|
|
#1
03-25-2015, 05:35
|
|||
|
|||
|
ckinfo+ rev.1
I made some modifications & corrections.
* Mistyped constants are corrected. * New section (0x10000 size) for inline code & constant pairs is added to keep compatibility back. * inline codes written to address 045B000. * constants are written to address 045B600. I have just replaced the constant pairs in previous release. It means, I did not keep the original constant pairs which were using for old versions. This time, the program is diverted at 3 places to new codes & constants. Now, it works for all versions (up to 7.8). The new section size is quite enough for future modification & addition. 0040388D CMP DWORD PTR DS:[EBX],20 <- first constant pairs 00403890 JB 004037D6 00403896 MOV EAX,DWORD PTR SS:[ESP+20] 0040389A INC DWORD PTR DS:[EAX] 0040389C CMP DWORD PTR DS:[EAX],20 0040389F JB 004037D0 <- second constant pairs 004038A5 POP EDI <- could not be decrypted 004038A5 JMP 0045B0CA <- divert it to our new code @control_1: ; 45b0ca cmp byte ptr [@counter], 2 <- for future version purpose jne @f pop edi pop esi pop ebp xor eax, eax pop ebx retn @@: push eax xor eax,eax mov al, byte ptr [@counter] <- counter add eax, 1 mov byte ptr [@counter], al <- increase it pop eax mov dword ptr [eax], 0 <- we will try with new constants. therefore, set it to zero jmp 004037D0 <- try again When ckinfo cannot decrypt, we diverted it here and counter is set to 1. Now, it is time to use new constants -> 00402DC3 CMP EAX,60000003 <- divert it -> JMP 0045B0FA 00402DC8 JNE SHORT 00402DD3 00402DCA MOV EDI,DWORD PTR DS:[ECX*4+43F008] <- one of constant pairs 00402DD1 JMP SHORT 00402E01 ... @part_2: ; 45b0fa cmp eax, 60000003 ; original code jne @table_6 @table_5: cmp byte ptr [@counter], 0 ; is counter set ? jne @f ; yes, use new constant MOV EDI,DWORD PTR DS:[ECX*4+43F008] ; no, use old JMP 00402E01 @@: mov edi, 045e756 ; new constant pairs imul ecx, ecx, 2C ; distance between constants jmp @goback_2 ; @goback_2: sub edi, ecx ; find the new constant JMP 00402E01 ; go to original code There are totally 8 constant tables. Just, look to new codes for details. I would like to thank to "thewd" again for awesome tool "ckinfo". It is designed perfectly, therefore it deserves to be inlined / saved for new versions of Crypkey as much as I can :-) Regards, raduga_fb March 25, 2015 
|
| The Following 15 Users Gave Reputation+1 to raduga_fb For This Useful Post: | ||
alekine322 (04-20-2015), b30wulf (03-25-2015), besoeso (03-25-2015), canopus (03-30-2015), conan981 (03-25-2015), jump (03-27-2015), kjms (03-25-2015), MarcElBichon (03-25-2015), mr.exodia (03-27-2015), niculaita (03-29-2015), nikkapedd (03-26-2015), orfei (03-27-2015), sendersu (03-26-2015), uranus64 (03-25-2015), winndy (03-29-2015) | ||
| Tags |
| ckinfo, crypkey |
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| ckinfo in 2024 | gxorge | General Discussion | 37 | 02-19-2026 12:06 |
| CKInfo 1.14 Troubles | IMJUSTADONKEY | General Discussion | 7 | 07-21-2024 20:21 |
| Where can I find the newest version ckinfo? | ycloud | General Discussion | 1 | 03-04-2016 12:22 |
Threaded Mode