How to remove y0da+ASProtect??

[bruyeria]

my google skills sucks .

any help would be apreciated

anyone?? please?

[xhugox]

In order to remove those packers you need to be good with assembler.
Lucky us, somebody who is good with assembler released a script to do this work.
Well I used that script and here you have the unpacked dekaron.exe from 4.1 patch. ( )

Code:

dbh

var a
var b
var c
var d
var e
var test
var rva

run
eoe checkme
eob checkme

checkme:
mov b,eip
add b,2
mov b,[b]
cmp b,00058F64
je checklast
esto

checklast:
mov a,ebp
sub a,10
mov a,[a]
cmp a,400000
je found
esto

found:
eob end
eoe end
mov c,[40003C]
add c,100
add c,400000
mov c,[c]
bprm 401000,c
esto

end:
mov a,[eip]
and a,0000FF
cmp a,C3
jne exit
mov test,[esp]
and test,F00000
shr test,14
cmp test,9
jae loop
jmp exit

loop:
eob exit
eoe exit
esto

exit:
sti
mov d,eip
sub d,9
mov eip,d
mov e,[ebp-8]
mov [eip],e
mov d,eip
sub d,1
mov eip,d
mov [eip],#68#
mov d,eip
sub d,2
mov eip,d
mov [eip],#6A60#
dpe "dump.exe",eip
cmt eip,"OEP! Stolen bytes fixed & dumped. Fix IAT with ImpREC!"
mov rva,eip
sub rva,400000
log rva,"RVA of OEP: "
ret

retry:
ret

p.s.If you want to do it yourselfe fix the dump this script is doing with Imprec.

[Hagman94]

+#2 reported at 29.09.2008 18:32 gmt+2 cause double posts

Please use the next time the edit button please.

Thanks

[Mastershouter]

+merged

[keniffca]

Quote:

Originally Posted by xhugox

In order to remove those packers you need to be good with assembler.
Lucky us, somebody who is good with assembler released a script to do this work.
Well I used that script and here you have the unpacked dekaron.exe from 4.1 patch. ( )

The file could not be found. Please check the download link.
is what i get when following that link

im trying to understand the great works of Nebular a tut on y0da+ASProtect would be nice

im not looking for a hand feed but a hand pointing in the right direction

heres where i started this quest of knowledge
Expedition CRC

anyone with a link on that topic pls pm it to me

my eyes are sore from reading double posts flames and posts in the wrong topics if your having the same problem and interested in understanding Nebulars achievements in this aspect friend me and we can learn together by sending relative links with useful information

aquiring the necessary apps isnt hard for me pirate/hacker/////

just so you know who i am

i dont agree with 1 click hacks reason:
it destroys the game.

i do agree with hacking games reason:
its a challenge when you work for it and when it works you feel good.

grinding to make the hack work is like grinding for gold reason:
the rewards are yours to enjoy.

i know i praised Nebular @ the beginning in the middle and now @ the end

[xhugox]

Nebular reversed the game's crc function and wrote his own function in C which loads files from the harddrive into memory and calculates their crc.
Then he implemented his function into a new memory section (I think it is called .epvp) and changed some pointers which point at the original crc function. (Note; use IDA to see the pointer pointing to the function the new memory section)
Since he changed the pointer which pointed to the original CRC function to point to his own function, his function gets all parameters, the normal crc function would get and the function's return value is also obtained by a function which sends it to the server.

About the new no-crc; I have no idea, never looked into it...

p.s. 2Moons is using UPX atm, just have a look at the memory sections.