Jump to content

Niiabo

Members
  • Content Count

    93
  • Joined

  • Last visited

  • Days Won

    12

Niiabo last won the day on April 2 2017

Niiabo had the most liked content!

Community Reputation

46 Excellent

About Niiabo

  • Rank
    Member

Profile Information

  • Gender
    Male

Previous Fields

  • Team
    -
  1. You can always memory patch the bits you need :)
  2. The 2.2.7 release has timer checks and/or similar and no longer works. If anybody has a solution please let me know, otherwise revert to 2.2.5.
  3. I think what's happening is you removed most of IntelliLock's internal code during deobfuscation, but you still have code that's calling it - thus, the error. What you want to do is delete all calls to the IntelliLock code, like the one you quoted above, and make sure you execute the original entry point. Make sure your module constructor (<Module> .cctor) is also free of any IntelliLock calls. Good luck!
  4. Debug it with dnSpy and see where/what causes the crash. You should be able to figure it out then :)
  5. Niiabo

    MATLAB

    954.4MB that's one heck of a hello world lol
  6. AFAIR variables don't have a name if the program is compiled in Release mode.
  7. Sadly there's no 'toolkit' and it's significantly harder to crack iOS apps compared to .NET. You can use IDA to disassemble the app libs and then patch using a hex editor.
  8. Try deobfuscating with -v (verbose) or -vv (very verbose). That will get you started :)
  9. Tried deobfuscating with de4dot? The rest should be plain easy...
  10. It might not be the best advice, but have you tried scanning those files with some top AVs like Kaspersky, ESET or Avast? They may be able to disinfect the executables...
  11. The constants are a only layer of obfuscation - NoFuserEx will remove everything but your tweaks in constant mutation which doesn't help much. Instead, introduce a change in the packer or anti-tamper and you'll render the automatic unpacker useless. You can also create a trap for NoFuserEx, which will make the output crash / be invalid. That'll get script kids away for sure.
  12. Solved: Scylla had confused some APIs when fixing the IAT. Used Windows XP to unpack instead of Windows 10 and it all worked. Thanks @kao!
  13. All imports were found and valid in Scylla. It's interesting that the DLL the error specifies is actually the main executable, which is not a DLL.
  14. So I unpacked this ASPack target and I fixed all imports. I am also 100% confident that the entry point defined in the optional header is correct. However, upon starting the executable, I get this weird error. The text reads: Entry Point Not Found The procedure entry point IsAccelerator could not be located in the dynamic link library [...] If I load it in x64dbg, the error occurs even before the first breakpoint in ntdll is hit. Any clues?
×
×
  • Create New...