new AION .pak file format.need help!
Posted: Sun Nov 18, 2007 8:08 pm
The contents of this post was deleted because of possible forum rules violation.
Page 1 of 9
Posted: Mon Nov 19, 2007 12:29 am
Could you upload the game's exe and dll files?
Posted: Mon Nov 19, 2007 10:00 am
Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.
Posted: Mon Nov 19, 2007 2:14 pm
The contents of this post was deleted because of possible forum rules violation.
Posted: Mon Nov 19, 2007 2:47 pm
Fuck. Koreans seem to like Themida ^^
Ragnarök also used it I think.
Ragnarök also used it I think.
Posted: Tue Nov 20, 2007 2:22 am
Unfortunately UnThemida can't unpack the dll 
Posted: Wed Dec 05, 2007 4:25 am
Oh, hey, someone made a thread for this before I did. Awesome! Any files that you guys need that you don't have?
Posted: Wed Dec 05, 2007 10:45 am
No we'd need someone that is able to unpack Themida.
Posted: Wed Dec 05, 2007 6:51 pm
EDIT: Solvedjohn_doe wrote:Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.
Posted: Tue Dec 11, 2007 10:50 am
GameZelda wrote:EDIT: Solvedjohn_doe wrote:Yes, that would be good.
I checked, and the bytes used to XOR against are different for each file. I guess it's calculated via one or more values from the file header.
whats mean?
Posted: Sun Dec 23, 2007 1:20 am
It means this thread gets bumped.
Posted: Thu Dec 27, 2007 5:45 am
Who should I bribe around here to find a solution to us AION fans little predicament? 
Posted: Thu Dec 27, 2007 2:25 pm
As I already said the exe seems to be protected by themida. We need an unpacked exe to figure out the encryption algorithm.
No
Posted: Mon Jan 07, 2008 3:28 pm
What you need is not a unpacked exe. What you need is a unpacked CrySystem.dll. Also, you won't need a fully working one, what you need is to be able to read the code section. And that is pretty easy, since Themida anti codes are pretty simple.
http://geekserv.hornycat.org/~dick/CrySystem_dumped.rar
There you go, you will have all strings, all code. Just offsets is wrong.
Im myself investigating whats been happening to the first 32bytes of the compressedData. And i can say its not a simple xor, shr, shl method.
It's a dynamic value that's been tampered with more than that.
I'll be cross checking with the orginal CrySystem to see what they've added.
Many kisses
http://geekserv.hornycat.org/~dick/CrySystem_dumped.rar
There you go, you will have all strings, all code. Just offsets is wrong.
Im myself investigating whats been happening to the first 32bytes of the compressedData. And i can say its not a simple xor, shr, shl method.
It's a dynamic value that's been tampered with more than that.
I'll be cross checking with the orginal CrySystem to see what they've added.
Many kisses
Posted: Mon Jan 07, 2008 6:52 pm
Pretty simple? Doesn't this old version of Themida/Xtreme Protector use an aggressive ring0 driver?
And what about some tools identifying Xtreme Protector (though that one section is named Themida)?
Are both protections used?
And what about some tools identifying Xtreme Protector (though that one section is named Themida)?
Are both protections used?