cRO situation

Forum closed. All further discussion to be discussed at https://github.com/OpenKore/

Moderator: Moderators

Locked
Message
Author
DrKN
Developers
Developers
Posts: 79
Joined: 06 Oct 2010, 09:22
Noob?: No

cRO situation

#1 Post by DrKN »

hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: cRO situation

#2 Post by kLabMouse »

DrKN wrote:hello,

The cRO is relaunched last month and its currently in EP14.1 (The first EP of renewal)
However there is a big problem.
As they have a update every week and they reshuffle the packet headers every time it patched (now reshuffled 2 times)
I think the best way for supporting cRO is working on the client side
will it be possible to generate a signature list of every header assembly code?
so it can detect it and regenerate a redirect header code putting in cRO.pm
Why not like in bRO ?
There is "Detected" list of packets "normal" ID and "changed" ID that is generated out from client binary.

DrKN
Developers
Developers
Posts: 79
Joined: 06 Oct 2010, 09:22
Noob?: No

Re: cRO situation

#3 Post by DrKN »

oh really?
is that the file generated by Ever Rox's tool?

DrKN
Developers
Developers
Posts: 79
Joined: 06 Oct 2010, 09:22
Noob?: No

Re: cRO situation

#4 Post by DrKN »

The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield

kLabMouse
Administrator
Administrator
Posts: 1301
Joined: 24 Apr 2008, 12:02

Re: cRO situation

#5 Post by kLabMouse »

DrKN wrote:The situation changed.
Now cRO is using theMida for exe protection
It is not letting OllyDBG attaching or opening the ragexe
If we need to support it we need to unpack this first but this is known as the hardest kernel exe shield
Themida does not protect from memory dump. That's all that's needed. Unless they Virtualized some protection functions.

Locked