vm for the masses - a vm compiler incl source
от автора:
hi,
i have attached the complete sourcecode of a working vm compiler. this compiler was used for the 'impossible crackme' - crackmes
i have also included a brief explanation of everything
please keep in mind that this vm underwent some major changes (read the impossible crackme threads), thats why parts of the code are messy and smelly
rapidshare.com/files/25706809/xm.zip

| Сообщение посчитали полезным:

Spirit пишет:
- v1.1.500.2008 Beta - [12.02.2008]
- Several small bugs fixed

А еще в тихую поменял старый оптимизирующий е8/e9 фильтр на новый. И где тока берет таких монстроидальных уродцев.

| Сообщение посчитали полезным:

DrGolova пишет:
Если очень надо, могу сказать оффсеты, структуру токена VM, и конкретные значения ее опкодов, но это же не спортивно.
Не спортивно ! Тем более китайцы года три назад сделали полный анализ! У них есть два тутора Софтворма чисто по наномитам и Симониз полностью по приватной версии

| Сообщение посчитали полезным:

Простенький пакер Pepsi-v2

21ec_28.03.2008_CRACKLAB.rU.tgz - Pepsi-v2.rar

| Сообщение посчитали полезным:

Pespin 1.32 Unpacking Script (beta 1), Tutorial showing how to use a script+tool to unpack PEspin 1.32
Here's a PACKAGE including:
- A Script that unpacks latest PEspin 1.32 (even with debugBlocker)
- A little tool that fixes nanomites after unpacking.
- A modified version of ODBFScript (just added 1 option to have 'assemblable' text given by 'OPCODE' command nad modified SETOPTION to set ON/OFF any option you want by script -I'll describe it below shortly for concerned people)
- A tutorial that show how to use all this stuff.

For any remarks, bug report please PM me or join us in our forum.


_http://www.at4re.com/tools/Releases/Zool@nder/PEspin_1_32_Unpacking_s cript_by_Zool@nder_of_AT4RE.rar




; Command SETOPTION (mod)
SETOPTION opt
------------------
Sets any exception you want ON or OFF. There are 7 kind of exceptions, so I've attributed to every exception a flag and her is the description:


To ignore an exception, set its flag to 1, otherwise set is to 0

opt can also be be:
- 'ALL' witout ' to set all exception ON
- Or just 0, to set them OFF

Examples:
- SETOPTION ALL ; sets all ON
- SETOPTION 1001100 ; sets ON (the debugger will ignore) : int3 + div/0 + invalid&previlege instructions
- SETOPTION 0 ; sets all OFF

| Сообщение посчитали полезным:

О ойп...."Arab Team 4 Reverse Engineering"
Полное болото...
Качать лучше со страницы http://www.at4re.com/f/showthread.php?p=21851#post21851
//хорошая режисура синема,+мод плага олька_скрипт,+нано_фиксер, в общем качнуть стоит.
Радует что на ссайте, в новостях QU 2.1

-----
Чтобы юзер в нэте не делал,его всё равно жалко..

| Сообщение посчитали полезным:

Интересная утиля к Ольке, засвеченна в видеотуторе
//"Multi command assembler"
Никому не попадалась на глаза в "живую"???

-----
Чтобы юзер в нэте не делал,его всё равно жалко..

| Сообщение посчитали полезным:

Bronco,

Тутор не смотрел, но судя по описанию речь идет об IDAFicator http://www.woodmann.com/collaborative/tools/index.php/IDAFicator .
Кстати, советую посмотреть его описание, там есть еще полезные функции.

| Сообщение посчитали полезным:

kioresk пишет:
там есть еще полезные функции
Ага...С востановлением стабов прикольно намутили...
Но всё не прочитаешь, в справке много текста из "узорчиков"...
//шо за жизнь пошла,.... то "кубЫки",.... то "узорчики"

-----
Чтобы юзер в нэте не делал,его всё равно жалко..

| Сообщение посчитали полезным:

WinLicense 1.9.5.0 + LicenseFile.

WinLicense is a powerful protection system designed for software developers who wish to protect their applications
against advanced reverse-engineering and software cracking.
Developers do not need any source code changes or programming experience to protect their applications with WinLicense.

WinLicense uses SecureEngine® protection technology, which is able to run its code at the highest priority level to implement never before seen protection techniques;
this protects any application with the highest level of security.

Here are just a few of WinLicense's protection features:
Multilevel encryption to protect code and data in an application.
Advanced detection of cracking tools.
Execution of code the highest level of priority to implement never before seen protection techniques.
Scrambles executable code, data, and APIs in the application to avoid any possible reconstruction of the original application.
Protection against all disassemblers and debuggers.
SDK offers two-way communication with SecureEngine® and the protected application.
Advanced technology which prevents dumping from memory to disk.
Fully customizable protection options and dialogs.

The main objective of WinLicense is to cover all current vulnerabilities in software protection.
Most software protection programs claim to be the perfect solution against cracking,
but this is far from reality. In the following list, we present the two main weaknesses
in most software protectors and how WinLicense covers them.

•Obsolete protection techniques: Normally, software protectors use obsolete protection
techniques that can be easily defeated with newest cracking tools.
Even the newest software protectors are just a copy of older software protectors with
just some new and not-very powerful techniques against software cracking.
WinLicense uses a new and very advanced technology that detects any possible cracking
attempt of an application and ensures each application is uniquely protected to avoid
general attacks.
•Restricted execution by the OS: Current software protectors can only run their code with
a “normal” privileges level. This means that they cannot implement advanced protection
techniques which can only be executed in Kernel Mode, the highest operating
system priority level. WinLicense runs parts of its code in Kernel Mode to implement
the most advanced techniques against modern cracking, making it a unique protector.


WinLicense offers the widest range of options and features to create both trial and
registered versions for an application. Developers can communicate with WinLicense to check
the current state of the trial or registered versions of their application through a complete SDK.
WinLicense also offers the capability to automatically handle all possible situations, such as when an application expires,
a license is corrupted, etc., saving developers from including extra code into their applications.

Some of the most important licensing features included in WinLicense are:
Possibility to create Trial versions with multiple different expiration types like: expiration by days, by executions, by specific date, by minutes, by runtime, etc.
Possibility to extend the trial period in an application with Trial Extension Keys.
Powerful engine to store the trial status in the system to avoid trial period resetting by possible attackers.
Possibility to create different types of license keys for different developer needs.
Lock trial and license keys to a specific country.
Machine binding, which allows an application to run on a specific computer only.
Custom trial counters to keep control of limited resources in your trial versions.
Independent password protection for both Trial and Registered versions.
Possibility to create your own automation system with help from the external WinLicense DLL.
Complete SDK with over 50 different functions.
.NET SDK support for Trial and Registered versions.
Database-driven implementation to keep safe records of all your software, customers and licenses.
Embedded generators to create license keys, trial extension keys, and passwords for an application.
Customization for all trial/registration messages with possibility to include/exclude them from being displayed.


Many license managers seem very easy to use to add trial and licensing support inside an application.
Then, when the developer needs extra
licensing features or extra protection to protect sensible trial data,
they get frustrated with the license manager that they use.
In many cases, even amateur programmers that don't have knowledge
in cracking and reversing tools can easily reset the trial period in protected
applications. WinLicense was developed specifically to cover this vulnerability.

In the following, we present the main weaknesses in current license managers and how WinLicense solves them.

•Rigid License registration: Most license managers define the way that an application can be registered,
offering limited ways to license an application. This forces developers to adapt their applications to
the licensing system that they use, instead of the license manager adapting to a specific application.
WinLicense offers multiple ways to license an application, fitting into any kind of program
without limiting the developer's ideas to license his/her applications.

•Limited SDK to control the trial/licensing status: Most license managers offer a limited
set of SDK functions to interact with the license manager. Subsequently, developers are limited in
implementing their licensing ideas due to the lack of a function in the license manager.
WinLicense exports more than 50 functions with its SDK to allow full control over the trial/licensing
status in an application; many of these functions will give ideas to the developer for adding extra features
into the application.

•Easy resetting of the trial period: Many license managers look very attractive and appear to be
good solutions for creating trial periods in an application. The problem appears when a developer
protects an application and realizes how easy it is to reset the trial period in the protected application
by using cracking tools, leaving the trial application totally unprotected and open to infinite use.
WinLicense offers the strongest solution available to store the trial period in a system through a
complex engine called Trial Storing Manager®. This engine makes it extremely difficult for attackers
to reset the trial period in any protected application with WinLicense.

