Log in

View Full Version : ARMADILLO & NANOMITES (part 1)ENGLISH


S3ri@l CoDe9x
May 18th, 2003, 17:26
..by Ricardo Narvaja


New tutorial !! i hope that it can help u with the problem of Nanomites


For the persons who asked for the course they can subscribe here:

crackslatinos-subscribe@gruposyahoo.com.ar


the second part soon...


Best Regards!

corado
May 19th, 2003, 01:16
Does this system work, if the soft protected by Armadillo needs Username and Key to run?

Thanks
Corado

squidge
May 19th, 2003, 02:45
No, the software needs to be running first. If the software is protected with an armadillo encryption certificate which it requires the key to run, then your not going to bypass it without some serious work (eg. finding the decryption key).

Once you have a valid username/key however, then yes, you can apply this to get rid of any nanomites.

This tut is for programs that run already, but you want to get a working unpacked version to hack.

corado
May 19th, 2003, 03:03
Thank you Squidge for your reply!

However here is the list what I did with the Armadillo protected soft, which requires the Username & Key to run:

1. I could bypass the Username & Key screen
2. or even more I could insert the wrong Username and Key and the soft reports that the Key is Valid and has been stored in the system.
3. I could also Tranfer Key to another machine using its new fingerprint.

But the problem is, after all this operations at the final stage of unpacking programm reports - "Insufficient memory". This happens usually after the failure of HEAPALLOC function, it fails to allocate memory.

Any idea would be appreciated.

WBR
Corado

squidge
May 19th, 2003, 05:02
I'd say the best way of dealing with this would be to attempt to unpack either manually or via an automated method such as Dillodumper. If both methods fail, then your dealing with an encryption certificate that you will need a decryption key for, so may as well forget about it.

However, if you manage to dump the program and it still asks for this username and password, then it's obviously nothing to do with armadillo, so may be able to hack around the box.

The only other way I can think of at the moment is use some kind of process dumper (eg. LordPE) and dump the child process of the armadillo'd app, and then see if the entire text section is zeroed when the username request dialog box is present. If so, then it's the unpacker process doing the dialog, else it will be the program itself.

corado
May 19th, 2003, 05:28
squidge thank you again for your post!

Dillodumper doesn't help, it runs only with programs which do not require Username & Key to run.

But I have dumped the both SERVER and CLIENT part of the soft using memory dumper. The problem is that client part is not completely dumped I suppose. I know some key words from the target soft, when I search it in the dumped files they do not exist, but I could see some other information i.e. certificate name, registry key names etc., but not for instance the TEMPLATE itself, if this could be possible I would easily generate new key, since I know the certificate name and machine fingerprint.

One question: Is it possible to trace after executing USERNAME & KEY window the KEY string comparison routine with the valid KEY, in order to get it? I found already this CALL. Is the real KEY encrypted somehow in the programme?

WBR
Corado

squidge
May 19th, 2003, 07:03
No, the entire secure section is encrypted with the key in that case. Attempting a bruteforce attack is also a definite no, as they are simply far too many combinations.