Armadillo deprotector 1.1
- coded by tHE ANALYST - www.oldreverser.cjb.net -


Before anything , my unpacker has been protected with asprotect in order to test that protector, and to compress my file.
i had only that handy, but i don't know if this version is agressive
or not with the crackers computer (ie : freeze if sice loaded).
So i ADVISE you to run ICEDUMP!

I am not responsible in anyway of what you will do with this file.
If it crashes your computer, make you loose datas, or what ever, it is
your own fault..
I assume you did RTFM ;) else go see ur mum ;p
Now , let's go on:


1)what is Armadillo ?

Armadillo is a powerful license manager and software protection system. It wraps around your program like an armored shell, defending your work from pirates and program crackers with state-of-the-art encryption, data compression, and other security features. It also allows you to add a complete software protection and registration-key system to your existing programs in five minutes or less, with no changes to your program's code! And it works with any language that produces a 32-bit Windows EXE or screen saver file.

There are two facets to Armadillo's protection: the License Manager and the Software Protection System. Since each one appeals to a different group, we've documented them separately, though they are really two sides of the same coin.



2)What is Armadillo deprotector ?


It is an unpacker to unprotect files that has been protected by Armadillo, version up to 1.90 (last one atm :)



3)Is all automatic ? will A.D give me a fully working executable ?

1st of all, you have to run it without soft ice loaded, or with icedump or something that hide soft ice !
2nd: it depends of the version of armadillo used to protect the file.
IF the version was 1.75 or around that version, then the exe will be fully working, else you will have to find the OEP with soft ice and then replace it in the unprotected file :)
After that, everything will work fine :D
So how to use that tool ?
well run your protected application, and run the unpacker.
Check the processes list, and look for your application executable in the list.
exemple : notepad has been protected.
you will find : NOTEPAD.EXE
but this is not the file we are looking for..
Below this one you will find : NOTEPAD.TMP0
ok we got it!
Double click on the file and a save File Dialog will appear ;)
save your file where you want and it is done !
try to run it, if it crashes, you have to find the OEP.
It is prolly the newest version of armadillo ;)
So to be more clear, you are looking for a *.TMP0 file ;)


4)How to find the OEP ?


I assume you are familiar enough with softice..
So, how to find it ?
there are a few useful bpx that you can use :

bpx GetModuleHandleA
bpx GetProcAddress
bpx GetCommandlineA
bpx Getversion

you will have to look above the call to those API and you will 
prolly find the good OEP not so far ;)
else, here comes a good way to find it :

BPX setthreadcontext do "d (*(esp+8))+b8" 
take the last setthreadcontext :)
it will looks like this in the data window :


016F:0064F6D0 CC 10 40 00 67 01 00 00-86 0A 00 00 3C FE 63 00  ..@.g.......<.c.^


(this is taked from notepad protected with armadillo 1.90)
do you see the 4010CC ? (in reversed order : CC1040)
it is the OEP
but you gotta do : 4010CC - 400000 = 10CC
(Addy - imagebase = OEP)
Use any PE editor like Procdump and replace the Entry point with that
one, and the exe will work very good ;)
Now Armadillo has been kicked outta the file ;)
Another commercial protection has been sent to hell.

5)where can i contact you ?

you can mail me to : acid2600(at)hotmail(.)com
will be pleased to help you if you got problems with my program.


6)Greetings:

I wanna thx all my friends in :

#cracking4newbies, #o......s , #crack.fr , #ucf2000, #divine, #immortaldescendants, #cracking,
#TMG2000 ..

i'm prolly missing lotta ppls there but heck...
i also wanna thanx :

the owl: for the magic icedump ;)
Christal: for all he does for the french guys ;)
+spath: for helping me whenever i need help :)
+Frog's print: damn, hope to meet you asap bro ;-)
neural noise: thx for the nice leet talking dude ;)
Armadillo coder: nice man you are , keep trying, armadillo will kick arses somedays ;p
Duelist: ebreet :P
+Fravia, +tsehp: ewww missed you boys .. next time i will find you ;)


all my friends in HERT and all i forgot to list here for now
and you ;)

Take care,

tHE ANALYST

www.oldreverser.cjb.net 


ps: mail me for feedbacks ;)