How To Unpack Dekaron : Script [CSV]

[xsvisme3177]

i see alot of people posting about new patch, so to unpack the new dekaron.exe you will need this.

Use ollydbg, open dekaron.exe, run this(you will need a script plugin, google it), fix with imp, dump.

Put the Plugins attached into your ollydbg folder.

Code:

dbh

var a
var b
var c
var d
var e
var test
var rva

run
eoe checkme
eob checkme

checkme:
mov b,eip
add b,2
mov b,[b]
cmp b,00058F64
je checklast
esto

checklast:
mov a,ebp
sub a,10
mov a,[a]
cmp a,400000
je found
esto

found:
eob end
eoe end
mov c,[40003C]
add c,100
add c,400000
mov c,[c]
bprm 401000,c
esto

end:
mov a,[eip]
and a,0000FF
cmp a,C3
jne exit
mov test,[esp]
and test,F00000
shr test,14
cmp test,9
jae loop
jmp exit

loop:
eob exit
eoe exit
esto

exit:
sti
mov d,eip
sub d,9
mov eip,d
mov e,[ebp-8]
mov [eip],e
mov d,eip
sub d,1
mov eip,d
mov [eip],#68#
mov d,eip
sub d,2
mov eip,d
mov [eip],#6A60#
dpe "dump.exe",eip
cmt eip,"OEP! Stolen bytes fixed & dumped. Fix IAT with ImpREC!"
mov rva,eip
sub rva,400000
log rva,"RVA of OEP: "
ret

retry:
ret

click thanks if this helped you

[Vaidas B]

nice, i dont use unpacked dekaron, but its worth a thanks

[Cloudstrife01235]

So is this the only way I can play with edited .csv files? Because i don't know what you mean by script plugin.

[Vaidas B]

plugin as a program update, like an addon that adds more functions

[Cloudstrife01235]

EDIT : Screw it. I'll just wait for an updated CRC Bypass launcher. This confuses me.

[Rapt0r]

[Cloudstrife01235]

Quote:

Originally Posted by Rapt0r

That's not what I meant. Here, i'll explain.

I know about ollyscript. However, the first post told me to google script plugin. I did, and i didn't know what to click or anything. So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this.

(I apologize. The 'let me google it for you' thing ****** me off.)

[Rapt0r]

Quote:

Originally Posted by Cloudstrife01235

That's not what I meant. Here, i'll explain.

I know about ollyscript. However, the first post told me to google script plugin. I did, and i didn't know what to click or anything. So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this.

(I apologize. The 'let me google it for you' thing ****** me off.)

Why are you posting in this thread then? It's obviously about unpacked_dekaron, and since you're not using it.. I don't get it. You'll have to wait for new CRC stuff to come up, but don't expect it to be online before event.

[Cloudstrife01235]

Quote:

Originally Posted by Rapt0r

Why are you posting in this thread then? It's obviously about unpacked_dekaron, and since you're not using it.. I don't get it. You'll have to wait for new CRC stuff to come up, but don't expect it to be online before event.

Because at first I didn't know it was for unpacked dekaron.

"So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this."

[xsvisme3177]

ill post a script plugin, along with a dump plugin

[throwawayid]

Ok, this feels like a stupid thing to say (so it probably is) but I find the whole "unpacked" thing really confusing. I used the 2MUnpack program to unpack the data files, but ever since the last update (.28) I haven't been able to use the CRC Bypass Launcher with unpacked_dekaron.exe ... I actually use CRC Bypass Launcher to launch the regular dekaron.exe file. So apparently having the data files unpacked is a totally separate situation from using the unpacked_dekaron.exe (or so it seems to me). So as far as it looks to me, ppl are using the term "unpacked" to refer to 2 different things - the data files and/or the actual .exe

I see 3 ways to run the program:

• The original, packed version
• Unpacked data files, edited csv files that maintain CRC
• Unpacked data files, edited csv files that don't maintain CRC and use Bypass Launcher

...with a 4th way involving unpacked_dekaron.exe which I still don't understand.



In any case, I've been reading on this board for a two months now and this is the first I've heard of ollydbg and have no idea how this fits into the above schemes (or if it's a 5th method altogether). Yes, yes, I plan on using the search function to dig up more info, no flames needed. All I'm saying is ... it would be nice to have separate sub-forums under the 2Moons section, each focusing on a particular way of hacking the program (CSV, CE, WinHex, etc). It's pretty **** confusing to someone just jumping into the middle of this.

EDIT: Ok, so it looks like ollydbg is similar to WinHex in that it allows you to edit the unpacked data files. I prefer to do the csv editing, MUCH faster & easier IMO ... but I may look into olly or WinHex later for the skill hack. Other than the skill hack I haven't seen any benefit to using that method that I can't accomplish with the csv files.

[mrkenneth]

Yes, he need a Good Thx for this one,

[xsvisme3177]

Quote:

Originally Posted by throwawayid

Ok, this feels like a stupid thing to say (so it probably is) but I find the whole "unpacked" thing really confusing. I used the 2MUnpack program to unpack the data files, but ever since the last update (.28) I haven't been able to use the CRC Bypass Launcher with unpacked_dekaron.exe ... I actually use CRC Bypass Launcher to launch the regular dekaron.exe file. So apparently having the data files unpacked is a totally separate situation from using the unpacked_dekaron.exe (or so it seems to me). So as far as it looks to me, ppl are using the term "unpacked" to refer to 2 different things - the data files and/or the actual .exe

I see 3 ways to run the program:

• The original, packed version
• Unpacked data files, edited csv files that maintain CRC
• Unpacked data files, edited csv files that don't maintain CRC and use Bypass Launcher

...with a 4th way involving unpacked_dekaron.exe which I still don't understand.



In any case, I've been reading on this board for a two months now and this is the first I've heard of ollydbg and have no idea how this fits into the above schemes (or if it's a 5th method altogether). Yes, yes, I plan on using the search function to dig up more info, no flames needed. All I'm saying is ... it would be nice to have separate sub-forums under the 2Moons section, each focusing on a particular way of hacking the program (CSV, CE, WinHex, etc). It's pretty damn confusing to someone just jumping into the middle of this.

EDIT: Ok, so it looks like ollydbg is similar to WinHex in that it allows you to edit the unpacked data files. I prefer to do the csv editing, MUCH faster & easier IMO ... but I may look into olly or WinHex later for the skill hack. Other than the skill hack I haven't seen any benefit to using that method that I can't accomplish with the csv files.

Noo, what i posted is all for how to make an unpacked_derkaon, not actually unpacking the data files.

[throwawayid]

Ok, so you would use ollydbg to create the unpacked_dekaron.exe, then use WinHex to edit the pack.d04 file?

And you have to use them together for it to work? And this works without the CRC Bypass Launcher?

[demoncrest]

I know I am asking an unanswerable question since anyone who finds a significant loophole won't say that they did and how, but is editting csv's and using Cheat Engine to further alter the values even worth attempting these days in general?

(and I know it's a bit of a grave bump, but still, I am looking for an answer )