[Request] Unpacking sro_client.exe (ASPack)

Page 1 of 2

01/07/2012 22:52 yurka333#1

Hello Epvp,
as title says,i need help in unpacking sro_client.exe .

As PEiD says,its : "ASPack 2.12 -> Alexey Solodovnikov"
And ProtectionID : "ASPack 2.2".
So i'm not sure which packing method it have..

I've tried all method (manual and program's) that could found on Google and here,but none of them helped.

"sro_client.exe" and "GFXFileManager.dll"(don't know if it needed) in Attachment

[Only registered and activated users can see links. Click Here To Register...]

Hope for your help!
Thanks for attention.

01/07/2012 23:43 Schickl#2

google for "stripper aspack unpacker"
you should find it
only works on 32-Bit though

01/08/2012 01:02 yurka333#3

Used all versions of stripper, Quick Unpack, ASPackDie, AntiASPack, RL!deASPack few other tool's,all manual method's that i've found on Google and all of them doesn't gave right result.. I spent 3 days and nothing..that's why i asking for help here..

01/08/2012 13:48 Schickl#4

stripper always worked for me

01/08/2012 19:22 yurka333#5

then unpack that sro client for me please :)

01/08/2012 22:00 jumalauta#6

StripperX doesn't work on last versions of Aspack, and nothing is better than a proper manual unpacking.

I fully unpacked it but you may see that it won't run properly and you will get a R6002 error, that's because aspack protector modify the pe header and i don't have the time to rebuild it properly, it takes much more time than the unpacking process.

So, do what you want to do in the sro_client.exe, and when u're done, pack it with UPX ([Only registered and activated users can see links. Click Here To Register...]), it will rebuild the proper header structure and permissions, and the target will run normally.

01/08/2012 22:46 yurka333#7

jumalauta, Thanks!
Mean aspack xD
Well, with that your unpacked client will be I able to get blowfish?

01/09/2012 02:21 jumalauta#8

I guess not..

You won't be able to retrieve it with the pushedx method because the target cannot be started directly in the debugger and the key won't be generated.
I can retrieve it for you if you want..

01/09/2012 06:47 yurka333#9

Thats look funny,but i've started to follow Drew's method to get blowfish, used "search for all referenced text strings" and searched for .pk2 name, and right above that .pk2 was 6 number's string,i replaced that string in old Drew's PK2Tool's(Extractor) with 169841 and its worked o.O

Maybe that is not blowfish key at all..

Btw, jumalauta, can you explain me what should i do (in Drew's method [Only registered and activated users can see links. Click Here To Register...] ) in Step 1 after i've set a breakpoint? Should i Run the client or..?

01/09/2012 08:58 jumalauta#10

The "169841" key is not the blowfish key but just the base pk2 key, you need the pk2 blowfish key as well in order to modify the pk2 files, with the drew's method, you need to run the sro_client.exe with ollydbg to let it generate the key. That's why it's not possible that way since you won't be able to run the client because of the R6002 error.

01/09/2012 13:39 yurka333#11

jumalauta, Thanks a lot for your explanation :)
Then if you mind to get blowfish key for me it'll be just great!

And, what if i will pack that your unpacked sro_client.exe with UPX,it will recover normal structure of that file, will be I able to unpack it again,so it will work properly?

01/09/2012 14:08 jumalauta#12

There you go:

Base PK2 Key: 874897
Blowfish Key: 3B CF D0 7C B1 AE

I've attached patched pk2 tools ready to work with purity sro pk2 files.

Quote:

Originally Posted by yurka333

And, what if i will pack that your unpacked sro_client.exe with UPX,it will recover normal structure of that file, will be I able to unpack it again,so it will work properly?

Yes, pack it with UPX ("upx -f sro_client.exe") if you want it to run properly, then unpack it again with UPX ("upx -d sro_client.exe") if you want to debug it with ollydbg.

01/09/2012 18:00 yurka333#13

Thanks a lot! :)
Still,that reverse engineering is so hard.. I can't even mind how did you found blowfish if you can't run it,but looks like your level of reverse is so high ^^

Ehm.. That would be great for me to have your contact information, but i think i'll be too annoying, but still, if u would like to help nab as I am,send me PM with contact info :)
Again Thanks!

01/30/2012 20:55 Darkness�#14

sorry for bump this thread, but i need help too, jumalauta or someone can unpack this sro_client please!

[Only registered and activated users can see links. Click Here To Register...]

thanks in advance.

02/02/2012 14:25 jumalauta#15

The base PK2 Key is "ch1n4l".

Page 1 of 2