Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

Unpacking themida v2.x

Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
Anyone thats good at unpacking can give me a hand here? I already tried to follow this guide but as you can see from my posts there (lelejau) it didn't help much. (guide: )

If you know some unpacker or method that you think might work let me know.. I already tried dumping the memory using PELord but no successfull result. Olly can't open it, says invalid file and the dumped file is only 1.58mb, I dont think thats a normal size...

I expect to be able to run the unpacked exe as normal as I run the packed one.
Or if you dont want to lend your tools but are willing to unpack it for me here are the binaries compressed and uploaded to mega:


Thanks
 
Moderator
Staff member
Moderator
Joined
Oct 2, 2009
Messages
561
Reaction score
118
The new Themida is really great, offers great protection. + they challenge people to crack it, so soon as someone reports an method to unpack it will be patched probably. So im not sure if it's gonna be that easy :p
 
Moderator
Staff member
Moderator
Joined
Oct 2, 2009
Messages
561
Reaction score
118
Yea it looks like it was packed recently but they didn't use full protection options i think.
I can see there are still parts that are not fully encrypted, but that's just some resource stuff.

I use Themida a lot and like 5 different people that are pretty good in cracking couldn't break it xD
 
Joined
Mar 14, 2010
Messages
5,363
Reaction score
1,343
Which exe are you looking for to be unpacked. I cannot detect any themida.

If you're talking about PT2Start.exe, could you explain how you detect themida?

Thanks.

SheenBR

PT2Start.exe isn't packed with anything as far as I can tell.

Some ip/urls

strlen("http://70.28.13.104:7300/");
sub_40AD30("http://192.198.82.198/");


Also running the client is using the ip 192.198.82.198 so you'd have to change that so connection redirects to your server
 
Last edited:
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
@KillerStefan
yeah I know, but I dont talk to them, we are not friends... I know who they are.. they seem to have got the files from the PT2 company itself, thats what I heard. Never found any PT2 files on the internet though.
@sunnyboy
The exe i'm looking to unpack is the one in bin folder, PT2.exe maybe after got it unpacked we can see exactly the DLLs it imports and possibly find any packed too.
PT2Start is just the launcher, it calls PT2.exe with some arguments, the IP to connect and some seed that is used in packet encryption, probably. I belive this game uses some Rijndael stuff... I can find Rijndael tables in PlayGame.dll or PlayData.dll, I dont remember.. as I also found WsaRecv calls. But I needed the PT2 unpacked so I can try to remove this xtrap and debugg with olly in real time to see if I can find anything
 
Last edited:
Joined
Mar 14, 2010
Messages
5,363
Reaction score
1,343
@KillerStefan
yeah I know, but I dont talk to them, we are not friends... I know who they are.. they seem to have got the files from the PT2 company itself, thats what I heard. Never found any PT2 files on the internet though.
@sunnyboy
The exe i'm looking to unpack is the one in bin folder, PT2.exe maybe after got it unpacked we can see exactly the DLLs it imports and possibly find any packed too.
PT2Start is just the launcher, it calls PT2.exe with some arguments, the IP to connect and some seed that is used in packet encryption, probably. I belive this game uses some Rijndael stuff... I can find Rijndael tables in PlayGame.dll or PlayData.dll, I dont remember.. as I also found WsaRecv calls. But I needed the PT2 unpacked so I can try to remove this xtrap and debugg with olly in real time to see if I can find anything
Okay thanks I'll take at it once I get home. I can unpack it, but not sure if it will run smoothly, but I'll give it a go nonetheless

SheenBR , I gave it a shot no promisses it will even work
 
Last edited:
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
Nice! I just ran it directly, it loaded xtrap and asked me to run PT2Start.exe.Seems its working! wow! Teach me your magic. lol Will test more tomorrow and if I find any problems I tell you.
 
Last edited:
Joined
Mar 14, 2010
Messages
5,363
Reaction score
1,343
Nice! I just ran it directly, it loaded xtrap and asked me to run PT2Start.exe.Seems its working! wow! Teach me your magic. lol Will test more tomorrow and if I find any problems I tell you.

I saw in the bin folder PT2GameGuard.eng and .tur thinking it has gameguard, but I didn't see anything in client to tell me so.

Still works well?
 
Moderator
Staff member
Moderator
Joined
Feb 22, 2008
Messages
2,404
Reaction score
723
Yeah, I figured out how to remove xtrap, it seems to only work when I run it from Olly though, lol, idk why.
Now with it removed and able to run it with debugger, Ill try to see if I can find packets info now ^^ But all this stuff should be inside the Dlls, Core.dll/PlayGame.dll or PlayData.dll.. shoud investigate.

Thanks
 
Back
Top