AriethMu_S6.dll Unpacked by Nemesis

Results 1 to 19 of 19
  1. #1
    Darkness Member Kiosani is offline
    MemberRank
    Oct 2007 Join Date
    ArgentinaLocation
    1,276Posts

    thumbs up AriethMu_S6.dll Unpacked by Nemesis

    Well this dll is for client version: 1.08C+ all unpacked (included main.exe and NOT CRACKED)

    Img (Edited text of Custom Item, change with hex editor xD):


    DOWNLOAD


    PS: The only thing missing is to crack the dlls and the launcher, so they can connect with other IPS. if anyone knows how to do this is welcome to provide help.

    Credits: AriethMu (create and protect custom library)
    Nemesis (unpack custom library )


  2. #2
    Account Upgraded | Title Enabled! BARAMOS is offline
    MemberRank
    Sep 2011 Join Date
    IsraelLocation
    248Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Check if you need something from here
    if you need i can add MuServer+client 1.08C
    Multiupload.com - upload your files to multiple file hosting sites!

  3. #3
    Apprentice Nathaniel23k is offline
    MemberRank
    Mar 2010 Join Date
    22Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    thanks guys.. awsome

  4. #4
    Account Upgraded | Title Enabled! JoniverPH is offline
    MemberRank
    May 2006 Join Date
    PilipinasLocation
    290Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    is this episode 1 or 2 ?

  5. #5
    Darkness Member Kiosani is offline
    MemberRank
    Oct 2007 Join Date
    ArgentinaLocation
    1,276Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    BARAMOS: That file server is that you you mean?

    JoniverPH: This is for Season 6 Episode 2 Kor Client. (1.08C+)

  6. #6
    Member ChromoMU is offline
    MemberRank
    Oct 2011 Join Date
    54Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Cool!

    How to use the AutoUpdater?

  7. #7
    Retired s'2010 Aszmhodeus is offline
    MemberRank
    Nov 2005 Join Date
    GermanyLocation
    1,276Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    congratulations - nice skills - i`ll give you a PM

  8. #8
    Valued Member tomatoes is offline
    MemberRank
    Oct 2005 Join Date
    140Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    UnVMed ?
    If unVM u can bypass Laucher.
    but u should decode some important fuction on this dll,and recode is better,u can use all main.exe.

    Main Global:

    Last edited by tomatoes; 18-12-11 at 04:20 AM.

  9. #9
    Kingdom of Shadows [RCZ]ShadowKing is offline
    MemberRank
    Jul 2007 Join Date
    1,644Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    I wonder how you managed to unpack it but failed to crack. Anyhow its good to have material like this for study.

  10. #10
    Member Brain is offline
    MemberRank
    Jan 2010 Join Date
    MoldovaLocation
    99Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Cracked by PE Explorer, nope? :)
    Nemesis (unpack custom library) :facepalm:
    Mu Coder = Bullshit

  11. #11
    Darkness Member Kiosani is offline
    MemberRank
    Oct 2007 Join Date
    ArgentinaLocation
    1,276Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    I never said no... I just realized as unpacking, because we analyze PEiD, and when the software said: UPX... Simply I use: PE Explorer (which includes a unpacker for UPX), that is, I'm going to do it manually if necessary, But if it is not necessary then not.

    Fog code by RMST = Copy of Arieth Fog... so bad -_-!
    Smoothing Textures by RMST = Copy of Arieth Smoothing Textures X_X!

    PS: If you get angry, because didn't you the first? or maybe is that you've done?? maybe if you did not, is because they aren't so clever.

    I know a bit of almost everything, that's why I can manage to do almost anything, that is... in general there are few things I can not do and that I owe a little to my cunning But in no time I steal the credit for this, ie, either way the idea occurred to me unpack, but If they want not it to be so simple to do... Well then do not use that kind of protections very simple's

    anyway the code inside the library has some few sections specifically designed to be virtually impossible to crack because they are all programmed codes within the same library which modify many bytes of memory within the main.exe to which he hook does this .dll and within the same .dll file (ANTI-DEBUG CODES).

    Maybe something like this (src by sobieh):
    Code:
    // -- DEBUGGER KILLER --
    // - OllyAdvanced KILLER
    // - ShadowsOlly  KILLER
    // - DGE APA (Anti Process Attach)
    // - DGE APD (Anti Process Dump)
    // - OpenProcess API Unlocker
    int Init()
    {
    	/*VM_START
    
    	POINT p;
    	HWND DebugerFound = 0;
    	int KilledDebugers = 0;
    
    	char txt[128];
    
    	for ( int qy = 0 ; qy < 100 ; qy++)
    	{
    		for ( int qx = 0 ; qx < 100 ; qx++)
    		{
    			p.x = qx * 20;
    			p.y = qy * 20;
    			
    			DebugerFound = WindowFromPoint(p);
    
    			char t[255];
    			GetWindowText( DebugerFound , t , 255);
    
    			if ( strstr( t , "Shadow") || strstr( t , "Olly") || strstr( t , "Debug") || strstr( t , "CPU - main") )
    			{
    
    				unsigned char * hack = (unsigned char*) GetProcAddress(GetModuleHandle("kernel32.dll") , "OpenProcess");
    
    				if ( *(hack+6) == 0xEA )
    				{
    					strcpy(txt , "Hide Debugger not worked :P ... Dont steal other coderz work Lame!");
    				}
    				else
    				{
    					strcpy(txt, "Dont steal other coderz work Lame!");
    				}
    
    
    				LONG a = GetWindowLong ( DebugerFound , GWL_HWNDPARENT );
    				
    				while ( a > 0 )
    				{
    					if ( a > 0 ) DebugerFound = (HWND) a;
    					a = GetWindowLong ( DebugerFound , GWL_HWNDPARENT );
    				}
    
    				EnumChildWindows( DebugerFound , cEnum , 0 );
    				Rectangle ( GetDC(DebugerFound) , 0 , 0 , 2000 , 2000 );
    				
    				for ( int f = 0 ; f < 64 ; f++ )
    				{
    					TextOut( GetDC(DebugerFound) , 40 , 40 + (f*16) , txt , strlen(txt) ); 
    				}
    				
    				SetWindowLong( DebugerFound , GWL_STYLE , 0x0 );
    				LockWindowUpdate( DebugerFound );
    				
    				// IF WE FOUND ANY DEBUGGER
    				// THEN WE GOT HERE A LITTLE SUPRISE FOR CRACKER
    				// WE JUST POWER OFF HIS COMPUTER :D
    				
    				// WE CAN DESTROY BootSector ON HIS HARDDRIVE (windows will not boot anymore) :D
    				// BUT I CANT INCLUDE IT HERE (its illegal)
    
    				TOKEN_PRIVILEGES tp;
    				HANDLE hToken;
    				if (OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &hToken))
    				{
    					LookupPrivilegeValue(0, SE_SHUTDOWN_NAME, &tp.Privileges[0].Luid);
    					tp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
    					tp.PrivilegeCount = 1;
    					AdjustTokenPrivileges(hToken, FALSE, &tp, sizeof(tp), NULL, NULL);
    					
    					//!!! UNCOMMENT THIS LINE WHEN YOU COMPILE FINAL VERSION !!!
    					//NtShutdownSystem(2); // Shutdown PC
    					CloseHandle(hToken);
    				}
    
    					KilledDebugers++;				
    			}
    		}
    	}
    Or maybe something like this too (a very dangerous thing for virtual memory):
    Code:
    __stdcall main( HANDLE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
    {	
    	MeHandle = hModule;
    /*
    		__asm // Fake Main size (anti dump) our main will be like 1 gb in memory and dumper should crash :D
    		{
    			MOV EAX,DWORD PTR FS:[0x30]
    			MOV EAX,[EAX+0Ch]
    			MOV EAX,[EAX+0Ch]
    			ADD DWORD PTR[EAX+20h],3000h
    		}
    
