17 Sep 2016

How to use Advance Loader Generator

I received so many messages E-mail about "How to use Advance Loader Generator". So here I am for giving a wonderful tutorial about using it.

Details :

I maked some rectangles over options and given them name 1,2,3..7 etc. Now here is meaning of them.

1 : This option is used to select target file. It is a mandatory option every time we try to make a loader it must be selected.

2: Process finder. This option is for pro users. It is the method to find target with three different methods. Simple, Child Process and Advance. Most of time we use only Simple.

3 : This option is for icon. We can set an user defined icon for our loader. Icon must be of 32x32 pixel.

4 : This option is used for wait feature here we can set when our patch will injected into our target.

5 : This button is for generating loader.

6 : These buttons are used for Add, Remove, Edit our patches. Here is one more option file comparing. You can compare the original and your patched file to get modified bytes.

7 : This option is most important option for patching VMProtect, SafeEngine, Enigma and other packers after checking this option loader will wait until it find a window of the target when window find it inject all bytes.

Here I am trying to make Loader for VMProtected target for this I have added old bytes new bytes and patching VA in that dialog box.

All done
Now its time to generate our loader. You can see the picture what i have done. Aftet doing this just press Generate and locate where you want to save your loader.

If you encountered any problem just comment below. I will try me best to answer your questions.

Some Important Links:

 Advance Loader Generator
 Process Patchers and Loaders
 How to use dUP 

8 Sep 2016

Process Patchers and Loaders

So many peoples are always asking me "How to Create Loader". Basically in RCE language Loader is called process patcher. Its useful when target is protected by some program packer. Like Themida, The Enigma Protector, VMProtect or Armadillo etc.

What is Loader/Process Patcher?

        Loader is a small executable file which is coded by some cracker who want to crack a program. Loader is always created for packed programs. Its create target process and wait until target is decrypt in memory when target is decrypted loader patch it.

How to make it?

        Most of time we need to create it manually because some packer use different types of checksum. So for deal with it you can program your own loader in Delphi, MASM, C++, etc. I already posted source code for Delphi. If packer is common i mean like VMProtect, The Enigma Protector, Themida etc. Then you can use Advance Loader Generator or dUP. I am also posted a tutorial about "How to Make Loader using dUP." You can find it in previous posts.

Why loader is useful?

       Some times size of main executable is so high. So it is painful send it to another pc. So in that case we use loader because it sizes only 10-50 KB. So size is main thing. Secondly I told you before the packers protection.

Some useful links:

         Loaders and Process Patchers
         How to create loader using dUP
         Download Advance Loader Generator 
         How to create Loader is Delphi 

6 Sep 2016

OllyScript Tutorial

This article is written for some newbie reverser who wan't to create a ollydbg script for automated task in ollydbg. 

Introduction :

OllyScript is a plugin in OllyDbg that enables to automatize some tasks via a script. Several scripts exist to automate the identification of the OEP in a packed executable. You can find lot of script on internet. Tuts4you is one of the best community for letest scripts. Basically OllyScript is best for newbie to unpack a program by the script that found on internet.

What is OllyScript?

OllyScript is a plugin for OllyDbg, which is, in my opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. OllyScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. By using this plugin you can write a script once and for all. 

Example Script :

I am posting a short script for unpacking UPX packed program. I also described why I used that command on script. 
This is the simplest Ollyscript tutorial to demonstrate how to write Ollydbg script.

var hwdBP     // Local variable to store hardware breakpoint
var softBP     // Local variable to strore software breakpoint
sti                  // Step into F7 command
findop eip, #61#          // find next POPAD
mov hwdBP, $RESULT         // Store $RESULT to hardware breakpoint local variable
bphws hwdBP, "x"           // Set hardware breakpoint (execute) on the next POPAD
run           // Run F9 command
findop eip, #E9????????#          // Find the next JMP
mov softBP, $RESULT           // Store $RESULT to software breakpoint local variable
bp softBP
run           // Run to JMP instruction
sti         // Step into the OEP
cmt eip, "<<>>"
msg "OEP found, you can dump the file starting from this address"

This is an example script. It can find the OEP of UPX packed program. You just have to dump it and fix it.
I have also attached the link of a Help file where you can find the list of all ollyscript commands. Comments are most welcome. You can ask where you didn't understand.
Help File

Gautam Kumar

3 Sep 2016

Falcon Box 1.8 Cracked


Today I am going to post a video proof of Falcon Box 1.8 crack. I cracked it just for education as We know there is too many cracker in the GSM market so I think I should stop cracking GSM related sofwares so I am leaving the GSM cracking field for a while. It is my last video proof for crack. hope you guys will enjoy every crack.

Protection Details:

Newer version of Falcon Box protected by Enigma 5.40 It is a nice protector with a unique VM (Virtual Machine) system. There is some internal checkups in setup file. Some checksum's are really good. Checking server every time when going to do some job. Extra protection on ADB tab. overall a nice protection system by Falcon box team.

Advice for Cracker:

Cracker should firstly try to make patches to start the program.  There is some checksum near FormShow procedure. You should find the VA for server checkup for this you can use IDR (by crypto). After start you need to do some really hard work to make it fully functional.

Users who is waiting for it:

First of all I am not gonna share it so don't aspect it from me. Maybe in future some other cracker will crack it and release it. You must wait for release.

Why is posted it?

I have posted it because I got many emails, messages, etc. that I can't crack falcon box newer version this is for them who think i am not a reverser.

Video and Photo proof:


I also made a video of it Video link is Given Below.
Watch Now

Psycho GSM Destroyer