Register for your free account! | Forgot your password?

You last visited: Today at 08:31

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

[Release] Unpacked XignCode Files

Discussion on [Release] Unpacked XignCode Files within the Dekaron Exploits, Hacks, Bots, Tools & Macros forum part of the Dekaron category.

Reply
Page 2 of 6 1 2 34 Last »
 
Old 11/25/2010, 20:46   #16
 
demonkiller19's Avatar
 
elite*gold: 0
The Black Market: 20/0/1
Join Date: Jul 2008
Posts: 555
Received Thanks: 120
Quote:
Originally Posted by ChinkyTinky View Post
i think this just became really really interesting


hey xigncode uses this to load/dl xxd.xem


*Off-Topic
much virus scanners see this as a virus.... (i think they think its a trojan....)
demonkiller19 is offline  
Old 11/26/2010, 01:47   #17
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2010
Posts: 23
Received Thanks: 5
It uses rootkit methods to protect the Dekaron process. Therefore it is sometimes detected as a virus.
inVINCEable is offline  
Old 11/27/2010, 07:19   #18
 
edman3's Avatar
 
elite*gold: 20
The Black Market: 3/0/0
Join Date: Nov 2006
Posts: 801
Received Thanks: 86
Analyzed it weeks before but could brake the code.=[
edman3 is offline  
Old 11/27/2010, 16:03   #19
 
huquinho's Avatar
 
elite*gold: 0
The Black Market: 1/0/0
Join Date: Mar 2008
Posts: 146
Received Thanks: 9
if you guys watch the xigncode it downloads a file called vtany.sys which is in the folder ?:\WINDOWS and the avast detects as a virus "Win32: Rootkit-gen [RTK]" I have helped.
huquinho is offline  
Old 11/27/2010, 18:39   #20
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2009
Posts: 48
Received Thanks: 19
its work ?
d4kman is offline  
Old 11/27/2010, 20:30   #21
 
HellSpider's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Aug 2008
Posts: 2,762
Received Thanks: 4,395
Quote:
Originally Posted by huquinho View Post
if you guys watch the xigncode it downloads a file called vtany.sys which is in the folder ?:\WINDOWS and the avast detects as a virus "Win32: Rootkit-gen [RTK]" I have helped.
Yep it's a driver for XignCode.

Quote:
Originally Posted by d4kman View Post
its work ?
What is working?
HellSpider is offline  
Old 11/27/2010, 21:04   #22
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2009
Posts: 48
Received Thanks: 19
i meen that is like a bypass ? and its work ?
d4kman is offline  
Old 11/27/2010, 22:26   #23

 
elite*gold: 35
The Black Market: 29/0/0
Join Date: Aug 2009
Posts: 5,822
Received Thanks: 1,958
Quote:
Originally Posted by HellSpider View Post
Hi.



Note! This is not a XignCode bypass! These files are just for analyzing purposes!
Please read the thread next time
~Kakkarot~ is offline  
Old 11/28/2010, 02:18   #24
 
PureEnergy3's Avatar
 
elite*gold: 0
The Black Market: 9/0/0
Join Date: Dec 2008
Posts: 346
Received Thanks: 121
Quote:
Most of the files were protected by Themida (one of the newest versions), and some of those had a part of their code virtualized. As I am not able to devirtualize Themida VMs I have stripped them from the files.
Could'nt you just find out where the code jumps to VM Make a break point inside and dump?
Edit : Or does themidia stop that? Not that familiar with it
PureEnergy3 is offline  
Old 11/28/2010, 12:01   #25
 
HellSpider's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Aug 2008
Posts: 2,762
Received Thanks: 4,395
Quote:
Originally Posted by PureEnergy3 View Post
Could'nt you just find out where the code jumps to VM Make a break point inside and dump?
Edit : Or does themidia stop that? Not that familiar with it
That can't be done just because it is a virtual machine. It's not stolen bytes that you can trace easily. Themida VM works this way, it obfuscates the real code, then translates the obfuscated stuff into it's own VM opcodes, and then the newer versions even obfuscate the VM handlers.

Consider this piece of code:


Can you resolve what it does, because I can't (it's supposed to be only some lines of real code)

(Note! It's just an example, it's just a small part of the VM code)
HellSpider is offline  
Thanks
1 User
Old 11/29/2010, 02:37   #26
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2010
Posts: 23
Received Thanks: 5
Just some extra info.

XIGN seems to communicate with this URL "http://222.231.57.223/x2/xls2.cgi"

Folder: contains python code?

The file seems to return +100. which I believe is a good code and +300. for errors.

Random folder names that may contain Xign files.

Base URL:
Code:
X77cjckcIB84CNt
   Dekaron_CNt   Ze7cxckcIB4rUSt   SuddenAttack_USt   S37cccjcVi8vKRs   Wellbia.comt   FF7cjcycIB38TWt   Aceonline_TWt   _97cpcxcIB3AJPt   Pristontale_JPt   lX7cjcxcIB4PTWt   Pristontale2_TWt   X77cjckcIB84JPt
   Dekaron_JPt   X77cjckcIB84TWt
   Dekaron_TWt   X77cjckcIB84THt
   Dekaron_THt   X77cjckcIB84PHt
   Dekaron_PHt   X77cjckcIB84USt
   Dekaron_USt   X77cjckcIB84KRt
   Dekaron_KRt   aFccpckcIB7yJPt   GoGoXing_JPt   FF7cjcycIB38CNt   Aceonline_CNt   Y57cdckcIB4aKRt	   Zombie_KRt   B77cjcXcIB8LJPt   SpellBorn_JPt   _97cpcxcIB3ATWt   Pristontale_TWt   iScckckcIB7FKRt   MetalRage_KRt   pmccPckcIB7nKRt	   Spring_KRc
inVINCEable is offline  
Thanks
2 Users
Old 12/02/2010, 01:49   #27
 
KilerSpyZer's Avatar
 
elite*gold: 0
The Black Market: 5/0/2
Join Date: Jun 2008
Posts: 111
Received Thanks: 21
my turn

OllyDBG VMProtect Edition
A version of OllyDbg specifically modified to allow debugging of VMProtect protected applications.




Olly 9in1 for Themida
A version of OllyDbg specifically modified to allow debugging of Themida protected applications




and this

RAMODBG
OllyDbg moded for ExeCryptor & THEMIDA
Add the possibility of deleting all points of stopping Remove all breakpoints
Auto path UDD & plugin
Reference search directly from the toolbar
Show offset in status bar
Amendment to show the number of additions to the list
Additions located


With PlugIns:
advancedolly.dll
analyzethis.dll
API_Break.dll
bookmarks2.dll
cmdbar.dll
HideOD.dll
NonaWrite.dll
ODbgScript.dll
OllyBugfix.dll
OllyDump.dll
OllyMoreMenu.dll
PhantOm.dll
Poison.dll
ustrref.dll









IF U LIKE PRESS THANKS, my little contribution
Attached Files
File Type: rar OllyDBG VMP Edition.rar (3.28 MB, 187 views)
File Type: rar RAMODBG.rar (1.73 MB, 112 views)
File Type: rar Olly 9in1 for Themida.rar (530.0 KB, 120 views)
KilerSpyZer is offline  
Thanks
3 Users
Old 12/02/2010, 09:21   #28
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2010
Posts: 64
Received Thanks: 3
Kilerspell, could u describe what these files do and so on for us noobs :/, thanks
ChinkyTinky is offline  
Old 12/02/2010, 11:40   #29
 
HellSpider's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Aug 2008
Posts: 2,762
Received Thanks: 4,395
Quote:
Originally Posted by ChinkyTinky View Post
Kilerspell, could u describe what these files do and so on for us noobs :/, thanks
They're just different modifications of OllyDbg 1.10. If you got no experience with using OllyDbg or any other debugger this it probably nothing for you (unless you are interested in learning to reverse applications ).
HellSpider is offline  
Thanks
3 Users
Old 01/09/2011, 19:49   #30
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2010
Posts: 5
Received Thanks: 0
I cracked it
2mooons is offline  
Reply
Page 2 of 6 1 2 34 Last »

« How i can use command? | Need Help For This »

Similar Threads Similar Threads
[Release] Unpacked NINEDRAGONS.exe [v.122]
06/05/2022 - 9Dragons - 46 Replies
Hi. This is my first release in the 9Dragons section. I was asked to unpack the NINEDRAGONS.exe for the latest patch (patchversion 122). I've removed the modified yoda's Crypter and the ASProtect 2.xx from the executable. You need to put the executable in the same location in which the original NINEDRAGONS.exe is (the root folder). Have fun :)... Archive password - remove spaces
[Release] Unpacked dekaron.exe [4.6.23]
06/26/2010 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 79 Replies
Once again, here's the most recent unpacked dekaron.exe Idk if the previous ones still work but I'll post this anyway :). Update!! I added a minilauncher/launcher bypassed unpacked dekaron.exe too so you don't need to run GGKiller or anything. You can just double-click on the dekaron.exe and you're done :). I didn't see any effore in posting a virus scan, if someone is interested to do that, feel free...
[Release] Unpacked dekaron.exe [45.0.11][EU
07/19/2009 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 22 Replies
Hi. So here is the unpacked (+modified) dekaron.exe for Dekaron EU patch 45.0.11 . For people who hate launcher.exe and GameGuard I suggest you to download the "modified_dekaron_45.0.11.rar" because I removed launcher and GameGuard from it. If someone wants to post a virus scan, feel free, I don't think that's needed. Have fun :)...
Should i Release my unpacked 4.6.24?
06/23/2009 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 8 Replies
i was just gonna release it with a vip hack >.>
[Release] Unpacked 4.5.8 Dekaron.exe
12/07/2008 - Dekaron Exploits, Hacks, Bots, Tools & Macros - 14 Replies
Here you go i thought someone would find it handy :) For anyone that's getting the binkw32.dll error please make sure to place the unpacked.exe in the bin folder then run it in Olly



All times are GMT +2. The time now is 08:31.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2024 elitepvpers All Rights Reserved.