HWID Limit

[Holosco*]

Hey epvperz
Some one can bypass this .dll?


Thank

[KingDollar]

Check your downloadlink please

[Holosco*]

Quote:

Originally Posted by Alexiuns*

Check your downloadlink please

Okay, done.

[florian0]

Okay, done.

Virustotal:

MD5: D46200ECE94A384D22D5B139C5BA9F71
SHA-1: 8D7786D9B179A37A62A8A78B1D7128FF1BC5499B

HowTo:

1. Rename PlanetSRO.dll to PlanetSRO.dll.bak
2. Paste downloaded Dll into Silkroad folder
3. Rename downloaded Dll to PlanetSRO.dll

----

Simply cracking the whole mechanism wasn't that hard; took me only about 20 minutes.
My first attempt is basically this:

Code:

int* VolumeID;
HMODULE module = LoadLibrary("PlanetSRO.dll");
VolumeID = (int*)((int)module + OFFSET);
*VolumeID = rand();

Whew ... bypassed in three lines of code (well, i can reduce it to one, if you want to xD). The example above actually works. Sadly prooving: this protection sucks.
Even sadder: I've released this Patch on a different forum for a different server and it works on this one aswell ... no need to change ... why ... -.-
(The Dll contains the String "--Electus--", i wonder where else this Dll will work ... if you know what i mean )

But i wanted to get rid of the AntiVM-Checks, too. Which was quite challenging, but not impossible. I decided that recreating is easier than manual unpacking Themida, so there it is.
(PM for Source, or reverse engineer it, its not that hard without Themida fooling around.)

Regards,
florian0

[LastThief*]

Quote:

Originally Posted by florian0

Okay, done.

Virustotal:

MD5: D46200ECE94A384D22D5B139C5BA9F71
SHA-1: 8D7786D9B179A37A62A8A78B1D7128FF1BC5499B

HowTo:

1. Rename PlanetSRO.dll to PlanetSRO.dll.bak
2. Paste downloaded Dll into Silkroad folder
3. Rename downloaded Dll to PlanetSRO.dll

----

Simply cracking the whole mechanism wasn't that hard; took me only about 20 minutes.
My first attempt is basically this:

Code:

int* VolumeID;
HMODULE module = LoadLibrary("PlanetSRO.dll");
VolumeID = (int*)((int)module + OFFSET);
*VolumeID = rand();

Whew ... bypassed in three lines of code (well, i can reduce it to one, if you want to xD). The example above actually works. Sadly prooving: this protection sucks.
Even sadder: I've released this Patch on a different forum for a different server and it works on this one aswell ... no need to change ... why ... -.-
(The Dll contains the String "--Electus--", i wonder where else this Dll will work ... if you know what i mean )

But i wanted to get rid of the AntiVM-Checks, too. Which was quite challenging, but not impossible. I decided that recreating is easier than manual unpacking Themida, so there it is.
(PM for Source, or reverse engineer it, its not that hard without Themida fooling around.)

Regards,
florian0

@
My salutes for bypassing I'd like to take look at the src though

[alfhem online]

Quote:

My salutes for bypassing I'd like to take look at the src though

hahaha

[Hypnos¥]

Quote:

Originally Posted by florian0

Okay, done.

Virustotal:

MD5: D46200ECE94A384D22D5B139C5BA9F71
SHA-1: 8D7786D9B179A37A62A8A78B1D7128FF1BC5499B

HowTo:

1. Rename PlanetSRO.dll to PlanetSRO.dll.bak
2. Paste downloaded Dll into Silkroad folder
3. Rename downloaded Dll to PlanetSRO.dll

----

Simply cracking the whole mechanism wasn't that hard; took me only about 20 minutes.
My first attempt is basically this:

Code:

int* VolumeID;
HMODULE module = LoadLibrary("PlanetSRO.dll");
VolumeID = (int*)((int)module + OFFSET);
*VolumeID = rand();

Whew ... bypassed in three lines of code (well, i can reduce it to one, if you want to xD). The example above actually works. Sadly prooving: this protection sucks.
Even sadder: I've released this Patch on a different forum for a different server and it works on this one aswell ... no need to change ... why ... -.-
(The Dll contains the String "--Electus--", i wonder where else this Dll will work ... if you know what i mean )

But i wanted to get rid of the AntiVM-Checks, too. Which was quite challenging, but not impossible. I decided that recreating is easier than manual unpacking Themida, so there it is.
(PM for Source, or reverse engineer it, its not that hard without Themida fooling around.)

Regards,
florian0

that's deep