Discussion about latest version of SoftWrap,better than Arm?

[balaiazataeara]

Hello! Looks like Biw has a great community. Let's try to discuss with them to see if they bite me.

SoftWrap

The latest version of softwrap is very hard to crack, if you want to give a try, go on hxxp://www.g a m e maker.nl and download g a m e m a k e_r 7

Interesting how it detects Olly. I looked on google, I can't find articles or even one thread about a version softwrap greater than 6.11. How would like to discuss of ways to unpack it or atleast hide the debuggers. Softwrap is signing licenses with a lot of game houses. In a near future we will see more Softwarp than armadillo as I see it.

intructions where it seems to detect olly :

[bengunn]

With a Repair patched Olly and Asterix Hidedebugger you shouldn't have any problems debugging it. From the quick look I had of there's nothing here that hasn't been covered in available tutorials, including if I'm not mistaken, one by haggar. Search this forum and snd tutorials.

[balaiazataeara]

Thank you very much, I will look further into this.

[haggar]

Better than Armadillo - not even close.

Softwrap can be patched with ease, unpacking is harder because imports needs to be fixed. Disabled softwrap protected software can be enabled with ease too. That is if we talk about version 7.

I was examining it on "morpheus ultra". I have some OEP scripts.

[balaiazataeara]

I not sure it's ver.7 but I can say the unpacking process is VERYYYYYYY LOOOOOOOOONG in Olly. About 1 or 2 minutes.

[haggar]

Hi, try this script for finding OEP. It should work if version is the same:

[balaiazataeara]

It doesn't work so this is a version higher than 7. It stops at :

[haggar]

Ha ha, I forgot that "bug report". I was planning to write general softwrap unpacker script but I lost interest. I didn't test it on enough targets. I should write instead "shit happens"


It is probably different version. Try place bp at the end of LoadLibrary and run untill it loads softwrap.dll. That DLL has all anti tricks, don't remember anymore which one. But imortant thing is that you can skipp DLL code executing and by that skip all tricks, license checks, time limit. Procedure inside protected exe that loads DLL has two ends. One is if program will continue to OEP and unpacking, second is just exit in case that you close window or if trial has ended.


If you download Morpheus Ultra, I can explain you protection on that example. I have that app for some time on my hard drive.

[balaiazataeara]

Thanks for the tips but, ho well, I tried. I bped on the mov esb,ebp then ran till I saw 'softwrap.dll' in argument, noped the call to LoadLibraryExA before passing it, then did an undo so everything is as it was, then when I reach the return, it brings me to somewhere in the main module totally not at the right place . It bring me here :

[haggar]

It's like this with Morpheus, which should be latest Softwrap (but maybe new version is out):


- You place bp at LoadLibraryA API end. Ei,
go to -> expression -> LoadLibraryA

[balaiazataeara]

I did everything like you said but,

in morpheus ultra, the program terminated (not really surprising, it must just be a empty program, so you install the trojaned bar in you Internet explorer when you install it )

In gam_e_mm_a_ker 7, the verications are done anyway (a popup before the program start saying OMG YOU ARE USING LITE VERSION, YOU MUST BUY !)

Ok so I suppose it works, but the program is not registered by default, I try to find the oep, to see what can I do.

Thank you for your help !

[elance]

[hunkiller]

Hi Haggar, could you please tell me how to find OEP in Morpheus Ultra (Softwrap 7)?