Themida v2.0.3.0

Themida v2.0.3.0  Cracked by Nooby with NET Support

i find this note in the  web (http://hi.baidu.com) and i seen that in browser  by  thai enconding !!

if u translate this share it  in comment thanx

and like always if u like it buy it and support the developers and dont use that for not good program= worm or virus or trojan and …!!

าิฯยื๗ี฿ถผสว nooby (unpack ตฤID )
WLหฎำกฑเฝโย๋บอถิฮดึชKEYว้ฟ๖ตฤว๎พู

0×61, 0xE9, 0xAF, 0×01, 0×00, 0×00
สวหฎำกตฤฬุี๗ฃฌHide PE Scannerักฯ๎ธฤฑไืลธ๖ถจึต

19xx-2010(2020?)

0×2837A312
0×137A8C14

2020+

0×29812384
0×17461236

สตฯึด๚ย๋ภเหฦำฺฃบ

00F9D7A2 60 pushad
00F9D7A3 BB 78563412 mov ebx, 12345678
00F9D7A8 8DB5 9E165809 lea esi, dword ptr [ebp+958169E]
00F9D7AE 8DBD A3385809 lea edi, dword ptr [ebp+95838A3]
00F9D7B4 E9 07000000 jmp 00F9D7C0
00F9D7B9 301E xor byte ptr [esi], bl
00F9D7BB 003E add byte ptr [esi], bh
00F9D7BD D1CB ror ebx, 1
00F9D7BF 46 inc esi
00F9D7C0 3BF7 cmp esi, edi
00F9D7C2 ^ 0F82 F1FFFFFF jb 00F9D7B9
00F9D7C8 61 popad
00F9D7C9 C3 retn

ษฯรๆสวฑเย๋ตฤฃฌฯ๋ฝโย๋ฃบ
(BYTE[n] - KEY1>>n | KEY1<<(32-n)) ^ KEY2>>n | KEY2<<(32-n)

ฑเย๋ทดึฎกฃ

หตตฝkeyฃฌณ�มหฟษาิธ๚VMป๑ตราิอโฃฌำษำฺำรตฤสวRORภดฑไปปKEYฃฌำฺสวี๋ถิรฟ8ธ๖ืึฝฺส�พ�ฃฌฑุศปฟษาิศทถจาปธ๖ป๒ี฿ศ๔ธษธ๖KEY BYTEตฤื้บฯฃฌีโั๙รถพูมฟึปำะ0xFF * 0xFF * 4 * n
nศกพ๖ำฺฒปศทถจื้บฯตฤส�มฟฃฌฑศศ็ส�พ�ฮช0ฃฌkeyตฤbit patternึปาชาปึยพอฟษาิฃฌำะ2^n (nฮชธร8ืึฝฺฤฺส�พ�ฮช0ตฤืึฝฺตฤส�มฟฃฉึึื้บฯกฃีโึึฒปศทถจะิาชิฺตฺ32ืึฝฺบ๓ฒลฤ�ฬๅฯึณ๖ภดฃฌฒขวาฟษาิธ�พ฿32ฮปาิบ๓ตฤทว0ส�พ�ภดศทถจbit patternฃฌำฺสวดำาปธ๖ฐดนๆิ๒ัญปทฮปาฦตฤะ๒มะฮารวาปถจฟษาิตรณ๖าปธ๖keyฃฌฒขวาฑฃึคถิำฺีโธ๖ะ๒มะฝโย๋ี�ศทกฃ

ถ๘าชตรตฝอ๊รภkeyฃฌิ๒ฑุะ๋าชศรรฟาปธ๖keyตฤฮปถผำษทว0ส�พ�ว๓ตรฃฌีโื้keyพอสวฮาาิาิษฯตฤทฝสฝฃฌลไบฯฬุถจตฤำรปงร๛/emailื้บฯว๓ณ๖ภดตฤกฃ

ThemidaอจำรPatchบฺร๛ตฅตฤทฝทจ

ธ฿ษ๎ตฤผผส๕ฃฌพญั้บอืสมฯฃฌฮาษถถผรปำะฃฌึปสวพอสยย�สยฃฌทึฯําปฯยฮาตฤทฝทจกฃ

ฮาาฒฒปึชตภิ๕รดะ๐ส๖มหฃฌต๗VMรปสฒรดผผส๕ฃฌพอสวทัสฑฃฌฮาธ๘ด๓ผาผธธ๖ผ๒ตฅตฤีะส�ฃฌถิธถTMDตฅต๗ตฤVMกฃ

สืฯศผำิุิญฐๆฮฤผ�ฃฌตฝศ๋ฟฺศกฯ๛ทึฮ๖ฃฌฯย
he ZwCreateFile

F9ึฑตฝฮฤผ�ร๛สว”TMLicense.dat”ฃฌศปบ๓ิูF9าปดฮฃฌำฆธรสวอฃิฺด๒ฟช”Themida.exe”ษฯฃฌALT+Mฃฌหัห๗KEYฤฺตฤฬุี๗ฃฌีาตฝาปฟ้ฤฺดๆฃฌทลืลKEYตฤิญสผฤฺศ�กฃ