•Weaknesses in machine-locked licenses: Many license managers offer support to lock a
license key to a specific machine. To get the ID for a specific machine, they rely on
specific Windows registry keys or common Windows API to get hardware information about a machine.
This presents a major vulnerability in locked license keys due to the possibility of manually changing
the machine ID and running an application that was locked to another machine. WinLicense is aware of that vulnerability,
so the machine ID is obtained directly from the hardware using the SecureEngine® Kernel Mode technology.
Attackers are unable to manipulate the real machine ID in their computers,
so they cannot run applications that were locked to another computer.

----Скачать это добро можно тут http://rapidshare.de/files/39016428/WinLicense_1.9.5.0.7z.html

| Сообщение посчитали полезным:

Leatherfase пишет:
WinLicense 1.9.5.0 + LicenseFile

реальная лицензия или кракнутая версия?

| Сообщение посчитали полезным:

Gideon Vi
Winlicense.Custom.Build.V1.9.5.0.CracKed.By.shoooo[CUG].rar

-----
in search of sunrise

| Сообщение посчитали полезным:

mucki's protector source
http://exelab.ru/f/action=vthread&forum=3&topic=8442

7411_04.04.2008_CRACKLAB.rU.tgz - mp.zip

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

VXPack 1.13 Unpacked by pavka
rapidshare.com/files/74624069/VXPack1.1.3.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

mucki's protector II cracked by KuNgBiM


0fc9_06.04.2008_CRACKLAB.rU.tgz - Mucki.protector.II.cracked.by.KuNgBiM.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Pestil v1.0
Stub : 6 kb ( 4kb packed )

If you get errors while protecting,run program in safe mode(there is an option on agreement page)
What can i do with this program?
--------------------------------
[+]You can make any virus/trojan undedected.(scantime and runtime)
[+]You can prevent your programs.
[+]You can compress your programs.
[+]You can use it to change programs's icons.

Usage :
-------
[1]Drag and drop the file that you want to protect or press 'Select File' button and chose it.
[2]Choose your options(icon,version info,algorith) and protect it.
[3]Your crypted file is ready,now you can use it..

Properties :
------------
[+]Pestil uses XOR encryption and 3 different compression algoritm.
[+]Small stub.
[+]Pestil preserve EOF data automatically.So you can also crypt Flux,Bifrost,Poison Ivy,etc.. servers.
[+]Tested on Vista.

rapidshare.com/files/40811084/osC__CoDeR_-_Pestil.rar

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

DrGolova пишет:
Меня же сильно интересует судьба последнего седьмого токена в виртуальной машине
Хм.. Чет я ни чего не нахожу
вот табличка наномитов из песпина 1.32
F2 9C D6 82 1E 00 00 00 03 01 02 C3 7B 8F 90 90 00 00 00 03 00 06 53 D7 3F C4 05 00 00 00 01 54
02 2D F8 A3 91 5F 00 00 00 03 00 02 B2 1C C2 5F 95 04 00 00 03 00 06 6C C9 B8 88 27 00 00 00 03
00 02 F3 2D D9 46 2D 04 00 00 03 00 06 AB 5F F9 C7 12 04 00 00 03 00 06 2D 7F F5 0E 08 04 00 00
03 00 06 1C 98 AC 1C BD 04 00 00 03 00 06 15 4C CA A5 E9 03 00 00 03 00 06 43 40 62 E5 E2 04 00
00 03 00 06 E6 76 C3 62 27 00 00 00 03 00 02 EF A2 A5 DB 03 00 00 00 01 71 02 09 C3 B6 38 16 00
00 00 03 00 02 F3 E0 B3 D6 20 00 00 00 03 01 02 B6 14 C4 AB 20 00 00 00 03 01 02 79 08 5C 2C 20
00 00 00 03 01 02 54 3F CA C1 11 00 00 00 03 01 02 91 E9 5B 8B 11 00 00 00 03 00 02 BD 88 55 65
14 00 00 00 00 75 03 A4 CB 6E FD 14 00 00 00 00 45 03 C0 4F 1D B3 08 00 00 00 00 40 03 F2 C7 C6
BD 07 00 00 00 03 00 02 91 66 2A 66 10 00 00 00 00 5D 03 E1 37 3E F2 1B 00 00 00 03 00 02 25 18
4D 9C 1C 00 00 00 03 01 02 28 00 00 00 20 00 00
о каком идет речь? Все наномиты востанавливаются скриптом. Прот нормально запускается
Дамп анпакнутый только скриптами без импрека и рук, мютекс лень было вставлять

| Сообщение посчитали полезным:

атач чет не цепляется

15fa_09.04.2008_CRACKLAB.rU.tgz - dump.rar

| Сообщение посчитали полезным:

пару наномитов лажанул в скрипте был косячок
.0040CC71: 8B4090 mov eax,[eax][-070]<-08 in >C0 4F 1D B3 08 00 00 00 00 40 03
.0040CC74: 3DD9FDFFFF cmp eax,0FFFFFDD9 ;'  ?-'
.0040CC79: 74C0 jz .00040CC3B -- 1 <----07
.0040CC7B: 5E pop esi
.0040CC7C: 5F pop edi
.0040CC7D: 5B pop ebx
.0040CC7E: C9 leave
.0040CC7F: C21000 retn 00010
.0040CC82: 8B1D7C004100 mov ebx,[00041007C] -- 2

исправил переделал вроде все о.к

0112_09.04.2008_CRACKLAB.rU.tgz - dump.rar

| Сообщение посчитали полезным:

PeStubOEP v1.7

4b82_22.04.2008_CRACKLAB.rU.tgz - 1.7.rar

| Сообщение посчитали полезным:

Перезалейте кто-нить Pestil v1.0, а то немогу с рапиды скачать (долбаная капча!)

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Flint
link_deleted_by_forum_engine/files/4914229
dump.ru/files/p/p90700405/

-----
iNTERNATiONAL CoDE CReW

| Сообщение посчитали полезным:

Spirit пишет:
Pestil v1.0

Нда, я ожидал большего, а оказалось все банально: CreateProcessA, WriteProcessMemory, ResumeThread

-----
Nulla aetas ad discendum sera

| Сообщение посчитали полезным:

Да заколебал ты старьё выкладывать, бан нафиг.

| Сообщение посчитали полезным:

[unpackme] Larp V2.0 Ultra
забойное апакми от лены Что бы запустить пришлось ставить чистую систему
В архиве + анпакнутое и скрипт для спласинга

5932_29.04.2008_CRACKLAB.rU.tgz - lARP_2.0_ULTRA_Unpackme.rar

| Сообщение посчитали полезным:

DrGolova пишет:
Меня же сильно интересует судьба последнего седьмого токена в виртуальной машине
Когда я смотрел наномиты (давно это было), 7й токен брал константу для добавления к eip из дочернего процесса. Не помню правда где лежал указатель на константу (в родительском или в дочернем), но одназначно идентифицировать я тоже не смог. Возможно это макрос, но тогда слишком мало места для его вставки. Если это паддинг то почему константа лежала в дочернем процессе?

-----
Yann Tiersen best and do not fuck

| Сообщение посчитали полезным:

pavka пишет:
[unpackme] Larp V2.0 Ultra

у меня запустилось и на грязной системе - xpsp2rus без апдейтов.
жаль что kakeeware (kam) палится этим unpackme

| Сообщение посчитали полезным:

r99 пишет:
у меня запустилось и на грязной системе - xpsp2rus
машина мощная наверно ;) В варианте аля ПЕП с секцией прота ==20000000 оно вобще падало с ошибкой инициализации из за нехватки памяти

| Сообщение посчитали полезным:

GIOFF cryptor [private] 1.0.0.5 full http://www.fileuploader.cn/download.php?a9806bfe81a8bf7479c05c23e985a682 version

df80_01.05.2008_CRACKLAB.rU.tgz - pass.txt

-----
все багрепорты - в личные сообщения

| Сообщение посчитали полезным:

HandMill китайцы сломали ?

| Сообщение посчитали полезным:

HandMill, а что на нём висело до распаковки? распаковано как-то криво не работает даже на пустой форме дельфы.

| Сообщение посчитали полезным: