Post: Any reverse engineers out there???
05-31-2020, 08:33 AM #1
2110davy2110
Save Point
(adsbygoogle = window.adsbygoogle || []).push({}); Hey there, I have a game hack tool that people are selling accounts annd keys for.

below I have provided screenshots of when I open the exe and the screens it present me with.

Here is what PiD provides me;

*File Compression State : 0 (Not Compressed)

File Type : 32-Bit Exe (Subsystem : Win CUI / 3), Size : 2886148 (02C0A04h) Byte(s) | Machine: 0x14C (I386)

Compilation TimeStamp : 0x5AD0B076 -> Fri 13th Apr 2018 13:28:22 (GMT)

[TimeStamp] 0x5AD0B076 -> Fri 13th Apr 2018 13:28:22 (GMT) | PE Header | - | Offset: 0x000000F8 | VA: 0x004000F8 | -

[LoadConfig] Struct determined as v8 (Expected size 140 | Actual size 64)

[LoadConfig] CodeIntegrity -> Flags 0x9A00 | Catalog 0x5A83 (23171) | Catalog Offset 0xA57C65D0 | Reserved 0x5A839A00

[LoadConfig] GuardAddressTakenIatEntryTable 0xA57C65FE | Count 0x5ACCD49C (1523373212)

[LoadConfig] GuardLongJumpTargetTable 0x5ACCD4B0 | Count 0x5A839A00 (1518574080)

[LoadConfig] HybridMetadataPointer 0xA57C65FE | DynamicValueRelocTable 0x5A839A00

[LoadConfig] FailFastIndirectProc 0xA57C65D8 | FailFastPointer 0x5A839A00

[LoadConfig] UnknownZero1 0xA57C65FE

[File Heuristics] -> Flag #1 : 00000000000001001101000000000000 (0x0004D000)

[Entrypoint Section Entropy] : 0.30 (section #0) ".text " | Size : 0x1F9CF4 (2071796) byte(s)

[DllCharacteristics] -> Flag : (0x8140) -> ASLR | DEP | TSA

[SectionCount] 4 (0x4) | ImageSize 0x4D6000 (5070848 ) byte(s)

[ModuleReport] [IAT] Modules -> KERNEL32.dll | USER32.dll | GDI32.dll | ADVAPI32.dll | WS2_32.dll | msvcrt.dll | COMCTL32.dll

[!] File appears to have no protection or is using an unknown protection

- Scan Took : 0.531 Second(s) [000000213h (531) tick(s)] [506 of 580 scan(s) done]*

-
-

And here are some screenshots of OllyDBG and IDA

(https://imgur.com/a/u2SX9Ol)


-
-

EXE SCREENSHOTS:
(https://imgur.com/a/FOjjZsr)

-
-

If anyone has advanced knowledge on how to crack this type of authentication or remove it completely, would be highly apreciated!

**I can provide the exe to anyone who asks**
Last edited by 2110davy2110 ; 06-01-2020 at 10:25 AM.
07-25-2020, 08:54 PM #2
Parxdy
Rookie
I know a little bit. I could probably help

Copyright © 2024, NextGenUpdate.
All Rights Reserved.

Gray NextGenUpdate Logo