Reverse Engineering Team
Unregistered, You must accept the Forum Rules below to be able to use some forum functions.

Read forum rules below...

1. All posts must be written in English.
2. Don't spam/abuse any other member via E-mail or Private Messages.
3. Have phun!

For breaking above rules you may be warned/banned appropriately!

Unpacking hasp envelope

Go down

Unpacking hasp envelope

Post by Aykfc on Thu Jun 07, 2018 8:43 am

Hello. I've spent several months learning about hasp and trying to remove the envelope. I am very close now. I am having trouble finding the magic jump. I have looked at a video on removing the envelope and fixing IAT, it helped a lot but the part that confuses me is finding that exact spot. How much do the iat redirection change between versions? Do the envelopes all have JE for the jump? Or could it be a different conditional jump like a JNE. My version is later then the video (although not whitebox) and I have found the right section of code but not the right line.

Also, in the hasp IAT fixer script, is the pointer section that you have to change based on the envelope version, supposed to be the magic jump? Or is it something else? I am not sure if it's the right spot or not.


Last edited by Aykfc on Thu Jun 07, 2018 1:59 pm; edited 1 time in total

Aykfc

Posts : 12
Points : 23
Reputation : 2
Join date : 2015-06-14
Location : Michigan

Back to top Go down

Re: Unpacking hasp envelope

Post by prenumele on Thu Jun 07, 2018 11:14 am

on what kind of windows have you done debugging? and with which tools?

prenumele

Posts : 152
Points : 216
Reputation : 45
Join date : 2010-09-11

Back to top Go down

Re: Unpacking hasp envelope

Post by Aykfc on Thu Jun 07, 2018 2:18 pm

Well I have tried many different tools. At the moment I am using Windows 7 x32 in VirtualBox. Ollydbg 2. Program will load up fine in Olly and run. I've tried a couple different versions of Olly. I tried to get it working under IDA and used a plugin to help hide the debug settings but couldn't get it working. At least not yet. Mainly focusing on the IAT at the moment.

[You must be registered and logged in to see this link.]

That's the tutorial I was following. It's been helpful but I am still not sure on where the jump might be.

Aykfc

Posts : 12
Points : 23
Reputation : 2
Join date : 2015-06-14
Location : Michigan

Back to top Go down

Tutorial

Post by finn on Thu Jun 07, 2018 3:11 pm

The pass?

finn

Posts : 5
Points : 10
Reputation : -1
Join date : 2015-01-22

Back to top Go down

Re: Unpacking hasp envelope

Post by Aykfc on Thu Jun 07, 2018 3:13 pm

finn wrote:The pass?
tuts4you

Aykfc

Posts : 12
Points : 23
Reputation : 2
Join date : 2015-06-14
Location : Michigan

Back to top Go down

Re: Unpacking hasp envelope

Post by finn on Thu Jun 07, 2018 6:09 pm

thanks

finn

Posts : 5
Points : 10
Reputation : -1
Join date : 2015-01-22

Back to top Go down

Re: Unpacking hasp envelope

Post by Aykfc on Tue Jun 12, 2018 5:56 pm

Can somebody at least tell me if the pointer section in the scripts to fix the IAT are the same as that magic jump you need to find?


@end_point:
find prtc_sec, #FFFF82D18BE55DC3#    // #66C1E7??5E5B8BE566C1E6??5DC3#
mov endp, $RESULT
add endp, 4
bphws endp, "x"


I need to change the prtc_sec but don't know if it is that conditional JE jump I need to find.

Aykfc

Posts : 12
Points : 23
Reputation : 2
Join date : 2015-06-14
Location : Michigan

Back to top Go down

Re: Unpacking hasp envelope

Post by prenumele on Wed Jun 13, 2018 11:28 am

[You must be registered and logged in to see this link.]

[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]

prenumele

Posts : 152
Points : 216
Reputation : 45
Join date : 2010-09-11

Back to top Go down

Re: Unpacking hasp envelope

Post by proaudiosoft on Fri Jun 15, 2018 6:57 am

You don’t need a script. What’s your target, I can help you. Send me a msg....

proaudiosoft

Posts : 3
Points : -24
Reputation : -42
Join date : 2017-09-15

Back to top Go down

Re: Unpacking hasp envelope

Post by ovis25 on Fri Jun 15, 2018 11:20 am

post here for us unpacking target complete, for Aladdin HL 1.x envelope.
if not get lost.

ovis25

Posts : 568
Points : 1101
Reputation : 295
Join date : 2014-06-07
Location : reversing.ro

http://reversing.ro

Back to top Go down

Re: Unpacking hasp envelope

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum