Log in

View Full Version : ActiveMARK Packaging Tools Released


%UNDEFINED%
April 17th, 2004, 09:02
Ran across this, I don't believe they have ever before made their tools available to the public.

Has anyone taken a look at this?

http://www.trymedia.com/developer.shtml ("http://www.trymedia.com/developer.shtml")

I downloaded it, but I can't install it on WinME, it requires NT/2K/XP

So I will have to wait until I get home before I can rip into it and see what low and behold I have.

I am not looking for any help with anything, I was just wanting to hear everyones thoughts

LobSang Ludd
April 18th, 2004, 10:48
Hello #undef

TYVM for the info. Much appreciated...
Unfortunately this tool isn't usable for 'unregistered'
Trymedia Developers. You need a Login-Account on TM-Servers to make
any use of this VB-App. The only interesting thing (imho of coz) is the
win_sample.exe, which is protected by ActiveMARK R5.0.896. But i think
any AM protected Target is more suitable for reversing issues so there is no real need to download this 6.8 MB.

And beside that, it's a pity (for a multi-zillionare-company) that only
'cosmetical' changes raised the version from ActiveMARK R4.0.710
to the 5.0RC. By cosmetical i mean the GIF's in the AM-Browser hehe...
Under the 'hood' nothing changed: CRC32 loops, SHA-1 checks on the crypted-tunnel-VFS, Rijndael, anti debug threads, obfuscation and code-interleaving is the same. A lot of EBFF's to make Disasm'ing harder. Dumping is very easy, fixing the dump is harder (to hard for me ). I think
generating a valid license file (<VID>.lcn) is still the proper way for an
attack. But im not that Crypt-Wizard.
The AM-Pro Wizard with the C++ SDK would be a much worthier download.
(This is not a request - it's a wish)

As always...Comment are very welcome.

Rigartz!

PS.: There's a good chance that my translation plugin may be broken. If you found any langwatch errors you can keep em for ya self. Brownies rule...
...im off


Save the Vinyl!

mmk
April 19th, 2004, 12:03
Quote:
[Originally Posted by LobSang Ludd]And beside that, it's a pity (for a multi-zillionare-company) that only
'cosmetical' changes raised the version from ActiveMARK R4.0.710
to the 5.0RC. By cosmetical i mean the GIF's in the AM-Browser hehe...


They must make money and you make money by upping the version number.

Quote:
Under the 'hood' nothing changed: CRC32 loops, SHA-1 checks on the crypted-tunnel-VFS, Rijndael, anti debug threads, obfuscation and code-interleaving is the same. A lot of EBFF's to make Disasm'ing harder. Dumping is very easy, fixing the dump is harder (to hard for me ).


Fixing it is not so hard. The only problem is restoring some of the API functions, but they're easy to find and guess. The bad part about ActiveMARK is that no interesting app is protected by it.