• XSS.stack #1 – первый литературный журнал от юзеров форума

Crack .exe (protected by old yoda crypter)

Отслеживать
kozak deex

kozak deex

ripper
КИДАЛА
Регистрация
23.04.2022
Сообщения
175
Реакции
29
Пожалуйста, обратите внимание, что пользователь заблокирован
Hello Reversers

i have a requests if anyone can crack that exe..that protected by old yoda crypter
and im not good in reverse
that crack is old "collector"
i just wonder how it payload work on duol mode

"IF ANYONE CRACK AND EXTRACT THAT SOURCE CODE . I WILL SURE BUY A COFFEE FOR YOU "

dropmefiles.com

DropMeFiles – free one-click file sharing service

Share your pictures, send large videos, exchange music or transfer big files. No registration required. Unlimited upload/download speed.
dropmefiles.com dropmefiles.com
 
Пожалуйста, обратите внимание, что пользователь заблокирован
kozak deex сказал(а):
Hello Reversers

i have a requests if anyone can crack that exe..that protected by old yoda crypter
and im not good in reverse
that crack is old "collector"
i just wonder how it payload work on duol mode

"IF ANYONE CRACK AND EXTRACT THAT SOURCE CODE . I WILL SURE BUY A COFFEE FOR YOU "

dropmefiles.com

DropMeFiles – free one-click file sharing service

Share your pictures, send large videos, exchange music or transfer big files. No registration required. Unlimited upload/download speed.
dropmefiles.com dropmefiles.com
This is using a commercial protector called virtual machine protect, not "yoga crypter"
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Dextority сказал(а):
This is using a commercial protector called virtual machine protect, not "yoga crypter"
but packer detecter shows yoda crypter
..will you able to Crack bro??
 
pd is not updated since 2017 so it's mostly unreliable for newer packers.
also, it was never good at detecting .net obfuscators.
the best detector for .net obfuscators was de4dot, that is also outdated as of now.

this said, i can give you the pseudo source code if you want, but not be scammed by this "NCP" team...
Their "crack" is not more than a hardcoded "patch" with some strings that you put in the two boxes.

Below you can see the only two relevant devirtualized methods as proof of unpacking, once the shitty crypter protections they applied to the program are bypassed.

Advice: go for a real stealer, if you want to get into business. The build they include in the program would be flagged as malicious as soon as it touches the disk.

Regards

/NR

1669451455326.png


Edit: If you really want to use this...just use the "crack" only twice, since is a static patch.
Put some recognizable values inside the boxes and build.
Then compare the two binares with an hex editor.
The differences will let you know where to patch if you want to craft another sample.
(Hint: the two values are strings...so when editing in an hex editor, pay attention to the encoding and to not overwrite the last 1 or two 00 bytes, otherwise the program will crash)
(Hint two: i didn't analyze the embedded Collector Stealer, so I can't be sure of what it does, but there's a .ru domain hardcoded in it, and it isn't part of the patch so...again...go for a real stealer).

/End
 
Последнее редактирование:
Пожалуйста, обратите внимание, что пользователь заблокирован
Nucl3eaRReact0r сказал(а):
pd is not updated since 2017 so it's mostly unreliable for newer packers.
also, it was never good at detecting .net obfuscators.
the best detector for .net obfuscators was de4dot, that is also outdated as of now.

this said, i can give you the pseudo source code if you want, but not be scammed by this "NCP" team...
Their "crack" is not more than a hardcoded "patch" with some strings that you put in the two boxes.

Below you can see the only two relevant devirtualized methods as proof of unpacking, once the shitty crypter protections they applied to the program are bypassed.

Advice: go for a real stealer, if you want to get into business. The build they include in the program would be flagged as malicious as soon as it touches the disk.

Regards

/NR

Посмотреть вложение 46748

Edit: If you really want to use this...just use the "crack" only twice, since is a static patch.
Put some recognizable values inside the boxes and build.
Then compare the two binares with an hex editor.
The differences will let you know where to patch if you want to craft another sample.
(Hint: the two values are strings...so when editing in an hex editor, pay attention to the encoding and to not overwrite the last 1 or two 00 bytes, otherwise the program will crash)
(Hint two: i didn't analyze the embedded Collector Stealer, so I can't be sure of what it does, but there's a .ru domain hardcoded in it, and it isn't part of the patch so...again...go for a real stealer).

/End
Bro i Really appreciate your hard work
i dont need for business and malware purpose ..i know alot free abd paid stillers here ..but malware is not my purpose and its some called of betting to my friends ,,if you share this source code i will be gratefull and affcourse buy some coffee for you♥️❤️❤️
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Nucl3eaRReact0r сказал(а):
A good reaction would be a good starting point to show appreciation for my hard work...
im not good in reverse bro
if you help on it..surely i give a small donation worth 60$
please drop tg or discord
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх