Exetools  

Go Back   Exetools > General > General Discussion
Reload this Page SVKP, Armadillo or SDProtector
Register Forum Rules FAQ Calendar

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 12-09-2004, 17:52
TmC TmC is offline
VIP
  
Join Date: Aug 2004
Posts: 330
Rept. Given: 1
Rept. Rcvd 15 Times in 9 Posts
Thanks Given: 2
Thanks Rcvd at 23 Times in 17 Posts
TmC Reputation: 15
SVKP, Armadillo or SDProtector
Hi,
just a stupid question, but what packer do you think is the more difficult to unpack between SVKP, Armadillo or SDProtector?

I'm talking only of packing, not about registration algorithms or other.

Consider:

SVKP: Main packing with compression without RSA encrypted features
Armadillo: Copymem+Nanomites+Code splicing without secured sections
SDProtector: Main packing with compression without RSA encrypted features

What you think is the most hard?
Reply With Quote
  #2  
Old 12-09-2004, 20:45
softworm softworm is offline
Friend
  
Join Date: Feb 2004
Posts: 43
Rept. Given: 2
Rept. Rcvd 0 Times in 0 Posts
Thanks Given: 0
Thanks Rcvd at 1 Time in 1 Post
softworm Reputation: 0
To me,it's Armadillo
Reply With Quote
  #3  
Old 12-09-2004, 21:09
nikita@work
 
Posts: n/a
SDProtector aka SoftDefender very simple and looks like UPX-based
Reply With Quote
  #4  
Old 12-09-2004, 21:14
stephenteh
 
Posts: n/a
for me....Armadillo + Nanomites protection...
Reply With Quote
  #5  
Old 12-09-2004, 21:24
karlss0n
 
Posts: n/a
Armadillo with nanomites look's trouble but not unbeatable.

But if you add Serial + CopyMemII, then it's look's like solid stone without holes. I can't do anything with it, but i'm not a guru
Reply With Quote
  #6  
Old 12-10-2004, 02:44
MaRKuS-DJM's Avatar
MaRKuS-DJM MaRKuS-DJM is offline
Cracker + Unpacker
  
Join Date: Aug 2003
Location: Virtual World / Network
Posts: 553
Rept. Given: 7
Rept. Rcvd 6 Times in 4 Posts
Thanks Given: 3
Thanks Rcvd at 16 Times in 10 Posts
MaRKuS-DJM Reputation: 6
newer armadillos with serial can't be keygenned and so not unpacked. only way are leaked keys.
Reply With Quote
  #7  
Old 12-10-2004, 05:42
Jay Jay is offline
VIP
  
Join Date: Feb 2002
Posts: 249
Rept. Given: 31
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 13 Times in 5 Posts
Jay Reputation: 3
Quote:
Originally Posted by nikita@work
SDProtector aka SoftDefender very simple and looks like UPX-based
throw us a quick tut together then will you.
Reply With Quote
  #8  
Old 12-10-2004, 07:32
nikita@work
 
Posts: n/a
Quote:
Originally Posted by Jay
throw us a quick tut together then will you.
It will be really short.
Go to the end of packed stream and look for code like this
Code:
pop edx
pushad
mov ebx, PackedStreamSize
mov esi, offset PackedStream
lea   edi, RawDataOffset
Just rip decompress function (or use lzo1x from Oberhummer's UCL) and postfilter (only if relocs present). To decrypt imports you will need RC4 key from protector runtime context. And near the key there are original OEP address, ImageBase, IAT address, etc.

P.S. There is an original PE header at the end of unpacked stream . So as I told before it looks like UPX-based product ;)
Last edited by nikita@work; 12-10-2004 at 07:44.
Reply With Quote
  #9  
Old 12-10-2004, 08:29
Jay Jay is offline
VIP
  
Join Date: Feb 2002
Posts: 249
Rept. Given: 31
Rept. Rcvd 3 Times in 3 Posts
Thanks Given: 15
Thanks Rcvd at 13 Times in 5 Posts
Jay Reputation: 3
Just rip decompress function, To decrypt imports you will need RC4 key.
Could just be me but I fail to see how that description of how to unpack sd can be described as simple or compared to unpacking upx. Still if you don't have time for a more in-depth tutorial then to bad for us.
Reply With Quote
  #10  
Old 12-10-2004, 15:23
zaratustra
 
Posts: n/a
nothing is impossible,
give to an dumped program what it needs, it is my
philosophy
Reply With Quote
Reply

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Problem with old SDProtector Newbie_Cracker General Discussion 8 01-28-2008 07:16
Unpacking SdProtector Pro bLaCk-eye General Discussion 2 08-12-2004 22:10


All times are GMT +8. The time now is 07:52.

Aaron's homepage - Top

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( Since 1998 )