23 January 2009

New Unpacking Stuff

7 comments
for Themida protected programs [some thermida files can show by some versions of thermida protector positive virus alerts]

this tools can possible restore some files packed with this protector to unprotected original conditions

tmdunpacker.rar 586.19 KB
Tmdunpacker_TheMida_Winlicense_Unpacker_ 584.71 KB
Detemida1005.rar 106.81 KB
TMD/WL Script for 1.9.0.0-2.0.3.0
TMDScript_1.9.6.0_ver_0.8_beta.txt
TheMida - WinLicense Info Script.txt
Themida---WinLicence-1.x.x---2.x.x-CodeEncrypt-Repair.txt
Themida Winlicense ID +peid plugin

http://www.elitepvpers.de/forum/epvp-coders/
http://reversengineering.wordpress.com/category/tools/page/2/

for Armadillo protected programs [some thermida files can show by some versions of thermida protector positive virus alerts]

this tools can possible restore some files packed with this protector to unprotected original conditions

ArmaCRC-1.4.1.zip 74.56 KB
ARMA.INTRUDER.0.4
ARMACRC.V1
ARMADETACH.V1
ARMADETACHME
ARMADILLO FIND PROTECTED V1
ARMADILLO KILLER 2
ARMADILLO REDUCER 1.7
ARMADILLO.DLL&OCX
ARMADILLO.SECTIONS.STRIPPER.1.22
ARMADILLO_KEY_GENERATOR 1
ARMADILLOCLEANER
ARMADILLOTOOLS V1.2
ARMADUMPER.V1
ARMAEV
ARMAUNPACK
ARMINLINE V0
DEATTACHER
HWID_CHANGER V.0
LOADER-10
MM_DILLODIE_V1
NANOMITES.KILLER.BY
UIF-FINAL-PLUS
UIF-V1.2stable
UNARM
ArmaGeddon v1.1.0 by Condzero
ArmaGeddon V1.2g by Condzero
ArmInline v0.96f (Eng)
ArmKiller v1.2.1 Tool by TLG_XQuader
http://h47z.lefora.com/2008/10/15/all-armadillo-tools-2008-04-05/
Armadillo Unpacking Tools serie 2
http://h47z.lefora.com/
http://h47z.lefora.com/lethal/blog/
http://reversengineering.wordpress.com/
AoRE-Unpacker-0.4.rar 462.57 KB
P3 Explorer v1.99R5 (support now remove obsolete debuginfo from compiled emule.exe)

Please share successful cleaned filesharing tools files

HashCheck Shell Extension 2.1.7

0 comments


HashCheck Shell Extension

* Current version: 2.1.7
* Released on: 22 Jan 2009
* Requirements: Windows XP (or newer)

What is the HashCheck Shell Extension?

The HashCheck Shell Extension makes it easy for you to calculate and verify checksums (including hashes) from Windows Explorer.

First, HashCheck can process and verify the checksums/hashes stored in checksum files--these are files with a .sfv, .md4, .md5, or .sha1 file extension. Just double-click on the checksum file, and HashCheck will check the actual checksums of the listed files against those specified in the checksum file.

Second, HashCheck will add a "Checksums" tab to the shell's file properties dialog so that you could easily check the hash of a file (or even multiple files and directories) from Windows Explorer. You can also save the results to a checksum file.

Finally, if you want to create a checksum file but think that opening the file properties dialog, navigating to the "Checksums" tab and then clicking "Save" is too much trouble, HashCheck simplifies the task by adding an optional "Create Checksum File" command to the shell's context menu. Simply select the files and directories that you want to hash and create a checksum file for, right-click on them, and select "Create Checksum File".

With HashCheck, you can consolidate the md4sum, md5sum, and sha1sum tools--as well as any SFV creation/verification utilities that you might have--into one fast, simple, free, light-weight (on 32-bit systems, the final installed size is less than 80 KiB), and open-source utility.
Is this free?

Yes! The HashCheck Shell Extension is open-source, licensed under a BSD-style license.
What algorithms and formats are supported?

HashCheck supports the CRC-32, MD4, MD5, and SHA-1 algorithms.

