Hello,
I am mirroring the old version of the program on nulled, but it is pretty outdated. so, i need a full crack for the program in the title (this got requested alot but i don't have enough knowledge for it)
So, here is the full version link (with a license check)
ExeinfoPE:
The app wont launch until user disables internet connection (checks for license when pc is connected to the internet)
The cracking progress is kinda dead, use the older version or use assetstudio from github.
IF I SEE ANY OF YOU REPLYING THANK YOU OR SIMILAR STUFF I WILL REPORT YOU FOR BEING A LEECHER. YOU ARE SHARING YOUR PERSONAL DATA WITH DEVELOPER WHEN YOU RUN THIS PROGRAM.
Set your date to 10 April 2017 and disable program's access to Internet before opening the program or the program will print a message saying this version is obsolete.
Current progress:
Eddy420, on 14 Mar 2018 - 9:00 PM, said:
Hello community Nulled.to
I'm new in disassembling. I tried to unpack this program. Without success. :@But I found the methods that were used to protect the program. The program is written in C #. Starts loading the assembly into memory. And yes, the loader is written in C ++. But the loader for the DEMO version of the program is written in C #. All parts of the program are protected by Inquartos Obfuscator. If you can break this program, I'll pay. Here this: http://netobf.com. I never see this methods never before.
How the program load1) Loads the file 8DAFE878 / or similiar from the folder where the program is started. To the byte array
2) Moves bytes in byte array. According to a certain template (the template must be known)
3) Unpack the modified byte field by the Gzip method
4) Unpacked byte array is loaded into memory. And that's how the program is open.
What I tried.Get the program out of memory - still protected
Decompile with different programs. But the result was unreadable methods and strings! I used the programs: Net Reflector, GrayWolf, ProccesMonitor, de4dot, Net Dumper, ApiMonitor, SimpleAsemblyExplorer, DnSpy and more ...
Please anyone who can break Inquartos Obfuscator and know to using IDA, OllyDgb. Please contact and help me
The Inquartos Obfuscator is the procedure to validate your license. Use the DevXUnityUnpackerStudio-License.plic file in the%AppData%\ Local folder. This security program also detects the presence of cracking tools in your system. Verifies the license on their server.This is reconstructed from file 0000000000 in DEMO verrsion.
https://cache.nulled...f.cz/unpack.jpgUnpacked by rewrite this procedures witten in C#
https://pastebin.com/G1f3DELn
Thats all i know... :/ Not much i know. I Will try again again.. !Eddy420 (I apologize for any mistakes in text , im from Czech Republic)
Eddy420, on 23 Mar 2018 - 7:56 PM, said:
Good news everyone I get some code of this DevXUnpacker. I think, this is important piece of code to reverse DevXnpacker.
How i get code? I set %temp% folder only read/write attributes. But no deleting files allowed.
DevXUnpacker extract this code from files in statrup folder to %temp% and compile it , and inject as dll with random name to DevXUnpacker.
And this is code:
https://pastebin.com/bzAWZHYB
And this is compilled dll at DevXUnpacker runtime:
https://mega.nz/#!42...KBvPwsiQTqdd8ik
And this is registry from my PC created by DevXUnpacker at runtime
https://mega.nz/#!dq...kgehQcsdbmlI5m8
I hope that code finnaly will help you to deobfuscate DevXUnpacker. Please help me with rename dnSpy.exe to something else. Because DevXUnpacker able to find process with name dnSpy.exe and not working if process started. Simple antidebugger protection.
Thats all i know
hprnv, on 24 Mar 2018 - 11:46 PM, said:
It's me again. I install for research usual demo version (DevXUnityUnpackerToolsDemoArchive-5.6) and found that in demo vesrion .exe file just obfuscated usual .net file But. there using same way to load dll etc, and I found that if we open .exe in dnspy without cleaning by de4dot and set breakpoint to entry point so we will see some things.
1) Runtime code loading from file '000000000' which is located in same folder with .exe
2) This file hardly can be called crypted, cuz it is just array of compressed XORed bytes. Which we can reverse back with simple selfmade console application.
3) File which we get after this manipulation is one more library which is using by this software. By the way file is too crypted by inqObfuscator, I'm trying now to maximum deobfuscate it
p.s. I will attach 000000 file, my program.cs for reverse it, and resulting obfuscated library.
By the way, that archive from zippyworld with "full" version. What is it?? There are very strange exe files...looks like they already was "broken".
https://mega.nz/#!RJUClK7T!LNpmkuKXHhrCa3R2rWeGPQFW7TRVSBxi80CT-Nzytxs - 00000000.
https://mega.nz/#!wJlm1TAL!qRmcBNFiIRukGRMyMKAgVvx4ny5-jn5ehnOyCmXWN68 - program.cs
https://mega.nz/#!URdC3aYK!VGff4aIFHz4nA2fInPWGpbXD8jm52JZn9Gtdj8D5N4Y - resulted.dll
Eddy420, on 25 Mar 2018 - 04:13 AM, said:
I have some my downloaded versions from internet.
https://mega.nz/#!I7...9UTxwE7A69sVTw4
And original actual verison is here (Setup)
http://devxdevelopme...lsDemoSetup.zip
Versions releases from 4pda not exist .. Maybe after registration on 4pda forum .. Somewhere
hprnv, on 26 Mar 2018 - 7:34 PM, said:
Hi again guys, I had been reading original topic at 4pda from beginning to end right now (If someone don't know, there are DevxUnity developer himself moderate it and of cuz there is no cracked or full version). But I found some interesting info from himself and from other forum members:
first of all. He said that of cuz anybody who want it can test defence of program and try to crack, but he is not responsible for the consequences for the safety of the computer after this, he also hinted that program has much layers of defense and often checking folder from where executable is load and compare other files from default installation folder state.
After that someone from topic give to others good avice. Firstly he marked that at launch program send much info's to server like username, hardware info, OS version etc (By the way Zennolab software has same type of defence nowaday) and depending on server response software choose to continue launching or not. After he added that program has very much undeclared functionality like delayed power off your PC, deleting files from it folder, opening links, and much more which he not found yet).
But he also give a hint how to protect from this behaviour. You need to do some simple actions:
1) add to HOSTS file "127.0.0.1 devxdevelopment.com" this line.
2) launch simple js script(node.js).var http = require('http');var url = require('url');var StringDecoder = require('string_decoder').StringDecoder;http.createServer(function (req, res) { console.log(req.method + ' ' + req.url); res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' }); var chunk = ''; if (req.url.startsWith('/Product/CheckNewVersion')) chunk = 'Answer:4.27'; else { if (req.url !== '/AnaliticCode/AddToAnaliticCode' && req.url !== '/AppSecurityUnpackerTools/Ping' && !req.url.startsWith('/License/VerifyLicense') && req.url !== '/UnityMetadata/AddUnityMetadata'){ console.log('Oops...something unhandled. Debug info:\n',req.headers); } chunk = 'OK'; } console.log(chunk); res.write(chunk); res.end();}).listen(80);Summarize all that I want to recomend you using VMWare when you trying to do something with this program (free image of win10 for vmware you can find on Microsoft official site, I will post link at the end), and if possible every VMWare Win10 launch generate new virtual hardware to avoid unpleasant surprises.
https://developer.mi...edge/tools/vms/ - link to download win10 image (choose version of Win and VM)
hprnv, on 26 Mar 2018 - 9:08 PM, said:
Guys, I got some luck today, at least it looks like. I succeeded to get fully encrypted and clear executable file. Take a look. there some interesting methods about crypting packing etc
https://mega.nz/#!ddlVlTzB!7MZY09bI_ymSEBeQl8ha35qkqdt7hLkzKCptRq-07IQ unpacked exe file.
hprnv, on 28 Mar 2018 - 8:25 PM, said:
So...there is nothing mystical or fantastical hard actually. For example look at DevXUnityUnpackerRun.exe, this is just 18kb executable and all his work just to load content from 000000 file as array of bytes, decrypt them (as crypting in them used simple XOR), and resulting data will be simple zipped c# assembly, unzip it in a stream, load as assembly, and invoke entrypoint call that's all, with this simple steps file 000000 become working c# assembly. It's a very simple example, usually obfuscating has much and one after one levels of crypting data...like separately crypt strings, methods, class names. making (automatical by obfuscate software) fake code branch and conditions to confuse you, or for example in the long run you can face to situation when you you will not see any working branch of codes, but when you run it, some sequence of actions will make this code work to surprise you Or for example you will spend much time to find strings which are used for decrypt, but they will just using call methods from some native libraries which will return this strings inside of them. Or situation like with our first archive of devxunpacker which at first look have a file and folders structure typical for any .net project, but if you scan that .exe with any pescan then you must have seen that it idents like a c++ file. And it's also just a way to hide real code by mark static methods at class tree like a methods for export and then wrap it all at win32 skin, just for what would you be when will see c++ at pescan instead of the expected .net There are very much difference ways and techniques to hide executable code and confuse those who want to get it. It's like challenge. Developer hide, reverse enginner trying to get. just don't rush and carefully analyze files which you get to reverse and step by step approach your goal. All technical details you can easily find at google, I don't know all hints and methods of obfuscating and just analyze => google new information => try to reverse => repeat That's all
I don't see any forums anymore, except 4pda which now don't trying to reverse for obvious reasons. Very rarely I came across forums on which some people have shown interest to get new cracked version, but only at the search level who would do it for them. I think that cracked version certainly exist and exist forums where others as well as we try to Ñrack it, but they sitting at darkweb, and by the way make the right decision. At such types of forum you can hide messages, and just for specific users it will be accesible and they haven't chance that software owner will read their messages and in each new release fixing vulns in defence and in that way reducing their efforts to none. And if someone already has cracked version of course he will not leak it to public. Reasons same as in the last proposal.
Impossible! This is method which probably counting the name of the file where it writes user data!
Russian answers that i dont understand
DevXUnityUnpackerMagicTools v4.32
Another
Ð’ общем, что каÑаетÑÑ XML, Ñ Ð´ÑƒÐ¼Ð°ÑŽ он нужен только Ð´Ð»Ñ Ð¿Ð¾ÑÑ‚Ñ€Ð¾ÐµÐ½Ð¸Ñ Ñтруктуры дерева реÑурÑов (там где цифра 1)
выглÑдит он примерно так (только Ñ Ð±Ð¾Ð»ÑŒÑˆÐ¸Ð¼ количеÑтвом нод), в завиÑимоÑти от верÑии Unity.<?xml version="1.0" encoding="utf-8"?><UnityClassTypeTree unity_version="xxx.xx.xx" unity_type_version="xx" platform="x" baseDefinitions="x"> <Type classID="28" className="Texture2D" scriptID="" typeHash="XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX-XXXX"> <node type="string" name="m_Name" size="-1" index="8" isArray="0" metaFlag="0x00008001" serializedVersion="1"> <node type="Array" name="Array" size="-1" index="9" isArray="1" metaFlag="0x00004001" serializedVersion="1"> <node type="int" name="size" size="4" index="10" isArray="0" metaFlag="0x00000001" serializedVersion="1" /> <node type="char" name="data" size="1" index="11" isArray="0" metaFlag="0x00000001" serializedVersion="1" /> </node> </node> </Type></UnityClassTypeTree>Возможно Ñто вообще не важно, но при попытки ÑкÑпорта говорит "СÑылка на объект, не указывает на ÑкземплÑÑ€ объекта", что за ÑÑылка и на какой объект Ñ Ð¿Ð¾ÐºÐ° не знаю.
Там где цифра 2 ничего не отображаетÑÑ, думаю проблема примерно та же.
Ð’ общем, оÑтанавливатьÑÑ Ð½Ð° Ñтом XML не Ñтоит, тот array что подпиÑан как XML выглÑдит так:<?xml version="1.0" encoding="utf-8"?><UnityClassTypeTree/>Ð’ÑÑ Ð¾ÑÑ‚Ð°Ð»ÑŒÐ½Ð°Ñ Ð¸Ð½Ñ„Ð¾Ñ€Ð¼Ð°Ñ†Ð¸Ñ Ð² него попадает позже.
Ðа то что напиÑано в логе тоже не Ñтоит обращать вниманиÑ.
------Russian answers that i don't really understand--------
This man only provided ss and not the good stuff
Hi All i have done massive change in the app and was able to mange and bypass all of the server requests. but still some issues.
See my progress in below link
https://drive.google...Hz62ntbJB6MID9e
I have cracked the software but need from the guy who had posted the link of DevXUnityUnpackerMagicTools_432_Pro. I need the original licence you have used while registering the app. in this way i will put it on my local server, I have managed to divert all of the traffic to my local server, And let me show you screenshot
https://drive.google...5_rFPSx_OErfecq
And he needed key, but wait somebody actually donated the key (Maybe? Nobody knows what)
I will buy the full version sometime around this week and send you the serial key. I just need to verify you're active on this forum
The list might be incomplete.
Edited by snipah, 04 January 2019 - 06:50 PM.