Go Back   FileForums > CD & DVD > CD/DVD Copy Protections & Utilities
Register FAQ Community Calendar Today's Posts Search

Reply
 
Thread Tools Search this Thread Display Modes
  #1  
Old 16-04-2003, 10:09
cdkiller cdkiller is offline
Registered User
 
Join Date: Oct 2002
Posts: 1,899
Thanks: 0
Thanked 5 Times in 1 Post
cdkiller is on a distinguished road
Cold Zeroīs new Protection (encryption) ???

i browsed through the ColdZero.exe and found something
interesting. the executable is protected by SecuROM but
it must be packed / encrypted with another tool.
there is a section called "chirpy".
anybody know wich packer / encrypter was used ???

here is the PE-Header:
----------------------

MZ......................
@.......................
.....................!..
L.!This program cannot b
e run in DOS mode....$..
....&..^b...b...b.......
a.......h.......D.......
....b...j.......`.......
l.......f.......c...b...
........a...6...S.......
c...Richb...........PE..
L...A..=..............SR
..............0.. 0.. 2.
..@.....................
......N.................
........................
.....q2.P.... H.........
........................
........................
..................... 2.
........................
.....text....p..........
................ ..
`.rdata..^^............. -> RData
............@[email protected]...
<.......................
[email protected].........$. -> ntsc (?)
.................... ..`
.chirpy.......(......... -> chirpy section ???
[email protected].. -> idata
.3..../.................
....@[email protected]....... 0.-> text
.................... ..`
.data1....... 2..`... .. -> data
[email protected].. -> pdata
..... 4.................
[email protected] -> Ressource section

please no newbie posts about this,
i need help from people who are skilled...
__________________
http://pid.gamecopyworld.com

home of Protection ID the ultimate Protection Scanner.
Reply With Quote
Sponsored Links
  #2  
Old 18-04-2003, 02:42
cdkiller cdkiller is offline
Registered User
 
Join Date: Oct 2002
Posts: 1,899
Thanks: 0
Thanked 5 Times in 1 Post
cdkiller is on a distinguished road
i know itīs securom but the Addd string with the version number isnīt there. so it must be encrypted.
(securom 4.8x can be viewed in win32dasm, this file not)
__________________
http://pid.gamecopyworld.com

home of Protection ID the ultimate Protection Scanner.
Reply With Quote
  #3  
Old 18-04-2003, 15:00
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 33 Times in 23 Posts
TippeX is on a distinguished road
theres multiple variants, what you're seeing is the cms_* sections renamed, the AddD missing well... look harder
search the exe for the AddD string, you'll find it
the data after it is indeed encrypted, also theres less appended data, the securom dlls are now stored within the image itself sometimes.. like i said.. variants .. securom 4.84.7x now has 'variations' incl. diff api wrappers
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Reply With Quote
  #4  
Old 19-04-2003, 02:24
cdkiller cdkiller is offline
Registered User
 
Join Date: Oct 2002
Posts: 1,899
Thanks: 0
Thanked 5 Times in 1 Post
cdkiller is on a distinguished road
ok, but bad for my filescanner
__________________
http://pid.gamecopyworld.com

home of Protection ID the ultimate Protection Scanner.
Reply With Quote
  #5  
Old 19-04-2003, 03:43
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 33 Times in 23 Posts
TippeX is on a distinguished road
nope, just some more coding to do isnt it? mine works fine heheh
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Reply With Quote
  #6  
Old 19-04-2003, 05:17
cdkiller cdkiller is offline
Registered User
 
Join Date: Oct 2002
Posts: 1,899
Thanks: 0
Thanked 5 Times in 1 Post
cdkiller is on a distinguished road
ok iīll first do a search for Addd + version at the end of the file.
then i know itīs securom.
__________________
http://pid.gamecopyworld.com

home of Protection ID the ultimate Protection Scanner.
Reply With Quote
  #7  
Old 19-04-2003, 08:08
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
 
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 33 Times in 23 Posts
TippeX is on a distinguished road
the AddD tag +Version aint at the end of the file now is it? ;p
if you looked at the end of the file and then thought about the number stored there you might get an idea of how to do away with a byte scan for 'AddD', and theres other methods to detect the variations in the securom itself, try section size matching, byte pattern matching import usage.. its all there, just start comparing exes
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump



All times are GMT -7. The time now is 14:51.


Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
FileForums @ https://fileforums.com