[HELP] Last Project

Page 1 of 2 1 2
03/26/2010 12:32 lol2k11#1
well , i'll show u my last project
and i hope some one to help me ....

oright , at first , i find a way to unpack EG dekaron client ,
unpacking without any errors , getting there divs + server files .
the last problem is that :

BIN = have 3 files has been protected
egdk.dll
dkac.dll
dekaron.exe

here's each of one how it works and protect there client .
egdk + dkac
checks the data.pak IP + channel , login lists .
if they are the EG Dk IPs , then it will give an order to run Dekaron.exe

dekaron.exe isnt protected , if we could unpack the 2 .dll files , and disable them runing dekaron.exe will be easy

*please remamber , that i already got aloken , skills , weps , working 100%
but my last problem is to unpack the dekaron.exe from eg dekaron and get it works .

if some one interested about help me with that project .

pm me .
03/26/2010 14:31 Zombe#2
Try to PM [Only registered and activated users can see links. Click Here To Register...], hes the ASM expert here.
03/26/2010 15:28 pieter#3
if u just want to unpack u can easily do it without having to worry about exe or dll's

just need a packer that can handle files bigger then 2gb ;)
03/26/2010 16:40 nobleman8O#4
lol.. cos he dunno how to do it, tats y he asking some1 know how to do it to do for him. funny..
03/26/2010 18:44 bottomy#5
Quote:
Originally Posted by pieter View Post
if u just want to unpack u can easily do it without having to worry about exe or dll's

just need a packer that can handle files bigger then 2gb ;)

He's talking about the DLL's and dek.exe because they are packed, not the data.pak.
03/26/2010 23:18 ♠Vegeta♠#6
Quote:
Originally Posted by nobleman8O View Post
lol.. cos he dunno how to do it, tats y he asking some1 know how to do it to do for him. funny..
And do you know how to then ?
03/26/2010 23:25 lol2k11#7
i already got aloken with skills , weps , everything ,
i am talking about the dlls and dekaron.exe
read my topic plz .

every one is ready to pm me ...
and i am serious

Quote:
if u just want to unpack u can easily do it without having to worry about exe or dll's

just need a packer that can handle files bigger then 2gb
no that's not right .
eg dekaron protected with ct files , AG Dekaron already use it .
it will update the div files as a uncorrected files and if u wanna unpack them
u will get a FAIL !! u will get f***ked files .
03/27/2010 00:02 Lanayru#8
why would you need eg's stuff from the bin folder when you say you already got aloken working. skills and all?
03/27/2010 00:28 HellSpider#9
Actually, pieter is right. The PAK is easy to unpack. Just use the newer PAK tools...

If you wanna know about the files.

Code:
DKAC.dll - Not important, does not get loaded
EGDK.dll - Anti-leech system + adds Aloken dynamically
Dekaron.exe - Normal dekaron.exe + Loads EGDK.dll exported function
Executable protectors applied:

Code:
(DKAC.dll - Themida 1.9.9.3)
EGDK.dll - Themida 2.1.0.0+
Dekaron.exe - RLPack 1.21 Full
The exported function that gets called in the dekaron.exe modified some calls to call functions inside EGDK.dll.

These calls are:

Code:
0066536C	E8 4F029A0F	call EGDK.100055C0
004FD61A	E8 B180B00F 	call EGDK.100056D0
004FE73F	E8 8C70B00F 	call EGDK.100057D0
005694AB	E8 30C7A90F  	call EGDK.10005BE0
006EA9FB	E8 60E0910F 	call EGDK.10008A60
006EA9FB	E8 60E0910F  	call EGDK.10008A60
00825239	E8 723B7E0F  	call EGDK.10008DB0
0047B95A	E8 31D8B80F  	call EGDK.10009190
00745507	E8 34478C0F  	call EGDK.10009C40
00745519	E8 32488C0F  	call EGDK.10009D50
0074552B	E8 30768C0F   	call EGDK.1000CB60
0074553D	E8 0E778C0F   	call EGDK.1000CC50
006B2A12	E8 2984950F   	call EGDK.1000AE40
006B2B35	E8 0683950F   	call EGDK.1000AE40
006B2B64	E8 D782950F   	call EGDK.1000AE40
006E4143	E8 7878920F   	call EGDK.1000B9C0
0050C4E9	E8 72FFAF0F   	call EGDK.1000C460
0050C537	E8 24FFAF0F   	call EGDK.1000C460
0053BBB3	E8 8811AD0F   	call EGDK.1000CD40
006CB1EB	E8 3023940F   	call EGDK.1000D520
005194CC	E8 6F48AF0F   	call EGDK.1000DD40

The EGDK.dll gets loaded like this. This is the entry of dekaron.exe:

[Only registered and activated users can see links. Click Here To Register...]

This function loads the EGDK.dll:

[Only registered and activated users can see links. Click Here To Register...]


If someone wants to take a look at the unpacked dekaron.exe I'll attach it here. The second attachment is the unpacked launcher.exe of the EG client.

Archive passwords:
Code:
www.elitepvpers.com
03/27/2010 13:06 lol2k11#10
but if u unpack dekaron.exe that not means to make aloken loads on dekaron.exe
the EGDK.dll the one loads aloken so how can we use it ?
03/27/2010 16:28 HellSpider#11
Quote:
Originally Posted by lol2k11 View Post
but if u unpack dekaron.exe that not means to make aloken loads on dekaron.exe
the EGDK.dll the one loads aloken so how can we use it ?
The EGDK.dll should be unpacked so that we could see how they load the aloken and then edit necessary things in the dekaron.exe.

The problem for me is... I'm able to unpack the DLL but all of the interesting code in the EGDK.dll is VMed by Themida. You can't read VMed code so it has to be resolved before that. I do have a tool for resolving the VM but somehow I can't figure out how to use it :).
03/27/2010 16:59 iAslana#12
Nice work Hellspider ;)
+10 Reported At: Sat 27 Mar 2010 - 16:59:09 GMT +1 Cause: Spam
03/27/2010 17:06 ~Kakkarot~#13
#spam deleted
03/27/2010 22:55 lol2k11#14
Quote:
Originally Posted by HellSpider View Post
The EGDK.dll should be unpacked so that we could see how they load the aloken and then edit necessary things in the dekaron.exe.

The problem for me is... I'm able to unpack the DLL but all of the interesting code in the EGDK.dll is VMed by Themida. You can't read VMed code so it has to be resolved before that. I do have a tool for resolving the VM but somehow I can't figure out how to use it :).
but cant we use the egdk without unpack it ?
03/28/2010 18:03 Zombe#15
Quote:
Originally Posted by lol2k11 View Post
but cant we use the egdk without unpack it ?
Quote:
Originally Posted by lol2k11 View Post
egdk + dkac
checks the data.pak IP + channel , login lists .
if they are the EG Dk IPs , then it will give an order to run Dekaron.exe
Read your own post, it checks the IP... Do u have amnesia?
Page 1 of 2 1 2