them without problems too ;-)

This is joke??

I wrapped NOTEPAD. It produces 2 files:
1. New big "NOTEPAD.EXE" 344kb
2. "Notepad.locked"

But this "Notepad.locked" is normal 98% NOTEPAD! Only little peace of code
is crypted. & decrypted code I can dump from memory.

So, is IT STUPID or I did something wrong??

Internaly (with the protection) almost nothing has changed with softwrap 4 :/
Few small changes i will list very shortly.
I had to make a few changes with my 3.x unpacker and hopefully once i resolve some key prob on NT ill have it out for all to see within this month.
Time is very precious at this moment as work is so demanding.

ThrawN

hehehehe u finally did the unpacker ? (didn't heard of you)
but still dunno why u did one, cause softwrap really suxors

^DAEMON^

So nobody agree with me, when I sad:
"this is stupid protection"???
Strange. Who want unpacked "LAUNCHER.exe"?
Or who can?

OOO!
DAEMON!

How is your BETA protector?
Did you enhance it?
Would you like I unpack?

lol, yeah i've improved it a little bit but stopped the project...

i've started a commercial protector with a friend...
but anyway i've tested revirgin's tracer yesterday on my old protection and it failed (on NT! not 9x) (after 20minutes i stopped the job! hangs in an endless loop)

^DAEMON^

Tsehp, as I know, not made RV for NT.
For W2K.

Ah, commecial protector!
So I can help you in UNPACKING also THE commecial protector

Also, IF your money_lover_Protector is NONtraceble by RV, I think, Tsehp will interested
for this...

OK, point me, what program is protected...
or no one yet?

isn't 2k based on NT ? (it was 2k i tested it on)

yep sure u can help me... currently i've started the import wrapper... this is maybe one of the most difficult parts...
@ least it gets more interesting than my last wrapper...


anyway u can try to unpack an "old" protected file...

i'll email u the private link...

^DAEMON^

Firstly, lets finish with XLOC!

Here I uplaoded in splitted 2 parts xLOC's "LAUNCHER.exe".
So this launcher is very interestly wrapped, but not programs it must protect!!
STUPIDO ONE!

This LAUNCHER is a resource in WRAPPER.EXE.
I restored 678 mangled exported FAR CALLs!!!!!!!!

But there are also >164 direct calls into "xloc" section.
This calls simulates inatructions like:
mov esi, [export]
mov edi, [export]
mov esp, [export]

Because I'm too lazy for restore them, I leave XLOC section
and added my little startup code.

Who can?? WHo can't?

Hey, DAEMON!
Can you explain reason, why you not publish your_protected file here?
Why you will send private link? What if you make little-pusy-viri for mee!?

evaluator, why the hell should i infect you ? u don't trust me :/

gimme only 1 reason why i should release a "BETA" of it?

(i don't want to be rude - but think about it)

^DAEMON^

Why you want infect mee?
possible answers:
1. JfF
2. VENDETTA!

OK, FORGET IT! I joke..

But now you tell me, why you not "publish" beta-protected EXE?
So not only I will enjoy unprotect it, but many other newbiez?

it's a security reason, when u grow up with a protection u know how it's working etc... that's my reason for not releasing a public beta... nothin more (an example would be risc -> unsafedisc... he can update "pretty fast", it would take a long time for me to do an unpacker)

^DAEMON^

Well, i have one reason why you should release your beta :> (beside the fact that i would love to try it :>

well well, the best OS so far has been open source one, the best encryption algorithm is always open source, well tested by the public.. if you put ur beta version here, we can play with it, provide u with idea how we can defeat it and you can improve it... we cna always work together to learn and improve... hmm except i dont dig that idea of a commercial protector!!!

Just my 2 cents :>

Cheers,

DEATH OF SARDANAPAL

Yep, now I fully remove wrapper...

You can use "RESOURCE HACKER" for optimise resource size..

WHO CAN? WHO CAN'T???

hi binh81

iam sorry,better go and try yourself @ rea...

when u reach the last crackme u can show me your knowledge... (it's protected by my protector)

h**p://www.reverser-course.de

^DAEMON^

you mean, I also must try your CRcme, or
it only for binh8?

Heya DAEMON good to see ya again
Yeah iv been off da net almost totaly so you wouldnt hear anything from me
I solved problems by not trying the hook method and use the attualy protectors method (code rip)
Just something iv missed somewhere so its not working 100%.
bleh anyhow i havnt worked on it recently theres just no time to and the only reason i did it was out of interest not for anyone elses benifit.

ThrawN

P.S nchanta you browse these boards? email me pls

Thx for the info guys - wasnt able to reply faster got sick.

Happy Reversing,

tCr