CODED DLL <- DECODE

MADR4T · 01/02/2009, 12:45

Hello guys!

Im sorry if im write to the wrong topic but idk where to write this! I ned a little help, i have one dll and its coded and i need to decode it but idk how!

That dll is for inject to BF2 and you can use nice hacks but the dll is coded and it dont let me inject !

Can someone tell me a program or decode it plz? Here is the DLL:

~~schlurmann~~ · 01/05/2009, 17:46

What do you mean by "coded"?

If you mean that it has been encrypted, I think there are a few methods to beat that.

If you mean a recovery of the original source code... no chance.

~~0x1337~~ · 01/06/2009, 13:45

Quote:

Originally Posted by schlurmann

If you mean a recovery of the original source code... no chance.

rofl you fail..

Cholik · 01/06/2009, 16:54

whats with that attitude ? your a mod ... grow up. thanks

If you want to get the source from a compiled file you have several options :

- use .NET Reflector (if the app is coded in .NET)
- use a Disassembler (to disassemble the file)
-- Use a tool that creates pseudo code out of assembler
--- Like HexRays Plugin for IDA and stuff

MADR4T · 01/07/2009, 15:33

I dont need the source, i show what i mean:

There are the 2 files and same, but the first is the newest and its coded to cant inject it only with one injector what it decodes i think!

I uploaded the INJECTOR/DECODER:

This hack is cheking online you payed or not and if u payed it lets you enter, is there any chance to bypass somehow?

MADR4T · 01/07/2009, 15:41

Im using ollyDBG but i tried to open the dll or that injector and it crashes and for the dll it sayes it is not 32bit cause its coded and unreadable! With IDA i have only one problem, it dont let me save to EXE or DLL! Really sorry for the poor english but i hope you understand what i woudlike!

~~schlurmann~~ · 01/07/2009, 23:58

Quote:

Originally Posted by drogii

rofl you fail..

You will never get a full original recovery of the source code. That's just not going to happen. I didn't say that there aren't a few good possibilities to recover bits of code and find out how the program works.

So please grow the **** up.

How did you become a mod btw? All I see from you is german colloquial and kiddie flames...

Fr4gg0r · 01/08/2009, 00:05

You dont call it coded you call it crypted and watch at the end of the code. You will often find there what it is crypted with and then you can search how you can decrypt it.

MADR4T · 01/08/2009, 16:15

Thx guys, but can someone help me to decrypt it?

Here is the dll:

Or bypass this client?

Here is the client:

Or just some hint how to start, cause i cant find any interesting in dll cause it encrypted and at the client there are some interesting things, but cant findout how to bypass!

MADR4T · 01/09/2009, 21:04

Sorry, this file was protected, i uploaded it again without password!

If anyone know any good idea to bypass this login client plz help!

mctheg · 01/09/2009, 21:06

LOL! SURE Xd

scbiz · 01/10/2009, 14:33

Thank you for the hack, M4DR4T

MADR4T · 01/10/2009, 15:33

Np, but can you help me to bypass plz?

scbiz · 01/10/2009, 15:54

Quote:

Originally Posted by MADR4T

Np, but can you help me to bypass plz?

Yes, you may feel pleased now.

FYI: You can't simply bypass that client thingie. Don't even try unless you have all parts of it!
If you don't even have a clue what I mean by saying "all parts", keep on reading...

Well, since I don't feel like downloading it, I didn't try myself, but a friend of mine told me about it. I think it's pretty similar to an updater I used a couple months ago. The underlying idea is to hide the path to the actual file, which would be injected later, as well as possible. Yes, that and of course making it possible for those who bought this hack to log in somewhere and to get the hack itself (a so called user interface, bla bla). The main principle would look like...

Code:

C->S   Requesting some kind of a status
S->C   Answering with a message
C->S   Requesting availability of the given login data
S->C   Answering with a cookie, if the data was valid
C->S   Requesting the file, cookie included
S->C   Answering with the [I]encoded[/I] file*, if the cookie was valid
C      [I]Decoding[/I] the file and injecting it after


While S would be the server sided script (that's what I meant by saying "unless you
have all parts") and C the client sided complement.

* = When coming to this step the script reads the file bitwise and shows its contents,
    which are [I]a little messed up[/I]. The file as such remains in a folder you don't know
    and wouldn't have enough rights to read from anyways.

BUT you're still a pretty lucky guy, because you already have the encoded file. Even a six years old child, which is blind and totally retarded, would be able to manage decoding it. But here is a hint for for, just in case you are a little slow:

Code:

        ... -0x03 -0x02 -0x01 -0x02 -0x03 -0x04 -0x05 -0x06
-0x05 -0x04 -0x03 -0x02 -0x01 -0x02 -0x03 -0x04 -0x05 -0x06
-0x05 -0x04 -0x03 -0x02 -0x01 -0x02 -0x03 -0x04 -0x05 -0x06
-0x05 -0x04 -0x03 -0x02 -0x01 -0x02 -0x03 ...

And yes, I made a conscious decision for this exposure (making it even more obvious for all of us).

Oh and by the way... please do NOT think I am selfish, I just like to provoke others... hit me *meh*! <:0

MADR4T · 01/10/2009, 16:14

Thx your help, i found that dll in the Temporary Internet files, cause i searched it in the file with one memory editor! Can you plz decode it or more hints plz?

Cause i never decrypt anithing, im new in encrypting/decrpting! I know you think now im "six years old child, which is blind and totally retarded," but noone birth with this knowledge and i woudlike to learn it thats why im asking for help! Thx if u help me further!