Armadillo Memory Patch Trick
Tools Required:
Winhex
Target Software : Ghost Dreader v1.0 by ghost
1 x valid registration details including hardware fingerprint for target software
This "trick" can be applied to almost any of the armadillo protected software that uses the hardware fingerprint feature.
If you use this trick with other software remember you need a known set of registration details for that software, reg details are not cross compatible with any other armadillo protected software unless the authors do so!! (Not very likely)
Meaning of "known registration details", you need the hardware fingerprint + name + key to be able to use the software. The details must be correct for that software as they will not work on newer
Lets get started, or retarded either way you will manage this
First install the target ghost dreader software.
Run software; leave it running at this screen as shown (IMPORTANT: do not close this window, or it will not work!)
write down the hardware fingerprint as shown, down on paper or to a text file on your desktop as you will need this information to complete the process.
You will need to use your own hardware fingerprint so write it down ;)
Now keep the registration window open and running do not close until the tutorial tells you so this step is most important.
Now run winhex , you will see a startup options window open on screen if so then great you can skip the next part about how to start if this window doesn't show Its written in blue for those having trouble ;)
If you don't see this screen when you run winhex then here's how to start it the other ways, if you click on the small chip icon on the top taskbar in winhex or go to the tools drop-down menu at the top and select "Open RAM".
I might add that ALT+F9 will also have the desired results and will work quicker if you don't like the sound of the other ways to get this window open .
Once you manage to get the above instructions worked out you will see this screen below with the Edit Virtual Memory window open and ready for us to select a branch on this tree.
Find the second Gdreader5v0.exe instance (our target software) and click on it to expand the tree-like structure above, select entire memory then click OK (as shown)
For those using this method with other target software, its almost always the second instance of the target programs name you need to click on to expand and then select entire memory.
After you click ok you will see on your screen loads of numbers and stuff you might not like the look of as per below screenshot
Now go to the search and replace hex values option as shown in screenshot below :
Now you will see a window appear like shown below appear in front of you
The first box contains the current hardware fingerprint reversed for example current hardware fingerprint in this machine is 065E-0887 this becomes 8708-5E06 as in the screenshot above but without the "-".
Replace with box is where we put the known valid hardware fingerprint details, same as the current hardware fingerprint we need to reverse it.
The known key details hardware fingerprint is 04C1-110E so we reverse it as shown in the above screenshot and get 0E11-C104 without the "-".
Click on ok, winhex should now replace those details as required and tell you it has been replaced 2/3 times confirmation window should pop-up.
Now if the values have been replaced ok with the nice message window saying it has worked then quickly open the enter key window backup
Now enter the known details into the enter key window
Your known registration details should now store and run the software without any known side-affects.
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法
