frekdz
2018-03-28, 06:31 AM
link
rgho.st/7plXXS5MQ
A.Instalations:
-ultraedit 19 sau 20 or any
-HHD Hex Editor Neo 15.3 sau 15.4 or any
-ultraiso or soft for mount iso as daemon tools or alcohol or else
-winDDK vers 7 default see GRMWDK_EN_7600_1.ISO monted for example with ultraiso
-drivers 6.65 or 6.56 or 6.23 or any version below
-usbtrace 2.4.3 same generation as decodor even though works well with 2.7 manybe 2.8, too
-copy vmprotect2.03 in c: or install 2.12.3 or 2.13
-copy emu665 in c:
B.Fill in or changes in files data.h and data.reg
-use h5dmp.exe or DumperGUI.vmp.exe hasp hl and introduce in data.reg and for srm and decode dmp file of srm and use reg file generated for hasp hl
-delete \ in the ends of RW si RO made srm2mult v1.2
-in some editors exist options Ctrl+Shift+Alt and select with mauseu the text column or exist hex to c.
-erase last , in front of };
or transform bins of memories made with dampodecoder 1.4, 1.5 in cpp files
Atention at specific name SRMRW and SRMRO depending of verion of emulator in data.reg!
-with VIDToolsV2 or vid.exe sau or kidkid tool find aes, vendor and passwords
or from memory exe/dll dumps find matrix with passwords, vendor ID and vendor AES key Or se decode file *.hvc extracted.
-in hex of exes/dlls dumped or not, can be search after hex vendorid inversated or not or using debuger IDA PRO 5.5 sau 6.x
-file biger then 600 KB hasp_windows_vendorID.dll maybe uses api whitebox or is codated/packed
-usbtrace log parser/decoder v.1 or better 2 is used for decoding usbtracelogs. If there are very more logs
then results can be input in microsoft excel, lay, sorte, compare and repeating lines to be eliminated r and result copy back in data.h
folderul numit melotld1 aflat in c:\, se urmeaza explicatiile si pasii din el si in sub folderul numit final vor aparea rezultate
-input functions, vendor aes key, features and pairs rezulted after decrypting / decoding of logs and dumps
-for F4FF and F5FF take memoris RW and RO of SRM
-extract pairs A/Q16 with rtQAExtractorV2.0 from dumps of executable or dll made by petools - click left up then clicks below on exe or dll
If there is envelope error message with emulator then make new dumps of dlls or/ and exes files in memory and find next tables.
-in file USBKeyEmu.c check existence of needed features used and if is necessary, add them for exemple those named 0600, 0700 etc.
C.Compilation - building of sys files
-in file USBKeyEmu.c to delete for win x64 bits // or to be added // in front of #define MM64
x86
-also in that file can be deleted or added // in in front of:
//#define LARGE_TABLE // for working with bins aesmode3 67 89 48
you can search path and change as you wish
#ifdef LARGE_TABLE
static WCHAR FILE_PATH[] = L"\\??\\c:\\windows\\system32\\drivers\\QA";
can be
#ifdef LARGE_TABLE
static WCHAR FILE_PATH[] = L"\\??\\c:\\QA";
then delete before the // 2 slashes
//#define PROTECTION //pentru legarea de pc a emultorului prin linia host id in reg file
and it remains:
#define PROTECTION //pc tied emulto by the line hostid in reg file
-for x86 desarchive here arhiva sourcesX32.rar and for 64 bits desarchive here sourcesX64.rar with winrar
-click on icon coresponding to Free Build Environment X86, X64 or ia64
cd\emu665 press Enter
or cd.. Enter
cd nameoffolder
nameoffolder can be emu665 or else folder
or directly
cd\nameoffolder_emulator and press key Enter/Return
write build /cze and press Enter
it will be created objfre_win7_x86 with subfolder and sys in
change windows explorer options to see/unhide known extensions of files
sau folderul corespunzator de 64
C:\ti142doar ca emulator 64 cu table bins\objfre_win7_amd64\amd64
D. vmp - protection by exe from vmprotect.ultimate.v.2.03 see !! settingX86.jpg
copy file vusbsrm.vmp.sys near devcone file and delete from name .vmp /rename it.
