One question, what if that older dll belongs to an another program and not for this new file older version? I mean i have only that encode file and nothing else, then is there any way to decode?
One question, what if that older dll belongs to an another program and not for this new file older version? I mean i have only that encode file and nothing else, then is there any way to decode?
Thanks for proofing that mankind can be less intelligent than goldfish. How ever, you don't need that older version anymore, you may even want to delete it now, after you got what I meant. It was just an example I used. The file on the right hand side (which appears to be the newer version of the hack) has been messed up by the server sided script (means it is corrupted now / has no use / use a fkn translator), therefore you can't simply inject / execute it. The file on the left hand side (which appears to be the older version of the hack) has NOT been messed up by anything or anybody (means it is NOT corrupted now / has a use), therefore you CAN simply inject / execute it. If you still don't know what I am talking about, think again OR better: forget about the whole thing. PLEASE.
Yes, it surely would take some time to get to the end of the file. Alternatively you could write a little script (or even a program) to do that for you, that would not be to complicated...
Back after sleeping almost 21 hours (simply had to mention it, because it's my personal record!)...
That would not be too complicated, because you just have to use very fundamental functions (read the file, do the maths with it, save it). You don't even have to do the maths in hexadecimals. Well, I guess all the common programming languages around will do the job. As always it's pretty handy to know how to make own programs / scripts. Oh, and I found out I was wrong by saying any negative value would be set to 255, which is the highest decimal amount two hexadecimal characters (0xFF) can represent.
// Edit:
After helping you so well, would you mind telling me how the hack found its way to your local hard disk drive? I know you found it in your temporary internet files folder, but how did it get there? Did the updating client thing place it there? If so, you must have an account on that site, don't you?
Nop! Yesterday i tried to decode it but i think this decode numbers is not good cause in DLL's there is an text at the header "This program cannot run in dos mode" and if i tried to decode that part, it decoded to ununderstandable symbols! Any idea now? Or is it good?
Ohh and the answer to you question, yep i had one account but only for 2 days got from my friend but this client a little complicated cause it saves your hardware ID, mac adress . . . And he made one account for me and i memory edited it and i found it saves to temporary internet files with one config file! In the temporary internet files the name for the dll is mytest.dll but if i copy it to desctop it renames to funfucker.dll! Is there any chance to bypass the client? Cause thats right if i can decode the dll but what if only the client can inject it right and the other injectors cant?
Since it's a DLL it's obvious the DLL is getting injected into a target process, simply hook LoadLib. or WriteProcessMemory and fetch the decrypted DLL.
EDIT: nop0x90 approach will work as well of course. (Sorry didnt notice the 2nd page in the thread)
Do expect people who ask questions of this kind to know how to hook functions successfully?
Ohh another question! I got one DLL again from friend but it is Themida protected! How can i decode/decrypt or bypass it? I already tried Detemida 1.0.0.5 but it do nothing it just write what protection is on it! Is there any program or method? Thx
Ohh another question! I got one DLL again from friend but it is Themida protected! How can i decode/decrypt or bypass it? I already tried Detemida 1.0.0.5 but it do nothing it just write what protection is on it! Is there any program or method? Thx
You don't. Use the file you already had, which was not encrypted. Even if I know how easy it is to undo Themida, you wouldn't understand in years, if you still haven't got what I am trying to tell you for days now. Seriously, I have been trying everything to make you see this encoding, which is so god damn obvious.
Quote:
Originally Posted by MADR4T
Nop! Yesterday i tried to decode it but i think this decode numbers is not good cause in DLL's there is an text at the header "This program cannot run in dos mode" and if i tried to decode that part, it decoded to ununderstandable symbols! Any idea now? Or is it good?
Here's an idea for you: Stop being retarded and make use of your brain, if there is one inside your head.
Each line (the green marked spots) is basic maths, which German kids can learn in school about the 5th grade; using the decimal equals even about the 3rd grade.
You ONLY have to do what nop said.
Decode the dll as simply as it is and then inject it with ANY injector.
Since you already have the hack itself you won't need the loader anymore.
Decode it as follows (Python):
Code:
import os
name = raw_input("giev filename and wait: ")
if os.path.isfile(name) == 0:
raw_input("'%s' does not exist" % name)
exit(0)
fp = open(name, "rb")
file = fp.read()
fp.close()
temp = os.path.splitext(name)
out = temp[0] + "_decoded" + temp[1]
out = open(out, "wb")
a = 0
pattern = "6543212345"
lenp = len(pattern)
for i in xrange(len(file)):
temp = ord(file[i]) - int(pattern[a])
out.write(chr(temp if temp >= 0 else 256 + temp))
a = a + 1 if a < lenp - 1 else 0
out.close()
raw_input("now gtf0ut")
How to decode? 06/01/2010 - CO2 Private Server - 7 Replies ok all i want to know is how do i decode i have a 5165 serv and i want to decode the itemtype.dat anyclues or solutions?
[WTS] Silkroad Website Templates - Coded/Not-Coded. With .PSD! 11/30/2009 - Silkroad Online Trading - 4 Replies Examples :
There Is NO Examples at the moment.
Prices :
Price for a full coded website, with a CMS - users can register, write comments. Admin panel included , easy write to news. - 60$.
Included : PSD , all files, FREE WEB HOSTING - 3 months.
DAt Decode Help 09/08/2008 - Kal Online - 31 Replies hi Guys, i search and search every forum, and cant find the way to decode this file from config.pk
i really apreaciate somebody tell me how or decode and send me a message please.
i already try a few decoders but i always get weird numbers.
RapidShare: Easy Filehosting
if this is the wrong forum to post this, sorry.