HashCheck creates checksum files in the SFV format for CRC-32, and in a format compatible with the output of the standard md4sum, md5sum, and sha1sum tools for the other algorithms; checksum files produced by HashCheck can be encoded in UTF-8, UTF-16LE, or the system's default ANSI code page.

HashCheck can read SFV checksum files as well as checksum files created by directing standard md4sum, md5sum, or sha1sum output to a file. It can detect and handle virtually any sort of character and line-ending encoding: UTF-8 (with or without signature), UTF-16LE/BE (with or without BOM), or the default ANSI code page on your system.
How do I get the HashCheck Shell Extension?

Just download and run. The latest source code can be found here; build instructions are found inside.

(For advanced users) To run the installer in quiet (unattended) mode, run "HashCheckInstall.exe /quiet", and to extract the files to the current directory without installing, run "HashCheckInstall.exe /extract".
What features are planned for future versions of HashCheck?

A rough sketch of the future direction of HashCheck is available in the development roadmap. If you have a feature to suggest, please check the roadmap first to see if it is already listed; the roadmap also contains information about how to submit suggestions.
What languages are supported?

The following languages are supported:

* English
* 中文 (简体) (translator: "yumeyao")
* Deutsch (translator: "Rolf")
* ελληνικά (translator: "XhmikosR")
* español (translator: "Phare")
* français (translator: "user_hidden")
* 日本語 (translator: "yumeyao")
* 한국어 (translator: JaeHyung Lee)
* polski (translator: "RedWine")
* português (BR) (translator: "0d14r3")
* Türkçe (translator: M. Ömer Gölgeli)

Version History

* 2009/01/22 - 2.1.7
o [Bug #46] [Localizations] Added Polish translation. (translator: "RedWine")
* 2009/01/20 - 2.1.6
o [Bug #21] [General] The title bar of the options dialog will now display the target architecture alongside with the version.
o [Bug #24] [HashVerify] Make use of the new list view style introduced in Windows Vista; this will preserve foreground color coding through selections.
o [Bug #25] [HashVerify] Selection integrity is now preserved after sort operations.
o [Bug #26] [HashVerify] Memory footprint optimizations.
o [Bug #27] [Localizations] Added Korean translation. (translator: JaeHyung Lee)
o [Bug #23, #45] [Localizations] Minor miscellaneous changes to a couple of en-US strings.
* 2009/01/13 - 2.1.5
o [Bug #4] [Localizations] Added Greek translation. (translator: "XhmikosR")
o [Bug #5] [Localizations] Changed "context menu" to "shortcut menu" in the en-US localization (this is apparently the technically correct term in Windows).
o [Bug #6] [Installer] The installer will now remind the user to log off and log back on after the installation is completed if the installer determines that it is necessary (when updating an existing installation, the shell process needs to be restarted in order to get it to load the new version into memory).


Homepage: http://www.ktechcomputing.com/hashcheck/

Download It! (79 KiB)
http://www.ktechcomputing.com/hashcheck/downloads/HashCheckInstall-2.1.7.exe
(single setup package for both 32-bit and x64 Windows)

source code: http://www.ktechcomputing.com/hashcheck/downloads/hashcheck-latest-src.7z

always latest version:
http://www.ktechcomputing.com/hashcheck/downloads/HashCheckInstall-latest.exe

Together with HashTab Windows Shell Extension
http://beeblebrox.org/hashtab/
http://beeblebrox.org/hashtab/hashtab2_setup.exe


Everest v4.60.1629 Beta

0 comments

Homepage: http://www.lavalys.com/forum/index.php?showtopic=3515&st=40

EVEREST v5.00 is not ready yet. But latest beta:

http://www.lavalys.com/beta/everestultimate_build_1629_bvk7jtzy0xc.zip

Universal Tcpip.sys Patch V1.0 Build 20090122

0 comments


x64 (64 bit) Windows


x86 (32 bit) Windows



Project Name: Universal Tcpip.sys Patch
Support OS: Windows XP/2003/2008/Vista/Windows 7, All SP*, All 32bit (x86) / 64bit (x64)
Author: deepxw#126.com
Blog: http://deepxw.lingd.net
http://deepxw.blogspot.com (English)

Increase the limited value of half-open (incomplete outbound) TCP connection.
"Universal Tcpip.sys Patch" is a File Patch. It direct modifies the file tcpip.sys on hard disk.

If you want to modify Tcpip.sys in memory, you can choose another tool "TCP-Z".

More information about tcpip.sys File Patch, you can visit:
http://deepxw.blogspot.com/2008/12/on-internet-there-are-all-kinds-of-tcp.html


Notes:

1) In 32-bits and 64-bits Vista / Windows 7, testsigning must set to on, don't try to disable it.
If "Test Mode" exists on the desktop, you can run "mcbuilder.exe" again to rebuild MUI cache. Or apply the patch once again.

2) In the Windows Server Edition, you can also find the limited value. However, this value is not active; the server will not compare this number.


History:
2009.01.22 V1.0.0.5
+ First release.

Homepage: http://deepxw.blogspot.com/

Download: UniversalTcpipPatch_20090122.zip
Mirror: TCPZ_20090108.zip

22 January 2009

Protection ID v6.1.6 (18th jan 2009) - Mixed New Reverse Engineering Stuff

0 comments
Protection ID 6.1.6

Core Code changes:

- new: enabled the PE Stuff dialog (still in early stages)
- new: smbios reporting added (misc tools portion)
- update: pid entrypoint code optimised
- update: updated resizing core, and squashed a few bugs
- update: false positive with some anti virus programs is now fixed (gdata and avast)
- update: folderwatch, task manager, cd/dvd filter driver report, services report and folder
locations all have right click context menus allowing the data to be saved to file
- update: uninstaller code tweaked - various fixes on some entries that would not uninstall
- update: update portion is now tweaked, a bit better and more futureproof
- update: windows 7 is now detected right and everything is functional (we are windows 7 compatible)

- bugfix: gui issue when run from context menu (log window will be shown)
- bugfix: file open doing nothing bug fixed - happened on WinXP with no service packs
- bugfix: folderwatch - bugfix in window handler, could have caused a lockup in 9x/me systems


detection additions / changes

- new: check_protectdisc.asm - added ProtectDisc exact v9.0.0, v9.1.0 & v9.2.0 detection
- new: check_g4wl.asm - added Games for Windows Live detection (xlive)
- new: check_steam.asm - added Steam (basic stub) detection
- new: check_activemark.asm - added ActiveMARK v6.50.767 detection

- new: check_breakpointcrypter.asm - added Breakpoint Crypter v0.0.79 detection
- new: check_expressor.asm - added exPresor v1.6.1 (Pro) detection
- new: check_fearzcrypter.asm - added fEaRz Crypter v2.2.0 detection
- new: check_hellcrypter.asm - added HellCrypter v1 detection
- new: check_kratoscrypter.asm - added Kratos Crypter detection
- new: check_npack.asm - added nPack v1.1.800.2008 + unknown version detection
- new: check_obsidium.asm - added Obsidium v1.3.6.1 detection
- new: check_pespin.asm - added PeSpin v0.1 (x64) detection
- new: check_rdgpack.asm - added RDG Pack Lite Edition v0.4 detection
- new: check_roguepack.asm - added RoguePack v4.0 Beta 1 detection
- new: check_rlpack.asm - added RLPack v1.21 detection
- new: check_simplecrypter.asm - added Simpl3 CrYpT3R detection
- new: check_xcrypter.asm - added X-Crypter v2.01 detection
- new: check_zprotect.asm - added in *generic* ZProtect detection

- new: dongle_softdog.asm - added SoftDog Dongle detection

- update: check_protectdisc.asm - removed protection level output (basic/pro) when detecting v9
(this version is all 'Pro', no more 'Basic' v9 games)
- update: check_activemark.asm - ActiveMark v6.1.335 detection rewritten
(thx Nacho_dj for reporting a bug in American McGee's Grimm Bundle)


CD/DVD/Image file/sector scan

- update: sector scan updated to handle various movie protections
(css/cpmm, cprm, aacs hddvd, aacs bd), this code is still in the experimental stage,
and needs testing, but seems to work

[I] Init cd/dvd sector scan for Drive O
[i] Detected CSS / CPMM Protection! (0x00000001)
[i] Region Lock Detected -> RegionBitMask: 00000002
[.] Region(s) allowed : 2 (Drive region will need to be changed, you have 2 changes remaining,
your current region is : 1)
- Scan Took : 0.828 Second(s)

- bugfix: fixed bug in cddvd sector scanning code (register got trashed) - not critical..

Homepage: http://pid.gamecopyworld.com/ProtectionID.html - http://pid.gamecopyworld.com/

Download: http://pid.gamecopyworld.com/ProtectionID_v6.1.6_2k9.rar
Mirror DDL: http://mods.xf.cz/dl/ProtectionID_v6.1.6_2k9.rar



-----------------------------------------


Themida - Winlicense ID 1.1 Support EXE / DLL / OCX
Author: goldsun

Supported versions: 1.0.0.8 - 2.0.5.0 or higher

Detects exact Themida-Winlicense version.
How to use: drag a themida protected file and drop it over the exe or use the PEiD plugin.

Download: Themida_Winlicense_ID.zip

-----------------------------------------


TheMida - WinLicense Info Script
, Show me the infos!

Author : LCF-AT
Environment : WinXP, OllyDbg V1.10, OllyScript v1.65.4
Date : 2009-20-01

========WILLST DU SPAREN,DANN MUßT DU SPAREN!=============

Hello together,

today I wanna share a new written script by me about to get some useful infos about TheMida / WinLicense protected targets.
-This script can get the exact version release year and the protection
-I also added to get the right section name,VA and name of the file summarized in nice message box for the user.
-Included diffrent search methods to get this informations for all TM / WL targets.

Homepage: http://kienmanowar.wordpress.com/category/re-tools/

Download: TheMida - WinLicense Info Script.txt 5.60 KB
DDL: http://mods.xf.cz/dl/TheMida - WinLicense Info Script.txt

-----------------------------------------



Exeinfo PE ver. 0.0.2.2 by A.S.L 470 sign 2009.01.10


Changelog:

compare gfx 3D RWA / Virtual Size section
added eof check - picture PNG format ( EOF ok - multi file scanner ) many similar info added ….
gfx rippers added ( BMP GIF JPG PNG )
overlay detector doc/msi/xls added [ ripper not included :-( ]
Header info Directory - new window added ( value bigger then 0000 are BOLD font )
many bug fixed , hints , copyClip fixed

470 signatures :

456. Free Pascal Lazarus Project v0.9.26 beta 2008-10-05 - http://sourceforge.net/projects/lazaru
457. DRPU Setup Creator v.2.0.1.5 ( C++ ) - www.setupcreator *ACM
458. ST Ultra Pack 2 v0.6s (2008.10.30) Created by Silent Software & Silent Shield - www.ssoft.wz.cz *ACM
459. Ionic Wind Software Compiler *EXE (Aurora 1.0 / Emergence Basic v1.67 ) - www.ionicwind.
460. Ionic Wind Software Compiler *DLL (Aurora 1.0 / Emergence Basic v1.67 ) - www.ionicwind.
461. Armadillo ver.4.20 min. compress - www.siliconrealms (exe)
462. GoAsm.Exe Version 0.56.4m - Copyright Jeremy Gordon 2001/9 - www.GoDevTool (exe)
463. Mew 10 packer v1.0 Coded by Northfox 2004.03.06 ( AVir : malicious packer ) - http://northfox.uw *ACM
464. www.elefun-games GameWrapper ( MSV C++ 8.0 ) v.1.0.0.1
465. RDG Tejon Crypter v0.4 ( MS VB 6.1 ) - www.rdgsoft.8k *ACM
466. NonstandarD - Microsoft Visual Basic 5.0 -6.x www.microsoft
467. DCrypt v.0.9b - drmist ( cryper )
468. HipACryp - 0.0.1 Coded By Departure! ( 2008.11.08 ) - www.Cheesydoodle *ACM
469. Armadillo ver.4.xx min. compress - Generic Detector - www.siliconrealms
470. Hying's PE-Armor v0.75 - www.ccg.org

DDL: http://mods.xf.cz/dl/exeinfope.zip
-----------------------------------------


