This tut is to Unlock Hardware dependent lock on newer versions
that don't have shoooo's bug ;) (Thanks shoooo for that great tut!)
Target : WLCrackMe1990 PK.exe with a license
Packer : WL 1.9.9.0 (Tested with 2.0.4.0)
Plugins Needed : Phant0m
Load the program, and press F9 until the User and company MessageBox Appears
Now search on memory, all block of 0x2000 of size, finding
the license decruypted
Now, put HWBP on access on 0x1A and on 0x25 and reload program
Press F9 many times until reach the decrypt of the bytes
from 0x00 to 0x22 of the license file
Once you are in there, press F9 until you reach this opcode on
VM
0059CFD2 8803 MOV BYTE PTR DS:[EBX],AL
(this can change on others, specilly the registers)
Now press F9 two times
Again press F9 4 times
Follow in dump EDI, and change the BYTE from 0x01 to 0x00
If we are in the correct path, te next time we press F9, EAX register
will hold the value 0x1A of our Locense File
Got it, now on WL section we search all modified data
that contains 0x01
0x5534F3
Nice, only one value, on others there is more than one
Now change it to zero, and press F9, if a MessageBox
saying tat this sofware only accpets Hardware Licenses
you are on the rigth path!!
Nice!, now put a HWBP o access on the 0x5534F3, delete the
others, and restart the program
Press F9 until you reach a PUSH instruction
Now follow in dump the BYTE with the HWBP and change it to zero
And now press F9 until it launch!
Got the message, we are on right path!
Now its unlocked!
Hope you like this, is my first tut
Tut Made by Deathway!
看过此文后操作wl2.01版本以下均没有问题,测试wl2.0.5版本还是无法通过,是否这个方法还是有局限性。
[培训]《安卓高级研修班(网课)》月薪三万计划,掌握调试、分析还原ollvm、vmp的方法,定制art虚拟机自动化脱壳的方法