New Member
Good job! I did the same. The files in pro version not corrupted but missing pe header or something like that. I monitoried all actions of DevX (demo/pro) by procmon.exe. .. I find pieace of code that you might be interested. I wrote it in pm to you
The entire program DevX using advanced math operations which i do not understand
I believe you can do it
and do you have originals for which version of DevXUnity Unpacker Magic Tools? It's just that the Russians have already hacked some new version.
Lurker
I found a way to decrypt the strings in the dll using d4dot and it still work:
de4dot-x64 DevXUnityUnpackerTools.dll --strtyp delegate --strtok 06008B5C --strtok 06008B59 --dont-rename
make sure to use the --dont-rename so that it will continue to work.
The two addresses are the two string description methods one for the static strings.
With that you can start to look for the URL address and trace down to get rid of all the strange web checks.
New Member
and do you have originals for which version of DevXUnity Unpacker Magic Tools? It's just that the Russians have already hacked some new version.
I have some my downloaded versions from internet.
https://mega.nz/#!I7...9UTxwE7A69sVTw4
And original actual verison is here (Setup)
http://devxdevelopme...lsDemoSetup.zip
Versions releases from 4pda not exist .. Maybe after registration on 4pda forum .. Somewhere 
New Member
I found a way to decrypt the strings in the dll using d4dot and it still work:
de4dot-x64 DevXUnityUnpackerTools.dll --strtyp delegate --strtok 06008B5C --strtok 06008B59 --dont-rename
make sure to use the --dont-rename so that it will continue to work.
The two addresses are the two string description methods one for the static strings.
With that you can start to look for the URL address and trace down to get rid of all the strange web checks.
Really good work 
How did you find those addresses? Thanks for all.
New Member
I have some my downloaded versions from internet.
https://mega.nz/#!I7...9UTxwE7A69sVTw4
And original actual verison is here (Setup)
http://devxdevelopme...lsDemoSetup.zip
Versions releases from 4pda not exist .. Maybe after registration on 4pda forum .. Somewhere
Yep, it's just specific of 4pda forum I download last cracked version from 4pda (2.71) and las release vesrion (5.06) here you are.
https://mega.nz/#!kM...GYRCidsbLpgfHm4 - 5.06
https://mega.nz/#!4Y...VSjbK0yTqTK7hnU - 2.71 cracked.
Lurker
Really good work
The trick is to look for them in dnspy, it is huge file with all the encrypted strings, it wont be hard to find when you are tracing through the code since every single call needs a string from here unless you have renamed it will be called:
internal class \u0020\u000A\u0020\u000A\u000A\u0020\u0020\u000A\u000A\u0020\u0020\u0020\u0020\u000A\u0020
Then just look for how these strings get translated back into a readable format, and right above the name of the method is the Token/RVA/File offset, that is what you put in the command. I just followed the dedot tuts on it, basically it will call that function then replace the string and remove the call to that function.
eibweN
eibweN
New Member
Shall I run Wireshark to intercept URL verification addresses?
Yes Use Wireshark to catch server ip adress, request and response. Maybe you'll be lucky. If he did not use SSL.
New Member
Hi again guys, I had been reading original topic at 4pda from beginning to end right now (If someone don't know, there are DevxUnity developer himself moderate it and of cuz there is no cracked or full version). But I found some interesting info from himself and from other forum members:
first of all. He said that of cuz anybody who want it can test defence of program and try to crack, but he is not responsible for the consequences for the safety of the computer after this, he also hinted that program has much layers of defense and often checking folder from where executable is load and compare other files from default installation folder state.
After that someone from topic give to others good avice. Firstly he marked that at launch program send much info's to server like username, hardware info, OS version etc (By the way Zennolab software has same type of defence nowaday) and depending on server response software choose to continue launching or not. After he added that program has very much undeclared functionality like delayed power off your PC, deleting files from it folder, opening links, and much more which he not found yet).
But he also give a hint how to protect from this behaviour. You need to do some simple actions:
1) add to HOSTS file "127.0.0.1 devxdevelopment.com" this line.
2) launch simple js script(node.js).
Sign In
Create Account
var http = require('http');
var url = require('url');
var StringDecoder = require('string_decoder').StringDecoder;
http.createServer(function (req, res) {
console.log(req.method + ' ' + req.url);
res.writeHead(200, { 'content-type': 'text/html; charset=utf-8' });
var chunk = '';
if (req.url.startsWith('/Product/CheckNewVersion')) chunk = 'Answer:4.27';
else {
if (req.url !== '/AnaliticCode/AddToAnaliticCode' && req.url !== '/AppSecurityUnpackerTools/Ping' && !req.url.startsWith('/License/VerifyLicense') && req.url !== '/UnityMetadata/AddUnityMetadata'){
console.log('Oops...something unhandled. Debug info:\n',req.headers);
}
chunk = 'OK';
}
console.log(chunk);
res.write(chunk);
res.end();
}).listen(80);
Summarize all that I want to recomend you using VMWare when you trying to do something with this program (free image of win10 for vmware you can find on Microsoft official site, I will post link at the end), and if possible every VMWare Win10 launch generate new virtual hardware to avoid unpleasant surprises.
https://developer.mi...edge/tools/vms/ - link to download win10 image (choose version of Win and VM)
Users browsing this thread:
Nulled is a community where you can find tons of great leaks, make new friends, participate in active discussions and much more.
