LostGamerz
Basic Decryption Tutorial 1296785282
LostGamerz
Basic Decryption Tutorial 1296785282
LostGamerz
Would you like to react to this message? Create an account in a few clicks or log in to continue.



 
HomePinoy VendeTaLatest imagesRegisterLog in

LostGamerz :: Coding Section :: Coding and Programming
 

 Basic Decryption Tutorial

Go down 
AuthorMessage
Crowd™
Administrator
Administrator
Crowd™


Join date : 31/01/2011
LostPoints : 10383
Thanks & Rep : 28
Posts : 229
Age : 33
Location : 6ret
Warning Level : Basic Decryption Tutorial WarningBar-Gloss1

Basic Decryption Tutorial Empty
PostSubject: Basic Decryption Tutorial   Basic Decryption Tutorial Icon_minitimeSun Aug 05, 2012 4:00 am
Required : OllyDBG, unpacked runnable, clean MRS.exe

IF IT DOESNT WORK FOR YOU, DON'T BLAME ME.

Step 1


1.Run OllyDBG.exe and open the client you wish to decrypt's unpacked runnable.
2.Hit Ctrl + G and type in 00538691 and hit OK.
It will look like this

Code:
MOV AL,BYTE PTR DS:[ECX]
NOP
NOP
NOP
NOP
NOP
NOP
MOV BYTE PTR DS:[ECX],AL
INC ECX
DEC ESI
JNZ SHORT thedueli.00538691

Using Zephyr's MRS custom encryption method, the decryption code should look like this :

Code:
MOV AL,BYTE PTR DS:[ECX]
ROR AL,X                                // X = 1-7
XOR AL,X                                // X = 1-255
ADD AL,X                                // X = 1-255
XOR AL,X                                // X = 1-255
SUB AL,X                                // X = 1-255
NOP
MOV BYTE PTR DS:[ECX],AL
INC ECX
DEC ESI
JNZ SHORT thedueli.00538691


Okay. We're done here. Leave OllyDBG's window open with the code above.

Step 2

1.Open up MRS.exe in a different OllyDBG window.
2.Hit CTRL + G and type in 00401100 and hit OK.
Result should look like this :

Code:
MOV AL,BYTE PTR DS:[ECX+ESI]
MOV DL,AL
SHR DL,3
SHL AL,5
OR DL,AL
INC ECX
NOT DL
MOV BYTE PTR DS:[ECX+ESI-1],DL
CMP ECX,EDI
JB SHORT mrs2.00401100

3. NOP everything starting from MOV DL,AL to INC ECX, and NOT DL.
4. Change MOV BYTE PTR DS:[ECX+ESI-1],DL to MOV BYTE PTR DS:[ECX+ESI-1],AL
5. Move INC ECX a byte further.
If you have done everything above, it should look like this :

Code:
MOV AL,BYTE PTR DS:[ECX+ESI]
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
NOP
INC ECX
NOP
MOV BYTE PTR DS:[ECX+ESI-1],AL
CMP ECX,EDI
JB SHORT mrs2.00401100

Great.
Leave this OllyDBG window open.


Step 3


1.Go to your unpacked runnable opened by OllyDBG on first step.
2.Hit Ctrl + G and type in 00538693 and press OK.
3.Right click that address. You'll get a menu. Select
Binary > Binary Copy.
4.Go to your opened OllyDBG window containing our modded MRS.exe.
5.Hit Ctrl + G and type in 00401103 and press OK.
6.Hit Ctrl + E, uncheck Keep size, and go to HEX +00.
7.Delete everything on HEX +00, and hit Shift + Insert.
8.Press OK.
9.Right click any address, select Copy to Executable > All Modifications. Hit Copy All.
A new window should appear.
Right click any address on the new window, and select Save File.
name your file and save it.

Congrats! You now have your MRS.exe ready for decompiling.
Back to top Go down
https://pinoyvendetta.forumtl.com
 
Basic Decryption Tutorial
Back to top 
Page 1 of 1
 Similar topics
-
»  Basic Decryption Tutorial
» Java guides and basic tutorials
» C# Tutorial - How To Open New Forms
» Easy -Swf - Tutorial (For Bym Or Any Game)
» VB 6.0: Tutorial, Making a Port Scanner

Permissions in this forum:You cannot reply to topics in this forum
LostGamerz :: Coding Section :: Coding and Programming-
Jump to: