Openkore.com

OpenKore Forums
It is currently 19 Jul 2018, 15:10

All times are UTC - 5 hours [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 
Author Message
 Post subject: cRO situation
PostPosted: 21 Mar 2013, 22:25 
Offline
Developers
Developers

Joined: 06 Oct 2010, 09:22
Posts: 79
hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm


Top
 Profile  
 
 Post subject: Re: cRO situation
PostPosted: 21 Mar 2013, 22:48 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1299
DrKN wrote:
hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm


Why not like in bRO ?
There is "Detected" list of packets "normal" ID and "changed" ID that is generated out from client binary.

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
 Post subject: Re: cRO situation
PostPosted: 22 Mar 2013, 21:23 
Offline
Developers
Developers

Joined: 06 Oct 2010, 09:22
Posts: 79
oh really?
is that the file generated by Ever Rox's tool?


Top
 Profile  
 
 Post subject: Re: cRO situation
PostPosted: 23 Mar 2013, 22:53 
Offline
Developers
Developers

Joined: 06 Oct 2010, 09:22
Posts: 79
The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield


Top
 Profile  
 
 Post subject: Re: cRO situation
PostPosted: 24 Mar 2013, 03:08 
Offline
Administrator
Administrator
User avatar

Joined: 24 Apr 2008, 12:02
Posts: 1299
DrKN wrote:
The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield

Themida does not protect from memory dump. That's all that's needed. Unless they Virtualized some protection functions.

_________________
Join our Team. Click here.
Image


Image


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 5 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group