View Full Version : RLPack by ap0x
Vrane
September 30th, 2006, 07:30
Quote:
Reversing Labs Packer is a small open source .exe packing project written in MASM. It is designed to pack all common compiler executables (tested with VC++, VB, Delphi, MASM,...). Please note that RLPack is a packer and will not protect executables from cracking since it doesn`t use any anti* tricks. RLPack has following features:
+ Packs sections (ratio goes upto 60%)
+ Packs resources
+ Strips relocations
+ Preserves main icon and manifest
+ Packs import table
+ Preserves TLS (optional stripping)
- Does not support overlays!
- Does not support .exe files with export tables!
Program uses aPLib 0.42 by Jorgen Ibsen |
download: http://ap0x.jezgra.net/RLPack.rar
Vrane
October 20th, 2006, 18:53
Quote:
10/20/2006 RLPack 1.13 Basic Edition/Full Edition
+ Added error handleing for non .exe files
+ Added Fake signature option [Full version]
+ Added documentation [help.chm]
+ Added unique watermark option [Full version]
+ Added AntiCracking protection option [Full version]
+ Added API redirect protection option [Full version] |
download: http://rlpack.jezgra.net/RLPack.zip
Vrane
October 21st, 2006, 15:09
Quote:
10/21/2006 RLPack 1.14 Basic and Full Edition
+ Fixed IAT ordinal processing inside STUB
+ Added export table packing and optional export table stripping
+ Added documentation [help.chm]
+ Added Projects [1.14 Full version]
+ Added error handleing for non .exe files [1.13 Basic and Full version]
+ Added Fake signature option [1.13 Full version]
+ Added unique watermark option [1.13 Full version]
+ Added AntiCracking protection option [1.13 Full version]
+ Added API redirect protection option [1.13 Full version] |
Code:
http://rlpack.jezgra.net/
LLXX
October 21st, 2006, 16:30
Now we should start to see unpacking attempts. Who's first?
Vrane
October 21st, 2006, 17:21
me :P
here's crackme ( and dumped and unpacked) and signature for peid
(crackme packed with v1.14)
Code:
[RLPack v1.14 beta -> ap0x]
signature = 60 E8 00 00 00 00 8B 2C 24 83 C4 04 8D B5 67 02 00 00 8D 9D 2E 01 00 00 33 FF EB 0F FF 74 37 04 FF 34 37 FF D3 83 C4 08 83 C7 08 83 3C 37 00 75 EB 8D 74 37 04 53 6A 40 68 00 10 00 00 68 3B 00
ep_only = true
packed oep: 004050CD
unpacked: 00401000
unpacking is not problem
just use esp trick
if someone needs i can write a tutorial..
LLXX
October 21st, 2006, 20:40
Quote:
Check File CRC
AntiCracking protection
API redirect protection
Protect from unpacking
Enforce memory protection |
But did you unpack one with those protections? Without those protections it's no fun - becomes a banal unpacking like UPX. That's why I didn't post at first when I saw
Quote:
| Please note that RLPack is a packer and will not protect executables from cracking since it doesn`t use any anti* tricks. |
The unpackme says to write a tutorial once it's unpacked... so here:
Quote:
1. Open the file in any debugger
2. Scroll down and BP on the retn after the popad followed by a push xxxxxx.
3. Run - it'll break on the retn after unpacking.
4. Step once, there is OEP.
5. Dump cut useless packer stub, restore imports and OEP, done. |
Easy as UPX.
Vrane
October 22nd, 2006, 08:25
yes
because this is packed with basic edition.. I'll kontakt ap0x can i pack crackme with private version so maybe i upload it
ap0x
December 30th, 2006, 07:55
RLPack - New Year challenge
This is the official RLPack unpackme. Unpacking is considered correct if the unpacked Unpack.exe can unpack crackme.fsg.exe. You can not add ap0x unpacking engine .dll files to unpackme to make it work. You can only use things located inside the challenge archive. Due to the fact that unpack.exe uses psapi.dll challenge will work only on NT systems.
The first one to unpack the official unpackme will get RLPack Full Edition Personal license!
Download:
http://www.yousendit.com/transfer.php?action=download&ufid=81EA4EE319B772DE
Contact email:
ap0x.rce@gmail.com
Happy cracking
Vrane
December 30th, 2006, 08:04
Quote:
| The first one to unpack the official unpackme will get RLPack Full Edition Personal license! |
so people hurry
nikolatesla20
December 30th, 2006, 08:11
Quote:
[Originally Posted by ap0x;63449]RLPack - New Year challenge
This is the official RLPack unpackme. Unpacking is considered correct if the unpacked Unpack.exe can unpack crackme.fsg.exe. You can not add ap0x unpacking engine .dll files to unpackme to make it work. You can only use things located inside the challenge archive. |
Um hello, this is the most stupid challenge I have read. Got any more restrictions? Why should I bother doing all this work when I can simply add a DLL to a real world app that is protected with this?
A challenge that actually simulated a real world condition, rather than your safe little bubble, would be more pertinent.
-niko
ap0x
December 30th, 2006, 09:10
Well one of the new features is .dll file bundleing and that is added to this packed application. So if I have not published those .dll files on my web site you would have the problem since application will not work without them. And since they are in memory you would have to dump and fix them aswell. So this is a real life situation for all application packed with PeBundle, Thinstall or MoleBox.
deroko
December 31st, 2006, 11:18
nice chalange, and nice coding there
seven
January 5th, 2007, 10:36
NO NEED 2 UNPACK PROGGY F U CAN PATCH PROGGY
PACKING MAKE PROGGY ( SMALL + PROTECTED )
SO UNPACK IZ CONSIDERED CORRECT F UR PATCH
MAKE THE PROGGYZ CODER CRY
kamal20
January 5th, 2007, 11:45
it show pack with aspack but pack with RLPack
Silkut
January 6th, 2007, 13:17
seven, we are not blind.
Nico
February 26th, 2007, 16:32
Is there a backup of the packed file somewhere ?
I was looking for a file protected by the full version, since the basic one is as trivial as upx.
I want to test a toy im programming
deroko
February 26th, 2007, 17:58
Hi Nico,
official crackme attached
Nico
February 26th, 2007, 19:54
Thanks Deroko
Nice Themida exploit by the way
onebitshort
February 27th, 2007, 03:03
Vrane,
Quote:
| unpacking is not problem just use esp trick if someone needs i can write a tutorial.. |
Can you please explain what the 'ESP Trick' is ???
Thanks
deroko
February 27th, 2007, 06:08
It is when whole packer is wraped with pusha/popa/jmp __oep. So once pushad is executed you type bpmd esp(set hardware breakpoint r/w on stack) and run target, it will break on popad and you are almost at oep.
@Nico: Tnx
onebitshort
February 27th, 2007, 06:29
deroko, thanks for a very good explanation
- it looks like UPX would be a prime candidate for this type of detection!
One question ... does this detection method assume & require that the unpacking code doesn't alter the stack in any way while it's unpacking?
naides
February 27th, 2007, 06:38
@ onebitshort:
The unpacking code can and will alter the stack quite a lot during its tenure.
In the end it should leave it as it found (At POPAD) it just before going to the OEP to launch the application, because It holds the return address to the OS loader routines (Kernel32) and other loader information that allow the application to terminate gracefully when you are done.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.