Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #21  
Old 06-19-2011, 12:02 PM
md.ashik md.ashik is offline
Member
 
Join Date: Sep 2009
Posts: 36
Default

i have a HID Dongle Monitor tool & it's making my software log (HIDMonitor.log) but what is the next steep.
Reply With Quote
  #22  
Old 06-19-2011, 09:11 PM
robin1044 robin1044 is offline
Senior Member
 
Join Date: Mar 2008
Posts: 189
Default

Bfox says the log is ciphered, so:
you need to:
1- decipher the log
2- make your own Emu
3- inject the log to Emu (reg or ...)

Seems totally useless tool, but would be appreciated if would be shred again
Reply With Quote
  #23  
Old 06-20-2011, 11:04 PM
pdbhi pdbhi is offline
Member
 
Join Date: Apr 2010
Posts: 16
Default Thanks a lot to robin1044

@robin1044

Thank you very much. The passwords are working. But I want to learn that in which section we should find them.I have software which is protected by Rockey4nd. The Software exe saves a *.epj file which is encrypted. Can we decrypt all encrypted saved *.epj files back to narmal *.epj format which will open with Normal Software Exe using p1 and p2? If yes how?

Thank you very much,
You are great..great.. and great

pdbhi
Reply With Quote
  #24  
Old 06-21-2011, 04:34 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,233
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

@pdbhi: you can upload the target software and cipher/decipher pair of the file?
__________________
... Either you work well or you work much ....
Reply With Quote
  #25  
Old 06-21-2011, 11:20 PM
pdbhi pdbhi is offline
Member
 
Join Date: Apr 2010
Posts: 16
Default Uploaded ciphered exe and pair of

@Bfox

May i upload software exe only? because the setup is above 3 GB. And it is difficult to upload from here through dial-up 128 kbps. I am attaching ciphered exe and pair of ciphered and deciphered pair of file. I have 400 ciphered files.So i want to learn how to deciphered it. Then I will deciphered all files myself.

ciphered ONLY Software EXE:- http://hotfile.com/dl/121579941/0759...5_NEW.zip.html

Ciphered/Deciphered files:- http://hotfile.com/dl/121580416/a6ee...Files.zip.html

if you need Setup links,they are here, copy the above ciphered exe "FX5_NEW.exe" in "Program files/Edius 5/" folder.

Setup Links:-http://uploading.com/files/48ce2818/Canopus%2BEdius%2B5.12.part1.rar/

http://uploading.com/files/284a2faa/....12.part2.rar/

http://uploading.com/files/219dadb7/....12.part3.rar/

http://uploading.com/files/ma5c7627/....12.part4.rar/

http://uploading.com/files/2eb13md3/....12.part5.rar/

http://uploading.com/files/36m299ea/....12.part6.rar/



Thanks a lot.
Thanks for your support.
Reply With Quote
  #26  
Old 06-25-2011, 02:33 PM
pawaa pawaa is offline
Member
 
Join Date: Aug 2010
Posts: 9
Default

Unpacking it wasn't that hard...

OEP = 000024A0
RVA = 00544000
SIZE = 0000138C

- load FX5 in OllyDbg
- go to 004024A0 (CTRL + G => 004024A0)
- set a hardware BP on execution on 004024A0
- insert Rockey4ND dongle
- press F9 and it should break at the OEP
- go to memory map (ALT + M)
- right click on all sections of FX5 and click on Set Access > Full Access
- dump with OllyDbg PE Dumper By FKMA (delete last 2 sections & don't rebuild imports)
- now run ImportREC and attach to FX5 process
- specify OEP 000024A0, RVA 00544000 & SIZE 0000138C
- click on Get Imports (don't click on AutoSearch)
- click on Show Invalid
- right click on selected thunks and select Cut Thunk(s)
- click on Fix Dump and select earlier dumped FX5 executable
- execute new created file and enjoy the show...

Regards,
[PaWaa]
Reply With Quote
  #27  
Old 06-26-2011, 02:43 AM
pdbhi pdbhi is offline
Member
 
Join Date: Apr 2010
Posts: 16
Default Thanks for reply.

@pawaa

Thank u very much. I have unpacked ciphered exe. And it is working. But my problem is the project file *.ezp saved by ciphered exe can not open with the exe that we unpacked. The data files saved by ciphered exe are also ciphered.And Main part is to open ciphered *.ezp files with our unpacked EXE.

One more question for this exe how did you find OEP,RVA and size?

Is it possible to unpack *.ezp file while opend by ciphered exe from dumping memory?

Thanks once more.
Reply With Quote
  #28  
Old 06-26-2011, 02:58 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,233
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

Canopus%2BEdius%2B5.12.part3.rar deleted?
__________________
... Either you work well or you work much ....
Reply With Quote
  #30  
Old 06-26-2011, 04:46 AM
BfoX BfoX is offline
Senior Member
 
Join Date: Aug 2007
Posts: 2,233
Send a message via ICQ to BfoX Send a message via MSN to BfoX Send a message via Yahoo to BfoX
Default

Canopus_Edius_5.12.part06.rar 100M ? previsions one is 73.7 M
__________________
... Either you work well or you work much ....
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.