How To Unpack Dekaron : Script [CSV]

Page 1 of 2 1 2
08/28/2009 18:53 xsvisme3177#1
i see alot of people posting about new patch, so to unpack the new dekaron.exe you will need this.

Use ollydbg, open dekaron.exe, run this(you will need a script plugin, google it), fix with imp, dump.

Put the Plugins attached into your ollydbg folder.

Code:
dbh

var a
var b
var c
var d
var e
var test
var rva

run
eoe checkme
eob checkme

checkme:
mov b,eip
add b,2
mov b,[b]
cmp b,00058F64
je checklast
esto

checklast:
mov a,ebp
sub a,10
mov a,[a]
cmp a,400000
je found
esto

found:
eob end
eoe end
mov c,[40003C]
add c,100
add c,400000
mov c,[c]
bprm 401000,c
esto

end:
mov a,[eip]
and a,0000FF
cmp a,C3
jne exit
mov test,[esp]
and test,F00000
shr test,14
cmp test,9
jae loop
jmp exit

loop:
eob exit
eoe exit
esto

exit:
sti
mov d,eip
sub d,9
mov eip,d
mov e,[ebp-8]
mov [eip],e
mov d,eip
sub d,1
mov eip,d
mov [eip],#68#
mov d,eip
sub d,2
mov eip,d
mov [eip],#6A60#
dpe "dump.exe",eip
cmt eip,"OEP! Stolen bytes fixed & dumped. Fix IAT with ImpREC!"
mov rva,eip
sub rva,400000
log rva,"RVA of OEP: "
ret

retry:
ret
click thanks if this helped you
08/28/2009 18:55 Vaidas B#2
nice, i dont use unpacked dekaron, but its worth a thanks
08/28/2009 19:08 Cloudstrife01235#3
So is this the only way I can play with edited .csv files? Because i don't know what you mean by script plugin.
08/28/2009 19:12 Vaidas B#4
plugin as a program update, like an addon that adds more functions
08/28/2009 19:15 Cloudstrife01235#5
EDIT : Screw it. I'll just wait for an updated CRC Bypass launcher. This confuses me.
08/28/2009 19:18 Rapt0r#6
[Only registered and activated users can see links. Click Here To Register...]
08/28/2009 19:22 Cloudstrife01235#7
Quote:
Originally Posted by Rapt0r View Post
[Only registered and activated users can see links. Click Here To Register...]
That's not what I meant. Here, i'll explain.

I know about ollyscript. However, the first post told me to google script plugin. I did, and i didn't know what to click or anything. So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this.

(I apologize. The 'let me google it for you' thing pisses me off.)
08/28/2009 19:25 Rapt0r#8
Quote:
Originally Posted by Cloudstrife01235 View Post
That's not what I meant. Here, i'll explain.

I know about ollyscript. However, the first post told me to google script plugin. I did, and i didn't know what to click or anything. So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this.

(I apologize. The 'let me google it for you' thing pisses me off.)
Why are you posting in this thread then? It's obviously about unpacked_dekaron, and since you're not using it.. I don't get it. You'll have to wait for new CRC stuff to come up, but don't expect it to be online before event.
08/28/2009 19:37 Cloudstrife01235#9
Quote:
Originally Posted by Rapt0r View Post
Why are you posting in this thread then? It's obviously about unpacked_dekaron, and since you're not using it.. I don't get it. You'll have to wait for new CRC stuff to come up, but don't expect it to be online before event.
Because at first I didn't know it was for unpacked dekaron.

"So... I proceeded to check ollyscript again on the post with the hacks that I got all my stuff in the first place.

