Exetools

Exetools (https://forum.exetools.com/index.php)
-   General Discussion (https://forum.exetools.com/forumdisplay.php?f=2)
-   -   Patching Themida / WinLicense Banned License (https://forum.exetools.com/showthread.php?t=12126)

ZeNiX 03-11-2009 16:56
Patching Themida / WinLicense Banned License
 
I saw Nooby's tut on patching the blacklist two days ago.
So, I tried it on some custom built versions of Themida.
Up to now, I have no luck on it.

Yes, I used the banned license from admin@free8xxxxxx.
Then I get lost in the VM of jmp ESI's.

Had anyone tried it?

Maybe it is because that I am not familiar with its VM.

Also, I see people saying that Shoooo uses another method which patches the BannedID check and corrects the CRC. However, I cannot find his tut.

Can you offer any help?

I did not try it on the WinLicense, as I do not have a banned key.
But I assume that the check of the banned key is same or similar.
Right?

quosego 03-11-2009 16:59
Haven't tried it, should be interesting.. Will take a look.

However as far as I know Themida and Winlicense are both protected with the same custom winlicense.

Ember 03-25-2009 02:34
I have never seen this tutorial before? Is it a private one?

leosmi05 03-27-2009 04:46
Which one?
 
Could you give some examples of applications protected with Themida/WinLicense? (Small size applications are preffered) :-)

I can't run WinLicense itself, as it crashes immediatelly after starting it.

ZeNiX 03-27-2009 13:02
Quote:
I can't run WinLicense itself, as it crashes immediatelly after starting it.
Which version of WinLicense did you use?
Maybe you used a cracked version?

All custom build versin of Themida and Winlicense are protected with Winlicense.

ZeNiX 03-27-2009 15:48
2 Attachment(s)
I have tried [quosego/snd] method to bypass the banned License on.
However, the protected file will result on Application Error.
Maybe there are more checks inside Themida itself?

Jupiter 03-27-2009 22:45
PE CheckSum Adjuster v1.33
 
ZeNiX
to fix Themida CRC, you can use my Hiew plugin:

PE CheckSum Adjuster v1.33

[ENG]
PE CheckSum Adjuster can modify PE file to conform PE checksum. New and original checksums are the same! This means that checksum will be intact! Useful when you need to keep original checksum, for ex. for Themida patching.

[RUS]
PE CheckSum Adjuster изменяет PE файл для соответствия контрольной сумме (поле OptionalHeader.CheckSum).
Модуль не изменяет контрольную сумму: контрольная сумма нового файла равна контрольной сумме оригинального.
Полезно, когда нужно сохранить исходную контрольную сумму файла, например для патча Themida.

Compiled HEM: CheckSumAdjust133.zip (~3Kb)

Hiew version minimal: 7.45
HEM SDK version: 0.35


Hiew External Modules

leosmi05 03-28-2009 04:22
Quote:
Originally Posted by ZeNiX (Post 62903)
Which version of WinLicense did you use?
Maybe you used a cracked version?

All custom build versin of Themida and Winlicense are protected with Winlicense.
I wanted to analyze one file protected with Themida, so I downloaded the latest demo version of Themida and WinLicense (2.0.4.0) from Oreans.
But WinLincense crashes when you start it. How can people then try your code protector? :-)
BTW, no debugger was runnning.

Cheers!

gunterg 03-28-2009 17:20
What OS you had? Anyway it's very strange because since a few versions TMD/WL not use more ring0 protection.

leosmi05 03-29-2009 04:41
Yep, very strange. I tried it on XP SP2.
Anyway, can anyone suggest some apps protected with TheMida v2.0.4+?


All times are GMT +8. The time now is 20:17.

Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2026, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX