Reverse Engineering RET Homepage RET Members Reverse Engineering Projects Reverse Engineering Papers Reversing Challenges Reverser Tools RET Re-Search Engine Reverse Engineering Forum Reverse Engineering Links

Go Back   Reverse Engineering Team Board > Reverse Engineering Board > File Unpacking
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
Thread Tools Display Modes
  #1  
Old 11-08-2009, 11:11 AM
schrodinger schrodinger is offline
Member
 
Join Date: Oct 2009
Posts: 17
Unhappy Difficult unpacking .....plz help

I tried to unpack this exe file million times but in vain so plz help me
I succeeded in only one thing :this exe file can open data files in the program and I managed to convert an encrypted data file to the original form (it was enveloped in mcf file and I managed to convert it to the swf file which opens normally with flash)

The exe file shows it is .net and protected by VM but I think there is some sort of envelope (probably hasp.net which checks for nethasp.ini file )

The exe file which needs to be unpacked (17 mb only)

http://rapidshare.com/files/291327963/mc2.rar

The encrypted file which I managed to decrypt (32 kb)
http://rapidshare.com/files/303797765/sd.rar


I really need your help guys as it is tough task and I really did a lot of work to decrypt file above
Reply With Quote
  #2  
Old 11-10-2009, 01:24 AM
WRP WRP is offline
Senior Member
 
Join Date: May 2009
Posts: 142
Default

This file protected by Thinstall Embedded V2.545 .
Read manual for unpacking this "protector"
Reply With Quote
  #3  
Old 11-12-2009, 09:26 AM
schrodinger schrodinger is offline
Member
 
Join Date: Oct 2009
Posts: 17
Default

I know it is VM type and I don't have enough knowledge to do it actually so if someone is pro in that ...plz help me out unpacking it
Reply With Quote
  #4  
Old 11-12-2009, 11:00 AM
Git Git is offline
Super Moderator
 
Join Date: Oct 2007
Location: Torino
Posts: 1,797
Default

There is a lot of VM expertise on Exetools.

Git
Reply With Quote
  #5  
Old 11-12-2009, 03:10 PM
GNIREENIGNE GNIREENIGNE is offline
Senior Member
 
Join Date: Sep 2009
Posts: 120
Default

Speaking of exetools; are invitation codes still required for registration? I tried registering an account about a month ago - to no avail.

-G
Reply With Quote
  #6  
Old 11-12-2009, 07:24 PM
schrodinger schrodinger is offline
Member
 
Join Date: Oct 2009
Posts: 17
Exclamation

they have a tool called thininstall package editor .........I tried it but with no success
http://forum.exetools.com/showthread...ight=thinstall


plz guys help me
Reply With Quote
  #7  
Old 11-13-2009, 07:18 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Data files like the one you posted are not inside the exe. Most likely they are on a server where NetHASP key is installed. Only that machine can connect to manufacturers server and download updates as well.

So, could you please stop repeating useless requests to several reversing boards?
Reply With Quote
  #8  
Old 11-14-2009, 12:54 PM
schrodinger schrodinger is offline
Member
 
Join Date: Oct 2009
Posts: 17
Default

it seems that u (kao ) have not tried to reverse it by any means
The information which u supplied is completely wrong as nethasp key is key on remote server and will be useful if u wanna emulate the dongle only
The total data are present in the original program and the size of the original program is very big
the exe file is collection of executables which are able to open the encrypted data and i supplied an example above of an encrypted file which is decrypt the file
The problem is that the collection of files are enveloped in VM
Reply With Quote
  #9  
Old 11-18-2009, 05:01 AM
kao kao is offline
Senior Member
 
Join Date: Sep 2007
Posts: 184
Default

Haven't I? Here are few strings from main application:
Code:
http://www.molecular-conceptor.com/mc_db/check_connect.php
http://www.molecular-conceptor.com/mc_db/check.php?id_internal={0}&id_login={1}&host={2}&ip={3}&type={4}&application_id={5}&version={6}&p={7}&c={8}
http://www.molecular-conceptor.com/v2_check_dd.php
http://download.drugdesign.com/mc2/thumbnails_w/
Run Live Update from the computer with the NetHASP key.
and attached is a list of files contained in mc2.exe. As you can see, inside there are no multimedia files like yours. Those few SWF files do essentially nothing.
File "mc_data\features.xml" seems to contain information about multimedia files, but they are located somewhere else..

Any more questions?
Attached Files
File Type: txt list_of_files.txt (10.5 KB, 15 views)
Reply With Quote
  #10  
Old 11-21-2009, 02:20 PM
schrodinger schrodinger is offline
Member
 
Join Date: Oct 2009
Posts: 17
Red face

[moderator note : please don't quote such large amounts of text. It is totally unnecessary as the original is right in front of you]

plz can u upload the decrypted file somewhere ....I really appreciate your help

Last edited by Git : 11-22-2009 at 09:43 AM.
Reply With Quote
Reply


Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump





Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2021, Jelsoft Enterprises Ltd.