MapleStory GMS v58 unpacked themida

[AlisaCodeDragon]

MapleStory Revision: GMS v58
download - https://yadi.sk/d/uy1tlAoliFok0Q
MapleStory.exe - unpacked themida [ unpacked - AlisaCodeDragon ]


<---------------------------------------------------------------------------------->
Protection Crushers Reverse Engineering witch's hammer Team Exploring Dark Side of the Web
<---------------------------------------------------------------------------------->

[MentaL]

[Darter]

What a treat to wake up to !!! My work laptop's domain anti virus doesn't like it so I will post addy's when I get the chance at home :)

[AlisaCodeDragon]

What a treat to wake up to !!! My work laptop's domain anti virus doesn't like it so I will post addy's when I get the chance at home :)

Hi there is no certificate in the file , (secure section)

[ezee]

Hi there is no certificate in the file , (secure section)

Nice to see someone taking up new releases. Your unpack needs some work. A good unpack should seperate out themida's combined sections and restore the .*data sections and .rsrc sections. Makes the dissasembly workload 100% easier / less messy on any decompiler.

Regarding certificates, you can restore the certificate that were originially in the themida packed executable. However, you can't really recover anything from maplestory this early since they didnt really sign anything around the pre 8X period when they started to sign with md5 signatures.

I recommend just ripping off the current MapleStory.exe signed sig and just slapping it on there and installing the copy on your system.

[Darter]

TSingleton<CSecurityClient>

Our saving grace

Code:

.text:009614C4 TSingleton_CSecurityClient__ms_pInstance

CSecurityClient::Init

Patch the call to return 1877 or turn the jz into jmp

Code:

.text:00855F10                 call    sub_8599D0
.text:00855F15                 cmp     eax, 755h
.text:00855F1A                 jz      short loc_855F34

CSecurityClient::Update

Ret this entire function

Code:

.text:00856015 CSecurityClient__Update

CSecurityClient -- Ensure Exists ?

Ret this entire function

Code:

_DWORD *sub_819A47()
{
  _DWORD *result; // eax
  _DWORD *v1; // ecx

  result = (_DWORD *)TSingleton_CSecurityClient__ms_pInstance;
  if ( !TSingleton_CSecurityClient__ms_pInstance )
  {
    v1 = (_DWORD *)sub_4029B9(dword_968FA8, 0x58u);
    if ( v1 )
      result = sub_855E04(v1); // CSecClient Constructor
    else
      result = 0;
  }
  return result;
}

[ezee]

Nice quick find my friend. CSecurityClient is always haunting us.