Oxygen Phone Manager II for Nokia phones v2.0 Build 9.6

Web : http://kickme.to/mxbnet
Contact Me : dheeraj_xp@yahoo.com

Oxygen Phone Manager II for Nokia phones v2.0 Build 9.6

Type : Phone Manager
Protection : ASPack
Tech : Unpacking + IAT Fix

Crack :

Dump + IAT Fix

Put a BPX on GETCOMMANDLINEA ... when we break in main program
module ... trace back ... we can see real OEP

015F:00403C77 90 NOP
015F:00403C78 55 PUSH EBP <<-- Here
015F:00403C79 8BEC MOV EBP,ESP
015F:00403C7B 53 PUSH EBX
015F:00403C7C 56 PUSH ESI
015F:00403C7D 57 PUSH EDI
015F:00403C7E A1AC548900 MOV EAX,[008954AC]
015F:00403C83 85C0 TEST EAX,EAX
015F:00403C85 744B JZ 00403CD2
015F:00403C87 8B30 MOV ESI,[EAX]
015F:00403C89 33DB XOR EBX,EBX
015F:00403C8B 8B7804 MOV EDI,[EAX+04]

Dump it with EBFE Trick ... correct EBFE --> 558B with WinHex

Use ImpRec and enter OEP = 3C78 and click "Auto Search" -- "GetImports"
Fix Dump file .....

Now run the fixed file ... we can see that nothing happens ? The program is running in background ? WHat the Heck ???

A deep analysis showed me that our dump file is having STACK problem ..
The STACK is not working proprely ... ?
First I thought that .... as this program is made with DElphi .. unpacking will not work ...

But I was wrong ... ASPack never changes any stuff only IAT... STACK is not working because OEP is wrong .. we must some how figure out real entry point ... I am sure that i was near OEP.

Finding Real OEP

Put

:BPMB 00403C78 X

When we break just look at info in SICE ....

Break due to BPMB #0167:00403C78 X DR3 (ET=11.79 seconds)
MSR LastBranchFromIp=00403D01 <<-- NOte This Line <<<
MSR LastBranchToIp=00403C78

Now put BPMB at 00403D01 and restart the program ... when we break look at info ... like this trace back [About 4-5]... till we reach ASPack code ....

OPM_SW!.aspack
015F:00A713A9 8985A8030000 MOV [EBP+000003A8],EAX
015F:00A713AF 61 POPAD
015F:00A713B0 7508 JNZ 00A713BA
015F:00A713B2 B801000000 MOV EAX,00000001
015F:00A713B7 C20C00 RET 000C
015F:00A713BA 680C9A8800 PUSH 00889A0C <<- OEP
015F:00A713BF C3 RET <--- Dump It

So our real OEP = 00889A0C

015F:00889A0C 55 PUSH EBP <<--- Real OEP
015F:00889A0D 8BEC MOV EBP,ESP
015F:00889A0F 83C4F0 ADD ESP,-10
015F:00889A12 33C0 XOR EAX,EAX
015F:00889A14 8945F0 MOV [EBP-10],EAX
015F:00889A17 B8E48A8800 MOV EAX,00888AE4
015F:00889A1C E8D3EAB7FF CALL 004084F4
015F:00889A21 33C0 XOR EAX,EAX
015F:00889A23 55 PUSH EBP
015F:00889A24 68459B8800 PUSH 00889B45
015F:00889A29 64FF30 PUSH DWORD PTR FS:[EAX]
015F:00889A2C 648920 MOV FS:[EAX],ESP

Now Use ImpRec.Enter OEP = 489A0C and click "Auto Search" -- "GetImports"
Fix Dump file .....

Try to run the file ... Page Fault!...
Don't worry ... just delete orginal packed file "opm_sw.exe" and rename fixed file
"opm_sw_dmp_.exe" ---> "opm_sw.exe"

Now run it and it will run ...

Note : I don't know if this program can be made to full version as they are telling that after buying they will give us link to full version. And I don't have a Mobile Phone to test this program :(
Any way it is now totaly unpacked and you can patch it ....