ิฺิญสผฤฺศ�ตฤ0×20-0×30ทถฮงภ๏หๆฑใีาธ๖ืึฝฺฯยำฒถฯฃฌีโั๙ฤ�ฑฃึคหัตฝฝโย๋ะลฯขฦฌถฯกฃ

ถฯฯยภดาิบ๓หั”Richard”ฃฌฟษาิีาตฝฝโย๋มหตฤืึท๛ดฎฃฌิฺืึท๛ดฎษฯฯยำฒถฯกฃ

ตศถฯฯยภดิูหัฤฺดๆฃฌำฆธรฤ�ีาตฝาปธ๖ตุทฝตฅถภทลืล”Richard”ฃฌิฺ”R”ษฯฯยำฒถฯฃฌึฑตฝร๛ืึศซฒฟฝโอ๊กฃ

ิฺร๛ืึื๎บ๓ฝแฮฒดฆฯยถฯฃฌถฯฯยภดาิบ๓พอฝำฝ�นุผ�ละถฯตฤVMมหฃฌฮาตฤทฝทจสวฃบ

RUN TRACEฃฌฬ๕ผ�ด๓ทถฮงสว ึธม๎ฮชjmp esiฃฌศปบ๓CTRL+F11

ศ็น๛ิฺผฤดๆฦ๗ป๒ีปภ๏ทขฯึฟษาษืึท๛ดฎฃฌิฺธ๚ืูฬ๕ผ�ภ๏ผำษฯศ็ฯยฃบ
push dword ptr[eax]
push dword ptr[ebx]
push dword ptr[ecx]
push dword ptr[edx]
push dword ptr[edi]
push dword ptr[esp]
jmp esi
ีโั๙ป๙ฑพษฯฑฃึคฤใฒปปแดํน�รฟณ๖ืสิดตฤป๑ศกฃฌฒขวารฟดฮCTRL+F11อฃฯยภดฃฌพอสวาปธ๖Handlerอ๊ณษฃฌป๙ฑพษฯฯเตฑำฺบ๖สำVMตฅฒฝิหะะกฃ

ีโภ๏ฝโสอาปฯยฬ๕ผ�ฃบ
027EE7A3 FF30 push dword ptr [eax]
027EE7A5 813424 DC7F7970 xor dword ptr [esp], 70797FDC

ีโสวณฃผ๛ตฤTMD VMภ๏ศกืสิดตฤทฝสฝฃฌณ�มหตฺถ�ะะิหหใท๛บอณฃมฟฒปอฌอโฃฌธ๑สฝป๙ฑพสวนฬถจตฤกฃ

ตฑทขฯึ”admi”บอ”ree8″ตฤสฑบ๒ฃฌพอบ�ำะฟษฤ�สวบฺร๛ตฅฑศฝฯฃฌีโธ๖สฑบ๒ืขาโณฃมฟตฤป๑ศกฃฌศ็น๛รปฤอะฤหใตฤปฐฃฌฟษาิธฤฦไึะาปธ๖สิสิฟดฃฌืขาโฤใฯ๋ธฤตฤึตฑุะ๋สวิฺVMส�พ�ถฮภ๏ตฤกฃ

ตศตฝ2ดฆถผีาตฝฒขธฤอ๊ฃฌฤใำฆธรพอฟษาิด๘ต๗สิฦ๗ิหะะึ๗ณฬะ๒มหกฃฝ๑ฬ์ฬ์ฦ๘บ�ศศีโธ๖ฬ๛ืำภ๏ำะฝุอผฃฌฟษาิฒฮฟผฯยกฃ

ฯ๋าชื๖ตฝฮฤผ�patchฃฌฤวพอาชิฺฤใธฤน�ตฤตุทฝฯยำฒถฯฃฌศปบ๓ึุฦ๐ณฬะ๒ฃฌฟดีโธ๖ึติฺฮฤผ�ภ๏ตฤฮปึรฃฌศปบ๓ธฤฯเำฆตุทฝพอบรมหกฃ

ืิะงั้ฃฌำษำฺฑศฝฯตฤสวchecksumฃฌถ๘ฮารวำึี�วษธฤมห2ดฆฃฌห๙าิฟษาิำรฮปถิฦ๋ตฤทฝทจฦฝบโฃฌธ๙ฑพฒปำรศฅธฤฮฤผ�ฤฉฮฒตฤึตกฃ

ตฑศปมหฃฌหตตฤผ๒ตฅฃฌื๖ฦ๐ภดฤักฃ

ำศฦไสวVMฃฌshooooลฃฟฯถจัะพฟตฤบ�อธณนฃฌถ๘ฮาึปอฃม๔ิฺฬ๘น�ตฤหฎฦฝษฯกฃ

VM V 2.0.3.0 ตฤ ฦฦฝโฐๆฑพ ำษ nobody ทลณ๖…….

Themida[1].v2.0.3.0.Cracked.by.Nooby.with.NET.Support-crk.rar