P.S. for hasp hl basic use drivers below 6.65 for example 6.63
if you compile it with winddk 700 will not get errors,
if you compile with visual c++ then will get many error cause of inapropriate libraries.
need to instal winDDK vers 7 default so download free from net GRMWDK_EN_7600_1.ISO monted for example with ultraiso
and also instal drivers 5.90
input data in data.h, in data.reg, and maybe have to add also features in c file
go in cmd, cd so that reach to name temporar of emulator folder (o copy of emu590) and execute command build /cze
rgho.st/7plXXS5MQ
A.Instalations:
-ultraedit 19 sau 20 or any
-HHD Hex Editor Neo 15.3 sau 15.4 or any
-ultraiso or soft for mount iso as daemon tools or alcohol or else
-winDDK vers 7 default see GRMWDK_EN_7600_1.ISO monted for example with ultraiso
-drivers 6.65 or 6.56 or 6.23 or any version below
-usbtrace 2.4.3 same generation as decodor even though works well with 2.7 manybe 2.8, too
-copy vmprotect2.03 in c: or install 2.12.3 or 2.13
-copy emu665 in c:
B.Fill in or changes in files data.h and data.reg
-use h5dmp.exe or DumperGUI.vmp.exe hasp hl and introduce in data.reg and for srm and decode dmp file of srm and use reg file generated for hasp hl
-delete \ in the ends of RW si RO made srm2mult v1.2
-in some editors exist options Ctrl+Shift+Alt and select with mauseu the text column or exist hex to c.
-erase last , in front of };
or transform bins of memories made with dampodecoder 1.4, 1.5 in cpp files
Atention at specific name SRMRW and SRMRO depending of verion of emulator in data.reg!
-with VIDToolsV2 or vid.exe sau or kidkid tool find aes, vendor and passwords
or from memory exe/dll dumps find matrix with passwords, vendor ID and vendor AES key Or se decode file *.hvc extracted.
-in hex of exes/dlls dumped or not, can be search after hex vendorid inversated or not or using debuger IDA PRO 5.5 sau 6.x
-file biger then 600 KB hasp_windows_vendorID.dll maybe uses api whitebox or is codated/packed
-usbtrace log parser/decoder v.1 or better 2 is used for decoding usbtracelogs. If there are very more logs
then results can be input in microsoft excel, lay, sorte, compare and repeating lines to be eliminated r and result copy back in data.h
folderul numit melotld1 aflat in c:\, se urmeaza explicatiile si pasii din el si in sub folderul numit final vor aparea rezultate
-input functions, vendor aes key, features and pairs rezulted after decrypting / decoding of logs and dumps
-for F4FF and F5FF take memoris RW and RO of SRM
-extract pairs A/Q16 with rtQAExtractorV2.0 from dumps of executable or dll made by petools - click left up then clicks below on exe or dll
If there is envelope error message with emulator then make new dumps of dlls or/ and exes files in memory and find next tables.
-in file USBKeyEmu.c check existence of needed features used and if is necessary, add them for exemple those named 0600, 0700 etc.
C.Compilation - building of sys files
-in file USBKeyEmu.c to delete for win x64 bits // or to be added // in front of #define MM64
x86
-also in that file can be deleted or added // in in front of:
//#define LARGE_TABLE // for working with bins aesmode3 67 89 48
you can search path and change as you wish
#ifdef LARGE_TABLE
static WCHAR FILE_PATH[] = L"\\??\\c:\\windows\\system32\\drivers\\QA";
can be
#ifdef LARGE_TABLE
static WCHAR FILE_PATH[] = L"\\??\\c:\\QA";
then delete before the // 2 slashes
//#define PROTECTION //pentru legarea de pc a emultorului prin linia host id in reg file
and it remains:
#define PROTECTION //pc tied emulto by the line hostid in reg file
-for x86 desarchive here arhiva sourcesX32.rar and for 64 bits desarchive here sourcesX64.rar with winrar
-click on icon coresponding to Free Build Environment X86, X64 or ia64
cd\emu665 press Enter
or cd.. Enter
cd nameoffolder
nameoffolder can be emu665 or else folder
or directly
cd\nameoffolder_emulator and press key Enter/Return
write build /cze and press Enter
it will be created objfre_win7_x86 with subfolder and sys in
change windows explorer options to see/unhide known extensions of files
sau folderul corespunzator de 64
C:\ti142doar ca emulator 64 cu table bins\objfre_win7_amd64\amd64
D. vmp - protection by exe from vmprotect.ultimate.v.2.03 see !! settingX86.jpg
copy file vusbsrm.vmp.sys near devcone file and delete from name .vmp /rename it.
P.S. for hasp hl basic use drivers below 6.65 for example 6.63
if you compile it with winddk 700 will not get errors,
if you compile with visual c++ then will get many error cause of inapropriate libraries.
need to instal winDDK vers 7 default so download free from net GRMWDK_EN_7600_1.ISO monted for example with ultraiso
and also instal drivers 5.90
input data in data.h, in data.reg, and maybe have to add also features in c file
go in cmd, cd so that reach to name temporar of emulator folder (o copy of emu590) and execute command build /cze