Unpacking themida v2.x

Page 1 of 2 12 LastLast
Results 1 to 15 of 17
  1. #1
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Unpacking themida v2.x

    Unpacking themida v2.x
    Anyone thats good at unpacking can give me a hand here? I already tried to follow this guide but as you can see from my posts there (lelejau) it didn't help much. (guide: How Unpack Themida 2.x.x - ZenHAX)

    If you know some unpacker or method that you think might work let me know.. I already tried dumping the memory using PELord but no successfull result. Olly can't open it, says invalid file and the dumped file is only 1.58mb, I dont think thats a normal size...

    I expect to be able to run the unpacked exe as normal as I run the packed one.
    Or if you dont want to lend your tools but are willing to unpack it for me here are the binaries compressed and uploaded to mega:
    https://mega.nz/#!8x1FkChD!-T47h3wvV...NHqoqJbEb6Y-V4

    Thanks


  2. #2
    Moderator DriftCity is offline
    ModeratorRank
    Oct 2009 Join Date
    /NapTown/Location
    617Posts

    Re: Unpacking themida v2.x

    The new Themida is really great, offers great protection. + they challenge people to crack it, so soon as someone reports an method to unpack it will be patched probably. So im not sure if it's gonna be that easy :p

  3. #3
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    you think this is the new one?

    Enviado de meu XT1033 usando Tapatalk

  4. #4
    Moderator DriftCity is offline
    ModeratorRank
    Oct 2009 Join Date
    /NapTown/Location
    617Posts

    Re: Unpacking themida v2.x

    Yea it looks like it was packed recently but they didn't use full protection options i think.
    I can see there are still parts that are not fully encrypted, but that's just some resource stuff.

    I use Themida a lot and like 5 different people that are pretty good in cracking couldn't break it xD

  5. #5
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    Can you show them these files and see if they can do something ?

  6. #6
    Moderator DriftCity is offline
    ModeratorRank
    Oct 2009 Join Date
    /NapTown/Location
    617Posts

    Re: Unpacking themida v2.x

    Quote Originally Posted by SheenBR View Post
    Can you show them these files and see if they can do something ?
    I know 1 guy i can ask, but i'm not sure if he's gonna do it, he is kinda lazy xD. Also it's not kinda easy to crack Themida at all. It's like malware, it doesn't want to be unpacked xD

  7. #7
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    ask him nicely xD

    Im looking forward to this as I wanted to see if I can emulate this game. but can't do much with it packed.
    Will wait for your answer :)

  8. #8
    Moderator DriftCity is offline
    ModeratorRank
    Oct 2009 Join Date
    /NapTown/Location
    617Posts

    Re: Unpacking themida v2.x

    Quote Originally Posted by SheenBR View Post
    ask him nicely xD

    Im looking forward to this as I wanted to see if I can emulate this game. but can't do much with it packed.
    Will wait for your answer :)
    I asked him but he isn't gonna do it, he has exams in a few weeks..

  9. #9
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    Sure.. maybe when he has finished them ? I also have exams this week in uni. Can you send me your skype or something ?

  10. #10
    Omega sunnyboy is offline
    The OmegaRank
    Mar 2010 Join Date
    6,122Posts

    Re: Unpacking themida v2.x

    Which exe are you looking for to be unpacked. I cannot detect any themida.

    If you're talking about PT2Start.exe, could you explain how you detect themida?

    Thanks.

    @SheenBR

    PT2Start.exe isn't packed with anything as far as I can tell.

    Some ip/urls

    strlen("http://70.28.13.104:7300/");
    sub_40AD30("http://192.198.82.198/");


    Also running the client is using the ip 192.198.82.198 so you'd have to change that so connection redirects to your server
    Last edited by sunnyboy; 04-12-15 at 01:22 AM.

  11. #11
    Moderator DriftCity is offline
    ModeratorRank
    Oct 2009 Join Date
    /NapTown/Location
    617Posts

    Re: Unpacking themida v2.x

    Quote Originally Posted by SheenBR View Post
    Sure.. maybe when he has finished them ? I also have exams this week in uni. Can you send me your skype or something ?
    PM me your skype :) i will be on in a few days, currently traveling.

  12. #12
    Sharing is caring KillerStefan is offline
    ModeratorRank
    Feb 2007 Join Date
    NetherlandsLocation
    2,553Posts

    Re: Unpacking themida v2.x

    Maybe you should contact the guys from PT2 Reborn, they're also BR btw
    "Knowledge will become available to those who are determined"

    http://twitter.com/KillerStefan
    Follow my eSports org @ fb.com/TeamParia

    Quote Originally Posted by KillerStefan View Post
    Ask gPotato to send it to me then since they can just ask Nexon for my contact details
    Quote Originally Posted by border9008 View Post
    So.. if we contact Gpotato about the "database," our US tr info will be in the private version?

    Quote Originally Posted by Rishwin View Post
    We're getting alot of complaints against KillerStefan. I don't think it's because he's incompetent, but rather the members of that section seem to be.

  13. #13
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    @KillerStefan
    yeah I know, but I dont talk to them, we are not friends... I know who they are.. they seem to have got the files from the PT2 company itself, thats what I heard. Never found any PT2 files on the internet though.
    @sunnyboy
    The exe i'm looking to unpack is the one in bin folder, PT2.exe maybe after got it unpacked we can see exactly the DLLs it imports and possibly find any packed too.
    PT2Start is just the launcher, it calls PT2.exe with some arguments, the IP to connect and some seed that is used in packet encryption, probably. I belive this game uses some Rijndael stuff... I can find Rijndael tables in PlayGame.dll or PlayData.dll, I dont remember.. as I also found WsaRecv calls. But I needed the PT2 unpacked so I can try to remove this xtrap and debugg with olly in real time to see if I can find anything
    Last edited by SheenBR; 04-12-15 at 04:31 PM.

  14. #14
    Omega sunnyboy is offline
    The OmegaRank
    Mar 2010 Join Date
    6,122Posts

    Re: Unpacking themida v2.x

    Quote Originally Posted by SheenBR View Post
    @KillerStefan
    yeah I know, but I dont talk to them, we are not friends... I know who they are.. they seem to have got the files from the PT2 company itself, thats what I heard. Never found any PT2 files on the internet though.
    @sunnyboy
    The exe i'm looking to unpack is the one in bin folder, PT2.exe maybe after got it unpacked we can see exactly the DLLs it imports and possibly find any packed too.
    PT2Start is just the launcher, it calls PT2.exe with some arguments, the IP to connect and some seed that is used in packet encryption, probably. I belive this game uses some Rijndael stuff... I can find Rijndael tables in PlayGame.dll or PlayData.dll, I dont remember.. as I also found WsaRecv calls. But I needed the PT2 unpacked so I can try to remove this xtrap and debugg with olly in real time to see if I can find anything
    Okay thanks I'll take at it once I get home. I can unpack it, but not sure if it will run smoothly, but I'll give it a go nonetheless

    @SheenBR , I gave it a shot no promisses it will even work PT2
    Last edited by sunnyboy; 04-12-15 at 11:43 PM.

  15. #15
    Fuck. SheenBR is offline
    ModeratorRank
    Feb 2008 Join Date
    Jaú, BrazilLocation
    2,379Posts

    Re: Unpacking themida v2.x

    Nice! I just ran it directly, it loaded xtrap and asked me to run PT2Start.exe.Seems its working! wow! Teach me your magic. lol Will test more tomorrow and if I find any problems I tell you.
    Last edited by SheenBR; 05-12-15 at 05:22 PM.



Page 1 of 2 12 LastLast

Advertisement