unpack l2walker

Alucard255 · 08/25/2008, 07:52

DarkBat...

I been fallowing this thread since it started... bascially I am learning about all this from scratch but from what I understand the DLL file must be encrypted so you cannot read the script like normal so Benj uploaded a program to "unpack" the DLL file so it can be read like a normal script. Now from there if someone can compair an old cracked DLL vs a regular uncracked DLL and see how it works then it's possible for them to try and do something simular to crack the new one. So without the "unpacking" tool you basically can't do squat. If I am wrong someone correct me but this is what I understood from what everyone was saying on the thread.

DArkBat · 08/25/2008, 09:03

Alucard255...

I agree with most of your point. But think you misunderstand my question a bit. You see...the 1st page, or should i say the 1st post consist of all those DLL that is original from Towalker.com. There doesn't seems to be any different if i myself download the latest version from Towalker.com and use Benjamin programs and guide to crack the walker, am i correct ?

Well...thats mainly my question. Sorry for the confusion.

Taktloss · 08/25/2008, 10:52

hi

1st get

2nd load any DLL with PEiD

3rd learn to unpack/decrypt the signified method . (in this file yoda's cryptor 1.2)

cheers!

Alucard255 · 08/25/2008, 19:26

DarkBat

Ok I see now, I think the reason he posted those was so people wouldn't have to download them from the walker site and serch threw the files to find the Dll files. Possibly to compair and contrast the old ones vs the new one? And for faster access. I'm pretty sure thats the reason for all the old dll posts. Sorry for the missunderstanding I hope this answers your question.

Benjamin · 08/26/2008, 00:52

its only the dll of towalker.com unpack with no modification.

TheDoc. · 08/26/2008, 01:16

what if u unpack?

attakers · 08/26/2008, 08:00

Quote:

Originally Posted by Benjamin

tools:

exemple with 2.05 us:

first launch ollydbg.exe and File->Open and select l2walker.dll

Clic Oui (yes)

Clic yes too

after go in plugin->Ollydbgscript and launch script

after a little time you see a popup

clic ok

after clic alt+L and you see the log

RVA of OEP is OEP = 73736 (for 2.05)
RVA of IAT is RVA = F2000
Size of IAT is Size = 750

Now launch ImpREC 1.7 and in Attack to an active process select loaddll.exe

and clic on "Pick DLL" and you see this:

select L2walker.dll and clic OK

at the right enter the value in case OEP, RVA and size and clic on "AutoSearch" and "Get Imports"

after clic on "Fix Dump" and you see popup

select the de_l2walker.dll and clic open, the dump file is fixed

now you have in folder de_l2walker_.dll rename it in l2walker.dll and is good.

i have errors and dont have table plugin lol :/ help plz btw wallker is verify ok ??

mauka209 · 08/26/2008, 20:56

NO this thread is about unpacking the dll so that its possibly to make a crack. This will not give you a verify ok.

Alucard255 · 08/26/2008, 23:04

No luck cracking the dll yet huh Mauka? =(

sorcier95 · 08/27/2008, 03:05

I have an error message when trying to use the script Aspx2.xx_unpacker under OllyDBG. It's said i have a bad Aspr version. Where do I get the good ASPR files ? I found some scripts like those ones :

******
command of the stolen code if it exist
Test Environment : OllyDbg 1.1
ODBGScript 1.47 under WINXP
Thanks : Oleh Yuschuk - author of OllyDbg
SHaG - author of OllyScript
Epsylon3 - author of ODbgScript
*/
//support Asprotect 1.32, 1.33, ,1.35, 1.4, 2.0, 2.1, 2.11, 2.2beta, 2.2, 2.3

var tmp1
var tmp2
var imgbase
var 1stsecbase
var 1stsecsize
var dllimgbase

dbh //hide debugger
BPHWCALL //clear hardware breakpoint
GMI eip, MODULEBASE //get imagebase
mov imgbase, $RESULT
log imgbase
mov tmp1, imgbase
add tmp1, 3C //40003C
mov tmp1, [tmp1]
add tmp1, imgbase //tmp1=signature VA
add tmp1, f8 //1st section
add tmp1, 8
mov 1stsecsize, [tmp1]
add tmp1, 4
mov 1stsecbase, [tmp1]
add 1stsecbase, imgbase
gpa "GetSystemTime", "kernel32.dll"
bp $RESULT
esto
bc eip
rtr
sti
GMEMI eip, MEMORYOWNER
mov dllimgbase, $RESULT
cmp dllimgbase, 0
je error
log dllimgbase
find dllimgbase, #C6463401# //search "mov byte[esi+34], 1"
mov tmp2, $RESULT
cmp tmp2, 0
je error
find tmp2, #68????????68????????68#
mov tmp1, $RESULT
cmp tmp1, 0
je error
log tmp1
bp tmp1
eob lab1
eoe lab1
esto

lab1:
cmp eip, tmp1
je lab2

***
Is it useful to fix my Aspr version issue ? or tell me .... I m not able to reach the next step as I get Access violations under Odbg, so no need to go further i guess.
At the end of your post, you ask to select "de_L2walker_ori.dll" file after pushing "Fix button". How do you get that file appearing, cos i don't have the same "E2Walker 2.05" as you so. Could you zip that folder it and post a link please ?

Thanks
********
SE 73/SK72/BH68/Necro 52

Alucard255 · 08/28/2008, 08:36

This crack is never gunna come =*( by the time it comes out there is going to be a new patch T_T

<--- impatient when it comes to cracks =((((

jonyboy · 09/01/2008, 20:29

@benjamin

can u unpack file with yoda crypt 1.2 ?

because im stack with that...

(already use deyoda, unyoda, but still get error)

tornado465 · 09/07/2008, 00:38

Who cracked the last one?Is that nice person still around ?Who ever did it before is one smart person we need him.

hkares · 09/07/2008, 13:07

this is patch for walker 2.05 (gracia)? can you upload this parched ended?

atami · 09/07/2008, 16:05

why are you people always begging??

if you wanted to make it faster crack it you're self..

Be thankful for the people sharing this could help

stop whinning