Incredibly short *Cracking TwinR Thread*

Quote:

Originally Posted by skyboi91 hi all, lcf-at decide to write a new vision of script that immediately crack the exe

tats good:oso looking forward for the script.. thx skyboi91 realy thx u so much.. :handsdown:duno hw to re-pay u fr your hardwork done.. T_T

Ops,forgot!! thx to lct-af too.. ty so so so so so much!! w/o u guys poor ppl will only get poorer T_T

haha thx skyboi and lct-af for helping us crack TwinR if u need any help feel free to ask me -.- i am damn stupid in cracking things -.- ermm skyboi can u make a screenshot tut so its eazyer? and i am looking forward to the immediately crack the exe o.o

thx

i will stop updating this thread since till lcf-at script release :) his coming script can crack the exe without unpacking the exe.

Quote:

Originally Posted by LCF-AT Hi, I will release a new script in the next days.This script will write a Inline Patch in the TM / WL exe file automaticly.Also working with TwinR and then you don´t need to unpack the TM / WL files anymore. greetz

ermm so no more guide? like a simple guide? this make my head pain >.<

:D

ok im done with it ... thanks to lcf-at from SnD ... he done a impressive video guide

cant download the zip file @@

skyboi91,can u enlight me?? i folo lct-af video untill 1.21 that Advance Loader Generator DATA box dosent come out.. hw do i solve this problem?? =) thx in advance..

Quote:

Originally Posted by peterchua89 skyboi91,can u enlight me?? i folo lct-af video untill 1.21 that Advance Loader Generator DATA box dosent come out.. hw do i solve this problem?? =) thx in advance..

o.0 i duno everytime mine will come out u window vista?

wierd.. >.< skyboi91,would u mine gv me your ollyDBG?? if not let me knw wat file u hv in thr and the setting,can?? thx in advance =) heres image of my problem [Only registered and activated users can see links. Click Here To Register...]

Dear Skyboi

help me here.. need more explain bout LCF tut
check this screen shot - all my address is same as LCF(maybe bcoz of the same license)

after replacing the AA AA AA AA address with F4 0D 16 00
next step we will do a follow in dump - memory address on 00B5B14F

1st the address shud be like this n same as LCF address
[Only registered and activated users can see links. Click Here To Register...]

and here im doing the 'follow in dump - memory address'
[Only registered and activated users can see links. Click Here To Register...]

here's the result.. and its not same as LCF
[Only registered and activated users can see links. Click Here To Register...]

check this is LCF 1st address before follow in dump - same as me
[Only registered and activated users can see links. Click Here To Register...]

but after doing that follow in dump it bocome like this
[Only registered and activated users can see links. Click Here To Register...]

can explain to me what ive miss? thanx

follow in dump == > immediate constant? since u there means you can crack it ^^

i write down all the steps in a notepad to be easily



14)Copy the start of OLD standard line

then in the search first address follow in dump=>immediate constant=> that address ==>009FA478 (loader data VA)

copy the first 5 bytes except the first 1 ==>F4 0D 16 00


15)Back to the address follow in dump the MOV DWORD PTR DS: [009FA479],AAAAA address and paste the binary in 00b5b14f E9 F4 0D 16 00

set to the new orgin==>Ok

then copy executable and save the file

then go to the PUSHAD top 0b5b050

lauch lordpe go to entry point change to==> 0b5b050 and to 075b050 save !

so, does it work on CABAl EU ????

hey the advanced generator is a virus a variant of trojan my antirus is nod....
its a virus ^_____^

Quote:

Originally Posted by rnpinca hey the advanced generator is a virus a variant of trojan my antirus is nod.... its a virus ^_____^

uhhh where's the scan?

Kaspersky Internet Security 7.0 having last DB update does NOT detect any virus in the advanced generator loader.
however, here is the virus scan provided by virustotal.com :
File Advanced_Loader_Generator.exe received on 2009.06.09 18:39:37 (UTC)
Result: 29/40 (72.5%)

Antivirus Version Last Update Result
a-squared 4.5.0.18 2009.06.09 Trojan-Dropper!IK
AhnLab-V3 5.0.0.2 2009.06.09 Packed/Upack
AntiVir 7.9.0.183 2009.06.09 TR/Dropper.Gen
Antiy-AVL 2.0.3.1 2009.06.09 -
Authentium 5.1.2.4 2009.06.09 W32/Heuristic-210!********
Avast 4.8.1335.0 2009.06.08 Win32:Trojan-gen {Other}
AVG 8.5.0.339 2009.06.09 Dropper.Generic.AKSO
BitDefender 7.2 2009.06.09 Trojan.Generic.1733845
CAT-QuickHeal 10.00 2009.06.09 (Suspicious) - DNAScan
ClamAV 0.94.1 2009.06.09 -
Comodo 1297 2009.06.09 Unclassified Malware
DrWeb 5.0.0.12182 2009.06.09 -
eSafe 7.0.17.0 2009.06.09 Suspicious File
eTrust-Vet 31.6.6549 2009.06.09 -
F-Prot 4.4.4.56 2009.06.08 W32/Heuristic-210!********
F-Secure 8.0.14470.0 2009.06.09 W32/Packed_Upack.A
Fortinet 3.117.0.0 2009.06.09 -
GData 19 2009.06.09 Trojan.Generic.1733845
Ikarus T3.1.1.59.0 2009.06.09 -
K7AntiVirus 7.10.757 2009.06.08 Trojan.Win32.Malware.1
Kaspersky 7.0.0.125 2009.06.09 -
McAfee 5641 2009.06.09 Generic.dx
McAfee+Artemis 5641 2009.06.09 Generic.dx
McAfee-GW-Edition 6.7.6 2009.06.09 Trojan.Dropper.Gen
Microsoft 1.4701 2009.06.09 -
NOD32 4142 2009.06.09 probably a variant of Win32/Agent
Norman 6.01.09 2009.06.09 W32/Packed_Upack.A
nProtect 2009.1.8.0 2009.06.09 Trojan/W32.Agent.169376
Panda 10.0.0.14 2009.06.09 Generic Trojan
PCTools 4.4.2.0 2009.06.09 Packed/Upack
Prevx 3.0 2009.06.09 High Risk Worm
Rising 21.33.14.00 2009.06.09 -
Sophos 4.42.0 2009.06.09 Mal/Generic-A
Sunbelt 3.2.1858.2 2009.06.09 Trojan.Win32.Packer.Upack0.3.9 (v)
Symantec 1.4.4.12 2009.06.09 Trojan Horse
TheHacker 6.3.4.3.342 2009.06.08 W32/Behav-Heuristic-060
TrendMicro 8.950.0.1092 2009.06.09 PAK_Generic.006
VBA32 3.12.10.6 2009.06.08 -
ViRobot 2009.6.9.1775 2009.06.09 -
VirusBuster 4.6.5.0 2009.06.09 Packed/Upack


of course, these ALL could be false positives.
Altho, use at your own risk. (I trust kaspersky more than the others.)