Results 1 to 2 of 2

Thread: Hmm interesting new protection....

  1. #1
    Test2000
    Guest

    Hmm interesting new protection....

    Okay while doing some searching on various crackmes I decided to try out what I had learned on some more commerical games. I downloaded a range of old products that I like (mainly text simulations) and a few other things. Had no problems with most of these simple serial protection. Thats when I came across something tricky. I'll break it down in steps:

    (1) I opened up the .exe of the programme I was attempting to reverse saw that it was your standard 14 day evaluation yada yada yada. Okay so advance clock and go back and see what happens.

    (2) Ohh look at that the application has expired yada yada yada. Lets look for some references. Hmm seems standard serial protection lets enter a couple of those okay we've got our invalid message lets have a search again.

    (3) Open up various tools to look for references (WDASM, HiEW) nothing so this looks like the application is packed.

    (4) Lets have a look what its packed with well according to PEiD its packed with Protection Plus.

    (5) Lets have a search around for some tutorials on Protecion Plus or any unpackers on Protection Plus. Found total: 0.

    Thats about where I have hit the snag. I tried opening up the application with OllyDbg but it has some rather odd modules. The oddest one seems to be that it has a duplicate module of the actual exe file but its not the exe file. I've also looked at the actual PE header of the programme and the flags seem to be unpacked yet I know the application is packed because of the PEiD scan and the way the code displays in WDASM. Might be something for someone more advanced to have a play with and see what type of protection its using. If you want the .exe I've been trying to unpack for interests sake I'll PM you. Supposedly CORE already did a crack on this version but I believe it does not work.

    Any information on the Protection Plus scheme if known would also be welcome as I may put this on my #2 list of priorities after I've finished my reading.

    [Edit: One other thing I forgot to add is when I loaded up OllyDbg and tried to go back to the .exe it seemed to corrupt it. When I tried with SoftIce it had SoftIce detection running. As I use XP FrogsIce was not an option this may well be an option for someone running this scheme on a ME/9x platform].
    Last edited by Test2000; February 21st, 2004 at 13:56.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Registered User hobferret's Avatar
    Join Date
    Jul 2002
    Location
    Alien Area near Albuquerque
    Posts
    203
    Test2000 M8

    Send a PM this sounds interesting

    regards

    /hobferret

Similar Threads

  1. Some interesting papers
    By Neitsa in forum Off Topic
    Replies: 12
    Last Post: December 7th, 2004, 07:30
  2. interesting target(s)?
    By Rackmount in forum The Newbie Forum
    Replies: 3
    Last Post: May 22nd, 2003, 13:12
  3. Help: An interesting ActiveX Server protection used by SolarWinds 2000
    By Solomon in forum Advanced Reversing and Programming
    Replies: 15
    Last Post: September 13th, 2001, 07:42
  4. Very interesting target: AdSubtract Pro
    By BlackB in forum Advanced Reversing and Programming
    Replies: 16
    Last Post: February 12th, 2001, 11:12

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •