Register for your free account! | Forgot your password?

Go Back   elitepvpers > Shooter > Combat Arms > Combat Arms Hacks, Bots, Cheats & Exploits
Unpacked + Devirtualized NexonGuard/BlackCipher Modules Unpacked + Devirtualized NexonGuard/BlackCipher Modules
You last visited: Today at 09:11

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

Unpacked + Devirtualized NexonGuard/BlackCipher Modules

Discussion on Unpacked + Devirtualized NexonGuard/BlackCipher Modules within the Combat Arms Hacks, Bots, Cheats & Exploits forum part of the Combat Arms category.

Reply
 
Old   #1
 
HellSpider's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Aug 2008
Posts: 2,763
Received Thanks: 4,397
Unpacked + Devirtualized NexonGuard/BlackCipher Modules

Hi.

I thought that the community might find the readable and fixed code of NexonGuard/BlackCipher useful.

So what has been done?

+ BlackCipher.exe (BlackCipher.aes) - Unpacked Themida and devirtualized all virtualized code blocks and deobfuscated almost all codereplaced blocks of code.
+ BlackCall.dll (BlackCall.aes) - Devirtualized all CodeVirtualizer code blocks.
+ BlackXchg.dll (BlackXchg.aes) - Devirtualized all CodeVirtualizer code blocks.
+ BlackGate.dll (BlackGate.aes) - Devirtualized all CodeVirtualizer code blocks.
+ NexonGuard.dll (NexonGuard.aes) - Devirtualized all CodeVirtualizer code blocks.
+ eTracer.exe (eTracer.aes) - Unpacked UPX shell

What can I do with these? Is this a bypass?

The files are almost like the original ones on the inside, meaning you can efficiently analyze the inner workings of these files with a disassembler or debugger (IDA, OllyDbg...).
These files are not a bypass.

Lolwut, I can just dump the modules myself, what differs in these?

If you dump the modules your imports are broken, the virtualized and codereplaced code is not restored, meaning that you can't make heads or tails of the interesting code when analyzing your dumps.

Why did you post these files here, and not in the anticheat area?

I think these files are only used in CombatArms thus this section is very relevant.

The filename extensions were all ".aes", how did you decrypt them?

The filename extensions are only to fool beginners, the real extensions are EXE/DLL, just a simple renaming needed.




Scans for the paranoid people:


Attached Files
File Type: rar Unpacked_Fixed_NexonGuard_2013.rar (495.8 KB, 435 views)
HellSpider is offline  
Thanks
6 Users
Old 02/09/2013, 15:42   #2


 
Lawliet's Avatar
 
elite*gold: 2
The Black Market: 91/0/0
Join Date: Jul 2009
Posts: 14,456
Received Thanks: 4,685
approved
Lawliet is offline  
Old 02/09/2013, 18:40   #3
 
Waller66's Avatar
 
elite*gold: 0
The Black Market: 84/2/1
Join Date: Nov 2010
Posts: 1,548
Received Thanks: 333
nice works thanks man
Waller66 is offline  
Old 02/09/2013, 19:04   #4
 
elite*gold: 0
The Black Market: 5/0/0
Join Date: Jan 2013
Posts: 127
Received Thanks: 26
Works <3
StuffyxHD is offline  
Old 02/10/2013, 16:59   #5
 
salemanks's Avatar
 
elite*gold: 0
The Black Market: 4/0/0
Join Date: Jan 2012
Posts: 352
Received Thanks: 12
German Pls ;D
salemanks is offline  
Old 02/11/2013, 23:10   #6
 
elite*gold: 32
The Black Market: 3/0/0
Join Date: Jun 2012
Posts: 275
Received Thanks: 36
Pls tell me in german what that programm make >.<
Astr0nautx3 is offline  
Old 02/11/2013, 23:27   #7

 
xxfabbelxx's Avatar
 
elite*gold: 900
The Black Market: 64/0/0
Join Date: Apr 2009
Posts: 14,981
Received Thanks: 11,403
Quote:
Originally Posted by salemanks View Post
German Pls ;D
Quote:
Originally Posted by Astr0nautx3 View Post
Pls tell me in german what that programm make >.<
Wenn ihr kein Englisch sprechen könnt, ist dieses Release von keiner Relevanz für euch.
xxfabbelxx is offline  
Old 02/14/2013, 15:12   #8
 
elite*gold: 32
The Black Market: 3/0/0
Join Date: Jun 2012
Posts: 275
Received Thanks: 36
Quote:
Originally Posted by xxfabbelxx View Post
Wenn ihr kein Englisch sprechen könnt, ist dieses Release von keiner Relevanz für euch.
Ja mch würde aber trdz. interessieren was es macht
Astr0nautx3 is offline  
Old 02/14/2013, 19:00   #9
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jan 2011
Posts: 143
Received Thanks: 46
very nice bro thanks
proxlive is offline  
Old 03/19/2013, 09:46   #10
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2012
Posts: 1
Received Thanks: 0
how to install ?

Quote:
Originally Posted by HellSpider View Post
Hi.

I thought that the community might find the readable and fixed code of NexonGuard/BlackCipher useful.

So what has been done?

+ BlackCipher.exe (BlackCipher.aes) - Unpacked Themida and devirtualized all virtualized code blocks and deobfuscated almost all codereplaced blocks of code.
+ BlackCall.dll (BlackCall.aes) - Devirtualized all CodeVirtualizer code blocks.
+ BlackXchg.dll (BlackXchg.aes) - Devirtualized all CodeVirtualizer code blocks.
+ BlackGate.dll (BlackGate.aes) - Devirtualized all CodeVirtualizer code blocks.
+ NexonGuard.dll (NexonGuard.aes) - Devirtualized all CodeVirtualizer code blocks.
+ eTracer.exe (eTracer.aes) - Unpacked UPX shell

What can I do with these? Is this a bypass?

The files are almost like the original ones on the inside, meaning you can efficiently analyze the inner workings of these files with a disassembler or debugger (IDA, OllyDbg...).
These files are not a bypass.

Lolwut, I can just dump the modules myself, what differs in these?

If you dump the modules your imports are broken, the virtualized and codereplaced code is not restored, meaning that you can't make heads or tails of the interesting code when analyzing your dumps.

Why did you post these files here, and not in the anticheat area?

I think these files are only used in CombatArms thus this section is very relevant.

The filename extensions were all ".aes", how did you decrypt them?

The filename extensions are only to fool beginners, the real extensions are EXE/DLL, just a simple renaming needed.




Scans for the paranoid people:
how to install ??
barsol20000 is offline  
Old 03/23/2013, 15:27   #11


 
Kira Mikami's Avatar
 
elite*gold: 0
The Black Market: 19/0/0
Join Date: Nov 2012
Posts: 1,620
Received Thanks: 1,745
Nice !
Kira Mikami is offline  
Reply

« [Release]TeamStatic EU Public Hack v1 Beta| | [Combat Arms Hack - Richtig Injecten] »

Similar Threads Similar Threads
Bug on modules for KBS
02/01/2013 - DarkOrbit - 7 Replies
For example, our base destroyed (and with it our base module) - module must be repaired ... and on the first level, it cost about 1500 Uri.. (further, more) So the bug is this: if we plan to upgrade our base module that it is not nessesary to repair it al all. If the broken module to upgrade, it repaired itself and we do not spend our Uri. Is such a small and useful bug.
Combat Arms crasht nach der Blackcipher.exe
08/18/2012 - Combat Arms - 3 Replies
Wie schon oben im titel crasht mein Combat Arms nach der Blackcipher.exe . Hab das Spiel schon 3-4 mal Neuinstalliert. Von einer SDcard geöffnet, und als Adminstrator geöffnet. Keine Ahnung was ich noch machen soll. Pls help :)
errormeldung bei BlackCipher Hackshield
05/14/2012 - Combat Arms - 17 Replies
wie oben schon gennant, wenn ich CA starte kommt erst das normale Hackshield und danach das Black Sipher unten rechts in der Ecke. dann kommt diese errormeldung sobald es das Hackshield startet. ich habe schon 4 x neun Installiert. HILFE-Bitte-
[HowTo] Blackcipher.exe beenden/killen
01/08/2012 - Combat Arms Hacks, Bots, Cheats & Exploits - 1 Replies
Geht in den Taskmanager , und Sucht die oben genannte Exe und drückt rechtsklick dann Prozessstruktur beenden , happy hacking :) , habe ich mal gerad eben so rausgefunden .



All times are GMT +1. The time now is 09:13.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.