Sunday, May 10, 2015

Unturned v2.2.5 ESP/Box C# Source

Here is a source code of some simple (fast!) boxes and ESP



Do not ask me how to use this, if you are after sources you should be able to figure it out yourself!

This ESP/Box Class is written by me but you're free to steal it since it's not entirely functional at some occasions

The Drawing class is not written by me, credits goes to whoever created it
 
Tags:
Unturned hack free download working cheat link exploit 2.2.5 2.2.4 2.2.3 2.2.2 unturned-hacks hacks cheats multiplayer v2.2.5 v2.2.4 v2.2.3 v2.2.2 hack download link trainer download link unturned hacks unturned hack version2 steam VAC ESP ESPBoxes globeriz VAC3 VAC2 Unturned cheats pvp PvE zombie wireframe wirebox boxframe wire collider renderer Renderer Unturned ESP Sourcecode source src Dll CSharp-Assembly dll CSharp UnityEngine Collider Game Hacks Game Cheats Trainers downloads unity code game indie
Posted by at No comments:

Thursday, January 22, 2015

HD Video Converter Factory Pro Analysis (Incomplete)

[Serial Routine]

Get Serial Length (result as EAX)
00945998   . E8 6384B5FF    CALL VideoCon.0049DE00

Comparing Serial Ptr with 0 (NULL)
0094599D   . 837D 98 00     CMP DWORD PTR SS:[EBP-0x68],0x0

If zero, output "Please input Registration Code!"
009459A1   . 75 61          JNZ SHORT VideoCon.00945A04
009459A3   . 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-0x8]
009459A6   . BA C05E9400    MOV EDX,VideoCon.00945EC0                ;  UNICODE "Please input Registration Code!"

Checking serial length (EAX = UNICODE serial)
00945A43   . 8945 BC        MOV DWORD PTR SS:[EBP-0x44],EAX
00945A46   . 837D BC 00     CMP DWORD PTR SS:[EBP-0x44],0x0 ;compare first wchar_t of serial with null char
00945A4A   . 74 0B          JE SHORT VideoCon.00945A57
00945A4C   . 8B45 BC        MOV EAX,DWORD PTR SS:[EBP-0x44]
00945A4F   . 83E8 04        SUB EAX,0x4
00945A52   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
00945A54   . 8945 BC        MOV DWORD PTR SS:[EBP-0x44],EAX
00945A57   > 837D BC 08     CMP DWORD PTR SS:[EBP-0x44],0x8 ;compare serial length with 8
00945A5B   . 7D 0D          JGE SHORT VideoCon.00945A6A
00945A5D   . 8D45 EC        LEA EAX,DWORD PTR SS:[EBP-0x14]
00945A60   . BA C45F9400    MOV EDX,VideoCon.00945FC4                ;  UNICODE "00000000"
00945A65   . E8 5E31ACFF    CALL VideoCon.00408BC8

Checking serial format
00945A6A   > 8B55 EC        MOV EDX,DWORD PTR SS:[EBP-0x14] ;EDX = UNICODE serial
00945A6D   . B8 E45F9400    MOV EAX,VideoCon.00945FE4                ;  UNICODE "VC-"
00945A72   . E8 F942ACFF    CALL VideoCon.00409D70 ;int UnicodeStringSearch (returns pos of substring found in src string)
00945A77   . 48             DEC EAX
00945A78   . 75 26          JNZ SHORT VideoCon.00945AA0 ;FAIL! (thus, pos of "VC-" must be 1, i.e. start of serial)
00945A7A   . 8B55 EC        MOV EDX,DWORD PTR SS:[EBP-0x14]
00945A7D   . B8 F85F9400    MOV EAX,VideoCon.00945FF8                ;  UNICODE "-HDP"
00945A82   . E8 E942ACFF    CALL VideoCon.00409D70
00945A87   . 83F8 03        CMP EAX,0x3
00945A8A   . 75 14          JNZ SHORT VideoCon.00945AA0 ;FAIL! (thus, pos of "-HDP" must be 3, i.e. serial starts with "VC-HDP")
00945A8C   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-0x14]
00945A8F   . 66:8378 0C 42  CMP WORD PTR DS:[EAX+0xC],0x42 ;cmp first wchar_t right after "VC-HDP" with "B"
00945A94   . 74 70          JE SHORT VideoCon.00945B06
00945A99   . 66:8378 0C 41  CMP WORD PTR DS:[EAX+0xC],0x41 ;cmp first wchar_t right after "VC-HDP" with "B"
00945A9E   . 74 66          JE SHORT VideoCon.00945B06
00945AA0   > 8B15 3CC3A500  MOV EDX,DWORD PTR DS:[0xA5C33C]          ;  VideoCon.00B1118C  ; FAIL jmp
00945AA6   . 8B12           MOV EDX,DWORD PTR DS:[EDX]

Comments: valid serial start with "VC-HDPA" or "VC-HDPB"
A: perpetual license | B: timed license

After verifying serial format
00945B06   > 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-0x14]
00945B09   . 66:8378 0C 42  CMP WORD PTR DS:[EAX+0xC],0x42 ;case "A" or "B" distinction
00945B0E   . 0F85 BF010000  JNZ VideoCon.00945CD3 ;jump if case "A"
case "B": //We use a test serial: VC-HDPB1234567890ABCDE
DateTime Conversion
00945B14   . 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-0x18]
00945B17   . 50             PUSH EAX                                 ; /Arg1
00945B18   . B9 0A000000    MOV ECX,0xA                              ; |
00945B1D   . BA 09000000    MOV EDX,0x9                              ; |
00945B22   . 8B45 EC        MOV EAX,DWORD PTR SS:[EBP-0x14]          ; |
00945B25   . E8 9A40ACFF    CALL VideoCon.00409BC4                   ; \VideoCon.00409BC4 ;Get substring pos=9 len=10
00945B2A   . 8D45 8C        LEA EAX,DWORD PTR SS:[EBP-0x74]
00945B2D   . 50             PUSH EAX                                 ; /Arg1
00945B2E   . B9 05000000    MOV ECX,0x5                              ; |
00945B33   . BA 06000000    MOV EDX,0x6                              ; |
00945B38   . 8B45 E8        MOV EAX,DWORD PTR SS:[EBP-0x18]          ; |
00945B3B   . E8 8440ACFF    CALL VideoCon.00409BC4                   ; \VideoCon.00409BC4 ;Get substring pos=6 len=5

Short Summary: Extract 7890A

00945B40   . 8B45 8C        MOV EAX,DWORD PTR SS:[EBP-0x74]
00945B43   . 8D55 E8        LEA EDX,DWORD PTR SS:[EBP-0x18]
00945B46   . B9 01000000    MOV ECX,0x1
00945B4B   . E8 2041ACFF    CALL VideoCon.00409C70
00945B50   . 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-0x18]
00945B53   . B9 05000000    MOV ECX,0x5
00945B58   . BA 0B000000    MOV EDX,0xB
00945B5D   . E8 AA40ACFF    CALL VideoCon.00409C0C
00945B62   . 8D45 88        LEA EAX,DWORD PTR SS:[EBP-0x78] ;param1 = [1F85E4] = 0x0
00945B65   . 8B4D E8        MOV ECX,DWORD PTR SS:[EBP-0x18] ;param3 = "7890A23456"
00945B68   . BA 60609400    MOV EDX,VideoCon.00946060 ;param2 = 0x24
00945B6D   . E8 E23EACFF    CALL VideoCon.00409A54
00945B72   . 8B45 88        MOV EAX,DWORD PTR SS:[EBP-0x78]
00945B75   . 33D2           XOR EDX,EDX
00945B77   . E8 4CD7ADFF    CALL VideoCon.004232C8
00945B7C   . 99             CDQ

00945B7D   . 8945 C0        MOV DWORD PTR SS:[EBP-0x40],EAX
00945B80   . 8955 C4        MOV DWORD PTR SS:[EBP-0x3C],EDX ;sign of EAX
00945B83   . FF75 C4        PUSH DWORD PTR SS:[EBP-0x3C]             ; /Arg2
00945B86   . FF75 C0        PUSH DWORD PTR SS:[EBP-0x40]             ; |Arg1
00945B89   . 8D45 E8        LEA EAX,DWORD PTR SS:[EBP-0x18]          ; |
00945B8C   . E8 27D5ADFF    CALL VideoCon.004230B8                   ; \VideoCon.004230B8

00945C66   . DD5D D8        FSTP QWORD PTR SS:[EBP-0x28]
00945C69   . 9B             WAIT
00945C6A   . DD45 D8        FLD QWORD PTR SS:[EBP-0x28]
00945C6D   . DC5D D0        FCOMP QWORD PTR SS:[EBP-0x30]
00945C70   . 9B             WAIT
00945C71   . DFE0           FSTSW AX
00945C73   . 9E             SAHF
00945C74   . 72 0F          JB SHORT VideoCon.00945C85 ;jump if below (invalid)
00945C76   . DF6D C0        FILD QWORD PTR SS:[EBP-0x40]
00945C79   . DC45 D0        FADD QWORD PTR SS:[EBP-0x30]
00945C7C   . DC5D D8        FCOMP QWORD PTR SS:[EBP-0x28]
00945C7F   . 9B             WAIT
00945C80   . DFE0           FSTSW AX
00945C82   . 9E             SAHF
00945C83   . 73 4E          JNB SHORT VideoCon.00945CD3 ;jump if above (valid)
00945C85   > A1 D0CAA500    MOV EAX,DWORD PTR DS:[0xA5CAD0] ;FAIL!
...
00945CA6   . BA 70609400    MOV EDX,VideoCon.00946070                ;  UNICODE "The license code has been expired! ...

Common Serial Checking Routine
//We use a test serial: VC-HDPA1234567890ABCDE
00945CD3   > 8B15 3CC3A500  MOV EDX,DWORD PTR DS:[0xA5C33C]          ;  VideoCon.00B1118C
00945CD9   . 8B12           MOV EDX,DWORD PTR DS:[EDX] ;U"C:\Users\Globeriz\Documents\WonderFox Soft\HD Video Converter Factory Pro\" (install directory)
00945CDB   . 8D85 78FFFFFF  LEA EAX,DWORD PTR SS:[EBP-0x88] ;18F5D4 [18F5D4] = 0x0
00945CE1   . B9 10609400    MOV ECX,VideoCon.00946010                ;  UNICODE "Se001.ini"
00945CE6   . E8 693DACFF    CALL VideoCon.00409A54
00945CEB   . 8B8D 78FFFFFF  MOV ECX,DWORD PTR SS:[EBP-0x88]
00945CF1   . B2 01          MOV DL,0x1
00945CF3   . A1 CC6E4600    MOV EAX,DWORD PTR DS:[0x466ECC]
00945CF8   . E8 8B15B2FF    CALL VideoCon.00467288
00945CFD   . 8945 CC        MOV DWORD PTR SS:[EBP-0x34],EAX
00945D00   . 33C0           XOR EAX,EAX
00945D02   . 55             PUSH EBP
00945D03   . 68 515D9400    PUSH VideoCon.00945D51
00945D08   . 64:FF30        PUSH DWORD PTR FS:[EAX]
00945D0B   . 64:8920        MOV DWORD PTR FS:[EAX],ESP
00945D0E   . 8D95 74FFFFFF  LEA EDX,DWORD PTR SS:[EBP-0x8C]
00945D14   . 8B45 FC        MOV EAX,DWORD PTR SS:[EBP-0x4]
00945D17   . 8B80 A0030000  MOV EAX,DWORD PTR DS:[EAX+0x3A0]
00945D1D   . E8 DE80B5FF    CALL VideoCon.0049DE00
00945D22   . 8B85 74FFFFFF  MOV EAX,DWORD PTR SS:[EBP-0x8C]
00945D28   . 50             PUSH EAX ;param1 = UNICODE serial
00945D29   . B9 30609400    MOV ECX,VideoCon.00946030                ;  UNICODE "KeyCode"
00945D2E   . BA 4C609400    MOV EDX,VideoCon.0094604C                ;  UNICODE "Reg"
00945D33   . 8B45 CC        MOV EAX,DWORD PTR SS:[EBP-0x34]
00945D36   . 8B18           MOV EBX,DWORD PTR DS:[EAX]
00945D38   . FF53 08        CALL DWORD PTR DS:[EBX+0x8] ;00468FD4 WritePrivateProfileStringW
/*
0018F580   0094604C  |Section = "Reg"
0018F584   00946030  |Key = "KeyCode"
0018F588   05C2256C  |String = "VC-HDPA1234567890ABCDE"
0018F58C   05BE14FC  \FileName = "C:\Users\Globeriz\Documents\WonderFox Soft\HD Video Converter Factory Pro\Se001.ini"

00469005  |. E8 BE81FAFF    CALL <JMP.&KERNEL32.WritePrivateProfileS>; \WritePrivateProfileStringW
*/
00945D3B   . 33C0           XOR EAX,EAX
00945D3D   . 5A             POP EDX
00945D3E   . 59             POP ECX
00945D3F   . 59             POP ECX
00945D40   . 64:8910        MOV DWORD PTR FS:[EAX],EDX
00945D43   . 68 585D9400    PUSH VideoCon.00945D58
00945D48   > 8B45 CC        MOV EAX,DWORD PTR SS:[EBP-0x34] ;EAX = 0x05BF0900
00945D4B   . E8 C80DACFF    CALL VideoCon.00406B18 ;check serial?
00945D50   . C3             RETN ;jmp 00945D58

00945D58   . A1 6CC8A500    MOV EAX,DWORD PTR DS:[0xA5C86C]
00945D5D   . C600 01        MOV BYTE PTR DS:[EAX],0x1
00945D60   . 8B1D 38C4A500  MOV EBX,DWORD PTR DS:[0xA5C438]          ;  VideoCon.00B10C80
00945D66   . 8B1B           MOV EBX,DWORD PTR DS:[EBX]
00945D68   . 8B15 38C4A500  MOV EDX,DWORD PTR DS:[0xA5C438]          ;  VideoCon.00B10C80
00945D6E   . 8B12           MOV EDX,DWORD PTR DS:[EDX]
00945D70   . 8B83 34030000  MOV EAX,DWORD PTR DS:[EBX+0x334]
00945D76   . FF93 30030000  CALL DWORD PTR DS:[EBX+0x330]
00945D7C   . B2 01          MOV DL,0x1
00945D7E   . A1 7007AF00    MOV EAX,DWORD PTR DS:[0xAF0770]
00945D83   . 8B08           MOV ECX,DWORD PTR DS:[EAX]
00945D85   . FF91 80000000  CALL DWORD PTR DS:[ECX+0x80]
00945D8B   . A1 D0CAA500    MOV EAX,DWORD PTR DS:[0xA5CAD0]
00945D90   . 8B00           MOV EAX,DWORD PTR DS:[EAX]
00945D92   . 33D2           XOR EDX,EDX

00945D94   . E8 4B4BC1FF    CALL VideoCon.0055A8E4
00945D99   . A1 ECC5A500    MOV EAX,DWORD PTR DS:[0xA5C5EC]
00945D9E   . 8038 00        CMP BYTE PTR DS:[EAX],0x0 ; compare result with false

00945DA1   . 74 29          JE SHORT VideoCon.00945DCC ; if false then output "Invalid registration information."
00945DA3   . 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-0x8]
00945DA6   . BA 98619400    MOV EDX,VideoCon.00946198                ;  UNICODE "You have successfully registered HD Video Converter Factory Pro. Enjoy it."
...
00945DCA   . EB 27          JMP SHORT VideoCon.00945DF3
00945DCC   > 8D45 F8        LEA EAX,DWORD PTR SS:[EBP-0x8]
00945DCF   . BA 4C639400    MOV EDX,VideoCon.0094634C                ;  UNICODE "Invalid registration information."

/* Patching */
.text:009F25FB                 cmp     dword ptr [ebp-0ECh], 0
.text:009F2602                 jz      short loc_9F2615
9F2615 good

Culprit!
009F1E08   . C605 D70FB100 >MOV BYTE PTR DS:[0xB10FD7],0x0

Crack Protection
(Call stack)
00502EB7
00502FD6
009DC000
55 88 EC 83 C4 F8 89 55 F8 89 45 FC A1 88
EB 45 90
009DC000     EB 45          JMP SHORT VideoCon.009DC047
...
009DC01F  |. BA 54C09D00    MOV EDX,VideoCon.009DC054                ;  UNICODE "ID=110,Can not find required files, please reinstall!"


00502E9A   . 81FE 13010000  CMP ESI,0x113
Posted by at No comments:

Tuesday, January 20, 2015

Personal Software List for Fresh Window Installs

Let's face it... it's really time-consuming and frustrating to find the essential programs to install when you have finally decided to reinstall your Windows system.

That said, I have compiled my list (mostly for my personal use) of survival programs needed right after a new install of Windows system.

Last Update: 10 Dec 2017

Internet Browser:
Mozilla Firefox (js:Greasemonkey) Cons: eats up all your RAM if you open more than 1 tab
Google Chrome (fast) Not suggested due to alleged privacy issues.
Chromium
Opera (even faster)
Vivaldi

Archiving Software:
Bandizip (FREE, lightwight, pretty interface, codepage support, unarchives popular archive formats: ZIP, RAR, 7Z, ...)
7-Zip (Open source, .7z format has high compression rate)
(N.B. Do not use WinRAR, it's evil!)

PDF Viewer:
Foxit Reader (free, minimal unobstructive ads)
SumatraPDF

VC++ Development:
Microsoft Visual Studio Community Edition (if you can afford the disk space)

Microsoft Visual C++ Express 2010 (lightweight, but lacks MFC and rc Editor)
ResEdit (rc Editor to overcome the problem above)
eXeScope(another ancient .rc Resource Editor, not free)
WTL (Windows Template Library) (better stop using MFC altogether!!)
Windows Driver Development Kit (DDK) (contains ATL libraries needed for WTL)

Qt (GUI development, if you can afford the disk space)

DirectX SDK
Windows Development Kit (WDK)

Reverse Engineering Tools:
Finding packer/compiler/linker signatures
ProtectionID v6.x.x (better than PEiD in my opinion)
Detect It Easy v0.88 v1.0.1

Code analysis
(General:)
OllyDbg v1.10 (Don't use v2) Dynamic code analysis (don't run trojans directly!)
IDA Pro + Hex-Rays Decompiler (Static code analysis) Cons: Not freeware.
PE Explorer (Static code analysis) not free, less fancy(useless) stuffs than IDA Pro
x96dbg (32-bit and 64-bit debugger, has built-in Scylla)
C32Asm (Chinese GB language disassembler)

(VB.NET C# Exclusive:)
.NET Reflector+Reflexil (disassembling .NET applications directly, not free)
ILSpy (free, open-source) + Reflexil

(Delphi Exclusive:)
DeDe (support Borland only)
IDR (Interactive Delphi Reconstructor), good support for Embarcadero Delphi (up to XE3 at time of writing) 32-bit only!!!
Delphi Decompiler 1.7 by Bitmaker

(VB6 Exclusive:)
P32Dasm v.2.80.75 (VB PCode Decompiler)

(Java Exclusive:)
Java Decompiler / 2008-2015 Emmanuel Dupuy (free, open-source)
DJ Java Decompiler (not free)
Java Bytecode Viewer (good for Android apk as well)

(Flash/ActionScript Exclusive:)
JPEXS Free Flash Decompiler
Sothink Flash Decompiler (not free)
Yogda 1.0.564

Dumping Tools
CHimpREC (dumping tool)
Scylla 0.9.7c 0.9.8 x86/x64 Dumping Tool + Imports Reconstructor

Miscellaneous Tools 
Armadillo Key Tool
ProcessMonitor (SysInternals)
Spy++
Kernel Detective

Portable Software Tools
VMWare ThinApp
Cameyo

Debugging HTTP(S) Traffic:
Fiddler2 / 4
Charles (great support for multiple protocols e.g. AMF3 but NOT FREE)

Graphic Editing Tools:
paint.NET (FREEware, simple interface) Sufficient for day-to-day casual image manipulation
SAI 1/2 (useful if you have a drawing tablet, not free though)
Adobe Photoshop CC (ugh...)

Text Editing Tools:
Notepad++ (FREEware)
Sublime Text 2/3 (not free)
jEdit (free)
Atom (slow startup...)
Brackets

HEX Editing Tools:
MiTeC Hexadecimal Editor (free)
HxD (Freeware Hex Editor and Disk Editor)
Hex Workshop(not free)
WinHex(forensic use, not free)
UltraEdit (powerful but not free)
010 Editor (powerful templates, not free)

Disc Tools:
DAEMON Tools Lite
InfraRecorder (free, open-source)
Alcohol 120

Screen Recording Tools:
CamStudio (free, open-source)
Fraps
Bandicam

Audio/Media Tools:
Audacity
foobar2000
VLC media player

Virtual Machine Tools:
VMWare Player
VirtualBox

MiscTools:
WinDirStat
Search Everything
CCleaner
RegSeeker
Process Hacker 2
Process Monitor
HashCalc

Posted by at 2 comments:
Subscribe to: Posts (Atom)