23 January 2009

New Unpacking Stuff

for Themida protected programs [some thermida files can show by some versions of thermida protector positive virus alerts]

this tools can possible restore some files packed with this protector to unprotected original conditions

tmdunpacker.rar 586.19 KB
Tmdunpacker_TheMida_Winlicense_Unpacker_ 584.71 KB
Detemida1005.rar 106.81 KB
TMD/WL Script for 1.9.0.0-2.0.3.0
TMDScript_1.9.6.0_ver_0.8_beta.txt
TheMida - WinLicense Info Script.txt
Themida---WinLicence-1.x.x---2.x.x-CodeEncrypt-Repair.txt
Themida Winlicense ID +peid plugin

http://www.elitepvpers.de/forum/epvp-coders/
http://reversengineering.wordpress.com/category/tools/page/2/

for Armadillo protected programs [some thermida files can show by some versions of thermida protector positive virus alerts]

this tools can possible restore some files packed with this protector to unprotected original conditions

ArmaCRC-1.4.1.zip 74.56 KB
ARMA.INTRUDER.0.4
ARMACRC.V1
ARMADETACH.V1
ARMADETACHME
ARMADILLO FIND PROTECTED V1
ARMADILLO KILLER 2
ARMADILLO REDUCER 1.7
ARMADILLO.DLL&OCX
ARMADILLO.SECTIONS.STRIPPER.1.22
ARMADILLO_KEY_GENERATOR 1
ARMADILLOCLEANER
ARMADILLOTOOLS V1.2
ARMADUMPER.V1
ARMAEV
ARMAUNPACK
ARMINLINE V0
DEATTACHER
HWID_CHANGER V.0
LOADER-10
MM_DILLODIE_V1
NANOMITES.KILLER.BY
UIF-FINAL-PLUS
UIF-V1.2stable
UNARM
ArmaGeddon v1.1.0 by Condzero
ArmaGeddon V1.2g by Condzero
ArmInline v0.96f (Eng)
ArmKiller v1.2.1 Tool by TLG_XQuader
http://h47z.lefora.com/2008/10/15/all-armadillo-tools-2008-04-05/
Armadillo Unpacking Tools serie 2
http://h47z.lefora.com/
http://h47z.lefora.com/lethal/blog/
http://reversengineering.wordpress.com/
AoRE-Unpacker-0.4.rar 462.57 KB
P3 Explorer v1.99R5 (support now remove obsolete debuginfo from compiled emule.exe)

Please share successful cleaned filesharing tools files

7 comments:

Anonymous said...

Hmm i can't understand why you want unpack our mods. I've already told you that we protect our work because seba change all links and copied our utorrent hex mods because his own one sends wrong announces before.
If someone has a problem to use our mods because they are packed it's not our problem...

Recon said...

Virus alert with this packers. Checksum and Hash to the file no protectors needed. Please look by self the protected prozess how it does consume mem/cpu much more as not protected. Performance loose and if u got a wrong version of protector it can be real positive.

No one here interested to change links of homepages in software. No callhomes in use. If other site does hack a hack just because of homepage thats cheating faking others work.

My blog is to share files original once. Hack only if authentification or limits are inside, its not by sbi so there is nothing to change just security is importand. User want clean stuff

Anonymous said...

We test each relese beore we posting it and the cpu&mem usage isn't much more like in the original one.
You are right with the problem about the virus alerts but that's the price we must pay to protect our work. Show us a safe packer without that problem and we will use it.
We have no problem if someone post our mods on his site, but if i see that seba has more downloads on his site with our changed or copied mods which looks that we've created them for him and earn money with them because his blog is full with advistement i can't accept it...
Checksum and Hash isn't a solution because the most people don't know how they can check it and so it's unintersting for them...

Recon said...

hide tools and process dump see dump so or so but who makes the same thing if its already done if it will be not hidden and could be on your own blog/portal frontpage?

Things i will do to get visitors and promote own page:

a) final versions put on your own blog
b) set a support/discussion link under it to the forum
c) wait a few weeks and check your site stats from your own blog/website frontpage comes in to your discussion forum.
No one will call spammer cause thouse who sign up to forum are interested in this stuff and want discussion about it.

Just my idea nothing more

All that needs that be for sure software is clean from av or siteadvisor and opera + ms browser have other filter can scan hosted files and blacklist whole webdomains if files not safe from AV's

Anonymous said...

i can understand that you are angry or whatever but telling how to unpack mods is a point to make people over at SBI also angry.

Recon said...

Don't believe the php wordpress download counters are showing the right numbers. Sometimes they jump suddenly to unreal numbers. Alexa sitestats also dont match the calculation of the site.
Not that I have anything against the site but :
1. the mods written Authentification is hacked, dont have anymore auth since ages. {TronYx}
2. the site wordpress have taken (could say stolen but lets let it say shared) our Auth crack for Blackstar and run the crack over the mod so that all mean the other site, we speak about did hack it.
Since this Im very angry. Nor with a message here (we have 2000 - 3500 unique visitors/day} the site did correct it at least a credit or link to us - Nothing as ignorance. This is somewhat unfair. Can just hope people not that stupid.
3. All Dlarge mods (older mods) are faked there. Encrypted and splashscreen shanged. Hard to found ever the rela once cause the fake spread in the ed2k net too.
This with the ads on link is clever, it skip siteadvisor.com link hosting check + rar pass. I use adblock so I dont see the ads but I can guess there are ads. I never do ads and earning from other mans work and host for free the files. It should be the freehost only to put ads for hosting. Remove ads from software is good to do ads free software but then put on site, whats that? Not understandable the philosophie of it.

The custom protector packer from Team TE should work.
Most AV's can scan it and don't show false positive.

Some commercial packer/protector from other sites as the origin homepages, Im by self not sure if they have something unwanted added.

Recon said...

If not unpacking to clean. The best you can do, program Authors by your emule mods should write/contact the AV Firms and tell/ask them why they have list some of your files as Viruses. Request a manually re-analyze and that they should remove 'false positive' in them AV databse from your software.
Hexedited and Cracks maybe they won't but eMule c# programmed and packed mods.
It can takes weeks.
This step I will do first.
I will also ask by the AV firms some support if they dont remove it and its clean, which protector they accept and sending them by analyse the files unpacked, protected, packed the same file with done with different packers. See what they say and do.

Post a Comment

We would appreciate if you as readers of our blog, show us some feedback by signing up to this site with Friend Connect.
This will encourage us to publish updates in the future.

Archive