|
|
|
|
#1
05-03-2004, 06:37
|
|||
|
|||
|
I don't know stripper, sorry.
Did stripper automatically fix the imports? If not you have to do this with ImpRec for example and its possible that you have to set the new oep with a pe-editor. Edited: Just downloaded stripper  Ok, it fixes the imports, but it will not repair stolen bytes. So you have to do this by hand. Better search for a few tutorials which explain this better. Last edited by bLACK oUT; 05-03-2004 at 06:55. 
|
|
#2
05-03-2004, 15:55
|
|||
|
|||
|
Here's OEP and stolen bytes for ya. Hope it helps.
00573E64 55 PUSH EBP 00573E65 8BEC MOV EBP,ESP 00573E67 83EC 10 SUB ESP,10 00573E6A 53 PUSH EBX 00573E6B B8 A8405700 MOV EAX,G6FTPAdm.005740A8 Edit: This is for the Remote Admin .exe btw.
|
|
#3
05-03-2004, 16:19
|
||||
|
||||
|
Interesting thread, i'd been looking at this target myself, but the CORE crack seems to be working fine here. Also i've been looking at how CORE crack works, and i like the way they have used dll injection to change a jmp in the service and also write out a 02 byte to set from trial to standard mode.
What i couldn't figure was the memory address that this 02 byte is written to didn't seem to be read by service? (at least my bpm 0xadress rw in softice didn't seem to be hit) I assume this is some kind of aspr variable that main program access. Also stripper worked fine on remote admin exe for me, but like OP said it didn't work on service (but as black_out says it only fails on stolen bytes), so it was enough for dissasembly... -- bedrock
|
|
#4
05-03-2004, 20:34
|
|||
|
|||
|
Hi bedrock,
the core patch ruined SSL, first you need to create an SSL certificate and then a new domain. When you add a new domain then there comes an error message. You will not be able to add domain until all SSL certificates are deleted. Thats the problem... So i would like to fix this problem when i use an other approach to patch it. Also remote Admin runs fine here unpacked...  The problem is the service...Cheers, neogen 
|
|
#5
05-03-2004, 21:16
|
||||
|
||||
|
Hi neogen,
I already have a domain with implicit SSL enabled and it's running fine here, but i tried what you said and create new domains, but they also created ok. I'm not sure how core patch would break ssl, as they only added a new section to the original ssl dll, with one additional import in it, which loads import from lic.key (which is really a PE file) and runs the patch code to change one jmp @ 0x490776 and write 0x02 to 0x4bd4f8, now i understand jmp from dissasembly of service. Maybe a different value from 0x02 will make a pro version instead of just standard version, but i have tried a few different values, and it not seem to workout -- bedrock Last edited by bedrock; 05-03-2004 at 21:19.
|
|
#6
05-04-2004, 02:40
|
|||
|
|||
|
Hi bedrock,
ich got no domain running and all things are plain installed. Then the error comes on my machine here. Its a Windows XP Pro english with SP1. I don't know if the error comes on all machines, but i have some friends which also tried it and they can reproduce the error with plain empty settings. So i will try to make another patch which changes the service and not the SSL dll. Its only for fun. I will try to use the shareware for adding first domain and then try the patched out. Thanks for the help, but who can help me with unpacking the service exe, without killing the service itself? I will try the lesson with ollydbg and imprec next hours when i'm back at home. Cheers and thanks for the fish, neogen
|
|
#7
05-04-2004, 02:46
|
|||
|
|||
|
AsprDbgr_build_101.exe makes good dumped of it... just make sure to kill the server and open it with the debugger.. when you see the finish message with ? then you'll able to dump with Lordpe find/set OEP and fix Imports with Imprec. and all done ...by the way i saw today TSRh team released a CRACKED exe for this one without using any dll to crack it... try that one...
|
 |
| Thread Tools | |
| Display Modes | |
|
|
Hybrid Mode