This told me that ollyscript is for those using the unpacked_dekaron.exe which i do not use to play. I use the CRC Bypass Launcher. So, i proceeded to edit my post because I realize this."
08/28/2009 19:40 xsvisme3177#10
ill post a script plugin, along with a dump plugin :)
08/28/2009 20:27 throwawayid#11
Ok, this feels like a stupid thing to say (so it probably is) but I find the whole "unpacked" thing really confusing. I used the 2MUnpack program to unpack the data files, but ever since the last update (.28) I haven't been able to use the CRC Bypass Launcher with unpacked_dekaron.exe ... I actually use CRC Bypass Launcher to launch the regular dekaron.exe file. So apparently having the data files unpacked is a totally separate situation from using the unpacked_dekaron.exe (or so it seems to me). So as far as it looks to me, ppl are using the term "unpacked" to refer to 2 different things - the data files and/or the actual .exe

I see 3 ways to run the program:
  • The original, packed version
  • Unpacked data files, edited csv files that maintain CRC
  • Unpacked data files, edited csv files that don't maintain CRC and use Bypass Launcher

...with a 4th way involving unpacked_dekaron.exe which I still don't understand.



In any case, I've been reading on this board for a two months now and this is the first I've heard of ollydbg and have no idea how this fits into the above schemes (or if it's a 5th method altogether). Yes, yes, I plan on using the search function to dig up more info, no flames needed. All I'm saying is ... it would be nice to have separate sub-forums under the 2Moons section, each focusing on a particular way of hacking the program (CSV, CE, WinHex, etc). It's pretty damn confusing to someone just jumping into the middle of this.

EDIT: Ok, so it looks like ollydbg is similar to WinHex in that it allows you to edit the unpacked data files. I prefer to do the csv editing, MUCH faster & easier IMO ... but I may look into olly or WinHex later for the skill hack. Other than the skill hack I haven't seen any benefit to using that method that I can't accomplish with the csv files.
08/28/2009 20:34 mrkenneth#12
Yes, he need a Good Thx for this one, :)
08/28/2009 20:50 xsvisme3177#13
Quote:
Originally Posted by throwawayid View Post
Ok, this feels like a stupid thing to say (so it probably is) but I find the whole "unpacked" thing really confusing. I used the 2MUnpack program to unpack the data files, but ever since the last update (.28) I haven't been able to use the CRC Bypass Launcher with unpacked_dekaron.exe ... I actually use CRC Bypass Launcher to launch the regular dekaron.exe file. So apparently having the data files unpacked is a totally separate situation from using the unpacked_dekaron.exe (or so it seems to me). So as far as it looks to me, ppl are using the term "unpacked" to refer to 2 different things - the data files and/or the actual .exe

I see 3 ways to run the program:
  • The original, packed version
  • Unpacked data files, edited csv files that maintain CRC
  • Unpacked data files, edited csv files that don't maintain CRC and use Bypass Launcher

...with a 4th way involving unpacked_dekaron.exe which I still don't understand.



In any case, I've been reading on this board for a two months now and this is the first I've heard of ollydbg and have no idea how this fits into the above schemes (or if it's a 5th method altogether). Yes, yes, I plan on using the search function to dig up more info, no flames needed. All I'm saying is ... it would be nice to have separate sub-forums under the 2Moons section, each focusing on a particular way of hacking the program (CSV, CE, WinHex, etc). It's pretty damn confusing to someone just jumping into the middle of this.

EDIT: Ok, so it looks like ollydbg is similar to WinHex in that it allows you to edit the unpacked data files. I prefer to do the csv editing, MUCH faster & easier IMO ... but I may look into olly or WinHex later for the skill hack. Other than the skill hack I haven't seen any benefit to using that method that I can't accomplish with the csv files.

Noo, what i posted is all for how to make an unpacked_derkaon, not actually unpacking the data files.
08/28/2009 22:12 throwawayid#14
Ok, so you would use ollydbg to create the unpacked_dekaron.exe, then use WinHex to edit the pack.d04 file?

And you have to use them together for it to work? And this works without the CRC Bypass Launcher?
12/18/2009 10:08 demoncrest#15
I know I am asking an unanswerable question since anyone who finds a significant loophole won't say that they did and how, but is editting csv's and using Cheat Engine to further alter the values even worth attempting these days in general?

(and I know it's a bit of a grave bump, but still, I am looking for an answer :D )
Page 1 of 2 1 2