IDA 5.4 beta
In addition to numerous small and not that small improvements, the new version will have hree debugger modules: bochs, gdb, and windbg, selectable on the fly (the active debugger session will be closed, though wink1.gif)

* With the bochs debugger, we offer three different worlds: run-any-code-snippet facility, windows-like-environment for PE files, and any-bochs-image bare-bone machine emulation mode. You can read more about this module in our blog: http://hexblog.com/2008/11/bochs_plugin_goes_alpha.html
* With gdb, x86 and arm targets are supported. Among other things, it is possible to connect IDA to QEMU or debug a virtual machine inside VMWare. We tried it iPhone as well. However, while it works in some curcimstances, there were some problems on the gdbserver side. With windbg, user and kernel mode debugging is available. The debugger engine from Microsoft, which is currently the only choice for driver and kernel mode debugging, can be used from IDA. It can automatically load required PDB files and populate the listing with meaningful names, types, etc. Speaking of PDB files, IDA imports more information from them: local function variables and types are retrieved too, c++ base classes are handled, etc.

The gdb and windbg debugger modules support local and remote debugging. We tried to make the debugger modules as open as possible: target-specific commands can be sent to all backend engines in a very easy and user-friendly way.

As usual, better analysis and many minor changes have been made. If you spend plenty of time analyzing gcc generated binaries, you’ll certainly appreciate that IDA handles its weird way of preparing outgoing function arguments. Now it can trace and find arguments copies to the stack with mov statements.

The new IDA will support Python out of box, thanks to Gergely Erdelyi, who kindly agreed the Python plugin to be included in the official distribution. In fact, the main IDA window will have a command line to enter any python (or other language) expressions and immediately get a result in the message window.

We will prepare the detailed list of improvements later this week.

Homepage: http://hexblog.com/2009/01/ida_v54_release_is_not_that_fa.html

Downloads:

ProtectionID_v6.1.6_2k9.rar 372.33 KB
Themida_Winlicense_ID.zip 19.46 KB
exeinfope.zip 534.44 KB

RatioMaster 2 Latest Beta | RatioBlaster Latest Version

2 comments


/ * RM2 is based on reverced engineered RatioMaster code.

Thanks a lot for Ratiomaster(the person) and JTS(plus all the others who helped build/run/test RM) for there grate work on RM. * /

/ * Why This?

The main dev of this program wanted to right this just for fun and learning. after all cheating the system is a lot of fun ;) * /

--Credits--

/ * Programming

me! phiscker(on www.moofdev.org/fourms) aka silentp33r (silentp33r.wordpress.com) * /

/ * Inspiration(lol)

zeebo * /

/ *Testing

zeebo
12345b
timmiychang
BigHead
abcabc
boom25
phonzie * /

Ratioblaster is a new spoofing program based heavily on ratiomaster with a whole bunch of new features:

• You can fake as many torrents as you wish while only one client is working
• consume less memory (because this does not use tabs)
• utorrent like UI
• skinnable
• automatic memory reader function
• have all most all the RM's features (like .client files made for RM, NRPG doesn't support these...)

And much more!

Visit us now @ Moofdev.org

SWF attachment files # 324 - 487 ( Oct 2008 - Jan 2009 )
Binary Release + all Plugins