    	// Replace process Attach by Debugger Crasher
    	// we dont want to any lame cracker look on our code ... dont we ? xD
    	void *apiNtContinue = (void*)GetProcAddress(GetModuleHandle("ntdll"), "NtContinue");
    	WriteProcessMemory(GetCurrentProcess(), apiNtContinue, (void*)__NtContinue,
        (char*)__NtContinue_E-(char*)__NtContinue, 0);
    
    	// Recover bypassed OpenProcess api if bypassed by OllyHide or AdvancedOlly
    	unsigned char * hack = (unsigned char*) GetProcAddress(GetModuleHandle("kernel32.dll") , "OpenProcess");
    
    	if ( *(hack+6) == 0xEA )
    	{
    		unsigned char buff[7] = {0x8B, 0x45 , 0x10 , 0x89 , 0x45 , 0xF8 , 0x8B};
    		char *apiOpenProcess= (char*)GetProcAddress(GetModuleHandle("kernel32"), "OpenProcess");
    		WriteProcessMemory(GetCurrentProcess(), (apiOpenProcess + 6) , (unsigned char*)buff,
    		sizeof(buff) , 0);
    	}*/
    
    	*(Imports+8) = (unsigned int) &Init;
    
        return 1;
    }
    sorry for my bad English.
    Last edited by Kiosani; 18-12-11 at 12:23 PM.

  12. #12
    Alpha Member 2009x2014 is offline
    MemberRank
    Dec 2009 Join Date
    2,765Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    this screen is actually funny :)

    cuz to edit Text on orange field where u placed "Hacked by nemesis"

    u don't need any unpacks ;]

    just hex and brain :D

    about DLL if u think its fully Unpacked then im telling you

    check again or ask some1 for help
    Last edited by 2009x2014; 19-12-11 at 05:38 AM.

  13. #13
    Apprentice plasma32. is offline
    MemberRank
    Mar 2010 Join Date
    11Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Quote Originally Posted by mauro07 View Post
    anyway the code inside the library has some few sections specifically designed to be virtually impossible to crack because they are all programmed codes within the same library which modify many bytes of memory within the main.exe to which he hook does this .dll and within the same .dll file (ANTI-DEBUG CODES).
    not true ;),
    Nowadays: Virtually impossible = very VERY long boring repetitive stuff

  14. #14
    Valued Member tomatoes is offline
    MemberRank
    Oct 2005 Join Date
    140Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Quote Originally Posted by plasma32. View Post
    not true ;),
    Nowadays: Virtually impossible = very VERY long boring repetitive stuff
    Plasma32,long time see u xD,how are u ^^

    Anyway,Arieth dll had been unpacked long time ago.That why I can code Wing4,and etc...

  15. #15
    Enthusiast iliametla is offline
    MemberRank
    Apr 2011 Join Date
    30Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    Nice Dammit

  16. #16

    Re: AriethMu_S6.dll Unpacked by Nemesis

    You?? Unpacked arieth's dll? hmmmm OK

  17. #17
    Member =Devil= is offline
    MemberRank
    Feb 2008 Join Date
    61Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    reup?

  18. #18
    Darkness Member Kiosani is offline
    MemberRank
    Oct 2007 Join Date
    ArgentinaLocation
    1,276Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    AriethMu shutdown now.. not exists more.. and I don't have the client or unpacked dll sry

  19. #19
    Member =Devil= is offline
    MemberRank
    Feb 2008 Join Date
    61Posts

    Re: AriethMu_S6.dll Unpacked by Nemesis

    mauro07
    I am in search of custom wings


    new arieth
    Last edited by KarLi; 01-09-17 at 06:58 PM.



Advertisement