From:SND
Version 9.60Beta1, 09-01-2013
Changelog (official):
- No changes
Changelog (unofficial):
- Arma now encrypts sensitive data as 'stolen keys', 'projectID', 'website', 'customer service', 'intercepted libraries' and 'public certificate data'
- Arma 'fixed' the old inline method
- Arma is now around 100%-200% slower when loading protected files (compared to 9.40)
This encryption I mentioned is actually just a NextRandomRange(256) XOR encryption. The seed of this is is not (as far I can see) a result of the NextRandomDword function.
To not make it too easy for us (eg: Decrypt(crypted_buffer, seed, size)) they added 'random' constants that are added between various encrypted data (crypted_ptr+=addval[0]). This constant is based on a 'random' value (based on the same seed as the salt, magic1, magic2) and it's ANDed with 0xF (in my example target) to make it a little smaller (between 0 and F lol)
Inline patching: instead of local variables (ebp-??) the calculated crcs (that need to be replaced) are now stored in a global variable. this will make it ways harder to crack. lol
ECDSA patching also becomes a challenge now, just get the seed at the start of the lvl10 data, calculate a rnadom range buffer and xor it with the stuff you wanna replace it to beat this protection.
About the slower thing: probably more encrypted stuff (I only checked dynamic things, no extraction of security.dll for example)
I did not check thoroughly on the unpacking side really, but Armadillo.exe with the following protection options:
Protection Options:
>Debug-Blocker + CopyMem2
>Enable Import Table Elimination
>Enable Nanomites Processing
>Enable Memory-Patching Protections
Backup Key Options:
>Main Key Only, No Backup Keys
Compression Options:
>Best/Slowest Compression
SoftICE Detection:
>Normal/No SoftICE Protection
Splash Screen:
>No Splash Screen
Version Number:
>9.60Beta1
Raw Values:
>E5C30A5E (Raw Options)
>0002A030 (Extra Options)
http://siliconrealms.com/armadillo.php