Fixing Armadillo 5.xx Hardware Fingerprint
1- Introduction:
About Fixing Armadillo Hardware FingerPrint, my friend Newbie_Cracker
Write a tut and explain how to fix it in 3.xx 4.xx versions. In this tut you learn
How to fix FP in Armadillo 5.xx and if there is Copy-MemII in protected file,
how to fix it .If other protection used in protected file (like Import-Elimination
or Code-Splicing) fix them like other version of Armadillo.
2- Tools :
1- OllyDBG.
2- ArmDetach {TEAM RESURRECTiON}
3- WinHex
4- A file protected with Armadillo 5.xx with serial & uses FP (Included).
[there are 2 file included , with Copy-MemII and without it ]
5- A valid serial.
3- Running File And Finding Place Of FP:
The protection used in included target is: Debug-Blocker and Copy-MemII
As you know Copy-MemII encrypt CodeSection , so if we detach process , our
CodeSection is encrypted . If you want to use scripts ( like Ricardo – Hipu –
Tenketsu , …) or use ArmDetach ( TEAM RESURRECTiON ) program start
and Enter Key window appear and wait for serial And if there is no
Debug-Blocker ( and so Copy-MemII ) Enter Key window appear too .
At this time you must write a simple app to patch FP in memory then continue
unpacking . but there is a simple method in Armadillo 5.xx that I use it …
Now start :
1-Detach process (if no Debug-Blocker present goto 4).
2- Attach child process to OllyDBG .
3- Fix infinite loop .
4-Run program by Shift+F9 .
Standard Protection