Download content:
size - filename
======================================================
848 Azureus (Vuze)_3110.client
799 Azureus_2502.client
799 Azureus_2504.client
797 Azureus_3006.client
890 Azureus_3022.client
892 Azureus_3030.client
841 Azureus_3034.client
887 Azureus_3042.client
896 Azureus_3050.client
884 Azureus_3052.client
885 Azureus_3100.client
885 Azureus_3110.client
775 bitcomet 0.89.client
775 bitcomet 0.90.client
775 bitcomet 0.91.client
775 bitcomet 0.92.client
775 bitcomet 0.93.client
796 BitComet0103.client
663 BitSpirit3.1.0.077.client
663 BitTorrent 6.0.3 (8642).client
700 Deluge_0586.client
696 Deluge_0587.client
314.640 RatioBlasterB12.rar
382.931 RatioBlaster_Heb.zip
51.864 ratiomasterwt9.png
518.411 RBInstaller.exe
303.891 RM2.rar
662 utorrent 1.6 (474).client
675 utorrent 1.6.1 build (483).client
14.722 utorrent 1.8.0(all builds).rar
670 utorrent_1.6.1(489).client
670 utorrent_1.6.1(490).client
662 utorrent_1.6_(474).client
666 utorrent_1.7.0_build_(3265).client
666 utorrent_1.7.0_build_(3295).client
666 utorrent_1.7.0_build_(3341).client
666 utorrent_1.7.0_build_(3353).client
666 utorrent_1.7.1_build_(3360).client
666 utorrent_1.7.2_build_(3458).client
664 utorrent_1.7.3_build_(4470).client
666 utorrent_1.7.4_build_(4482).client
666 utorrent_1.7.5_build_(4602).client
666 utorrent_1.7.6_build_(7859).client
666 utorrent_1.7.7_build_(8179).client
686 utorrent_1.8.0_build_(10054).client
686 utorrent_1.8.0_build_(10085).client
686 utorrent_1.8.0_build_(10093).client
688 utorrent_1.8.0_build_(10181).client
688 utorrent_1.8.0_build_(10198).client
688 utorrent_1.8.0_build_(10364).client
688 utorrent_1.8.0_build_(10415).client
688 utorrent_1.8.0_build_(10431).client
688 utorrent_1.8.0_build_(10504).client
688 utorrent_1.8.0_build_(10524).client
688 utorrent_1.8.0_build_(11140).client
681 utorrent_1.8.0_build_(11200).client
681 utorrent_1.8.0_build_(11439).client
681 utorrent_1.8.0_build_(11464).client
681 utorrent_1.8.0_build_(11468).client
681 utorrent_1.8.0_build_(11549).client
681 utorrent_1.8.0_build_(11564).client
672 utorrent_1.8.0_build_(6102).client
672 utorrent_1.8.0_build_(6104).client
672 utorrent_1.8.0_build_(6171).client
672 utorrent_1.8.0_build_(6415).client
686 utorrent_1.8.0_build_(6723).client
686 utorrent_1.8.0_build_(7593).client
686 utorrent_1.8.0_build_(7660).client
686 utorrent_1.8.0_build_(7676).client
684 utorrent_1.8.0_build_(7785).client
684 utorrent_1.8.0_build_(7795).client
686 utorrent_1.8.0_build_(7834).client
686 utorrent_1.8.0_build_(7895).client
686 utorrent_1.8.0_build_(7928).client
686 utorrent_1.8.0_build_(8188).client
686 utorrent_1.8.0_build_(8205).client
686 utorrent_1.8.0_build_(8680).client
686 utorrent_1.8.0_build_(8682).client
686 utorrent_1.8.0_build_(8852).client
686 utorrent_1.8.0_build_(8855).client
686 utorrent_1.8.0_build_(8872).client
686 utorrent_1.8.0_build_(8891).client
686 utorrent_1.8.0_build_(8912).client
686 utorrent_1.8.0_build_(9137).client
684 utorrent_1.8.0_build_(9272).client
686 utorrent_1.8.0_build_(9360).client
686 utorrent_1.8.0_build_(9363).client
683 utorrent_1.8.0_build_(9578).client
686 utorrent_1.8.0_build_(9599).client
686 utorrent_1.8.0_build_(9704).client
685 utorrent_1.8.1_(build_12616).client
681 utorrent_1.8.1_(build_12639).client
685 utorrent_1.8_(build_11564).client
685 utorrent_1.8_(build_11705).client
685 utorrent_1.8_(build_11758).client
685 utorrent_1.8_(build_11813).client
0 ordnerliste.txt
97 File(s) 1.659.366 bytes - 1 temp
======================================================


Homepage:http://www.moofdev.org/
http://www.moofdev.org/ratioblaster
http://www.moofdev.org/ratiomaster

Download all files:
rm.zip 1.55 MB - DDL: http://mods.xf.cz/dl/rm.zip

Source code: http://ratiomaster2.googlecode.com/files/RatioBlaster.source.code.release.1.rar
Older public Version: http://www.moofdev.org/download/RatioMaster-1.7.5.zip
SVN Repo: https://ratiomaster2.googlecode.com/svn

Google Project: http://code.google.com/p/ratiomaster2

Archive