ironcrypt
10-22-2010, 01:11 AM
Hi,
i'm study to reverse engineering the ioncube,zend,sourceguardian product to build decoding of php encoded script
current i'm not more expert to asm patch and now i will ask help to this board
i have maked a patch to old loader files to check and bypass the checking of mac,domain,ip adress,license file
this is the current old loader modification
[
BYPASS DOMAIN IP AND MAC
0x402bb77e <_y7+222>: ja 0x402bbbcd <_y7+1325> CHANGE TO jmp 0x402bb990, nop
0x402bb784 <_y7+228>: jmp *0x402cd55c(,%eax,4)
[/COLOR]
BYPASS LICENSE FILES
0x402bdda4 <_idm3+7316>: je 0x402bddef <_idm3+7391>
0x402bdda6 <_idm3+7318>: cmpl $0x0,0xffffaef0(%ebp) CHANGE TO jmp 0x402bddef, nop, nop
0x402bddad <_idm3+7325>: je 0x402bddef <_idm3+7391>
so my problem is on the new loader i'm crazy to find the new byte to patch it.. .and one help me please...
http://rapidshare.com/files/426483751/file722.rar
i punt on rar
.so cracked old version
.so not cracked old version
.so php5 not cracked current version
regards
IronCrypt
i'm study to reverse engineering the ioncube,zend,sourceguardian product to build decoding of php encoded script
current i'm not more expert to asm patch and now i will ask help to this board
i have maked a patch to old loader files to check and bypass the checking of mac,domain,ip adress,license file
this is the current old loader modification
[
BYPASS DOMAIN IP AND MAC
0x402bb77e <_y7+222>: ja 0x402bbbcd <_y7+1325> CHANGE TO jmp 0x402bb990, nop
0x402bb784 <_y7+228>: jmp *0x402cd55c(,%eax,4)
[/COLOR]
BYPASS LICENSE FILES
0x402bdda4 <_idm3+7316>: je 0x402bddef <_idm3+7391>
0x402bdda6 <_idm3+7318>: cmpl $0x0,0xffffaef0(%ebp) CHANGE TO jmp 0x402bddef, nop, nop
0x402bddad <_idm3+7325>: je 0x402bddef <_idm3+7391>
so my problem is on the new loader i'm crazy to find the new byte to patch it.. .and one help me please...
http://rapidshare.com/files/426483751/file722.rar
i punt on rar
.so cracked old version
.so not cracked old version
.so php5 not cracked current version
regards
IronCrypt