[JOIN] To cracked Ubot Studio

[bindass]

I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

I want to interested UBOT server bypassing i build file but need improve

[gamelover]

(10-23-2015 12:02 AM)bindass Wrote:  I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

Pass it on.

JMP and BP are not the way to deal with uBOT. the header is compressed and will usually pass calls to the kernel.

I one the old version but then they have changed the call-back.

As mentioned one of the reasons uBOT or its generated .EXE appears as a virus because the header is compressed. any program compresses the header and involve a kernel call inside the execution part would be reported as a virus by most of anti-virus programs.

If I was you I would look more into the obfuscation section on the code. but before that you need to disable any anti-virus on your PC. and better remove the anti-virus services from the memory so you don't get a memory leak during your treat.

I would give it a try if you wish

Sandra

[bindass]

(10-23-2015 12:10 AM)gamelover Wrote:  

(10-23-2015 12:02 AM)bindass Wrote:  I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

Pass it on.

JMP and BP are not the way to deal with uBOT. the header is compressed and will usually pass calls to the kernel.

I one the old version but then they have changed the call-back.

As mentioned one of the reasons uBOT or its generated .EXE appears as a virus because the header is compressed. any program compresses the header and involve a kernel call inside the execution part would be reported as a virus by most of anti-virus programs.

If I was you I would look more into the obfuscation section on the code. but before that you need to disable any anti-virus on your PC. and better remove the anti-virus services from the memory so you don't get a memory leak during your treat.

I would give it a try if you wish

Sandra

Thanks dear..... you are 100% right i using the JMP its passed way the from but crashed..

actually i cracked my own way like ip spoofing... main problem is that Ubot generate a xml from server authenticate to compile.. but its hidden processes...
If some one find the ubot license verification system... i just loook for this

[gamelover]

(10-23-2015 12:21 AM)bindass Wrote:  

(10-23-2015 12:10 AM)gamelover Wrote:  

(10-23-2015 12:02 AM)bindass Wrote:  I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

Pass it on.

JMP and BP are not the way to deal with uBOT. the header is compressed and will usually pass calls to the kernel.

I one the old version but then they have changed the call-back.

As mentioned one of the reasons uBOT or its generated .EXE appears as a virus because the header is compressed. any program compresses the header and involve a kernel call inside the execution part would be reported as a virus by most of anti-virus programs.

If I was you I would look more into the obfuscation section on the code. but before that you need to disable any anti-virus on your PC. and better remove the anti-virus services from the memory so you don't get a memory leak during your treat.

I would give it a try if you wish

Sandra

Thanks dear..... you are 100% right i using the JMP its passed way the from but crashed..

actually i cracked my own way like ip spoofing... main problem is that Ubot generate a xml from server authenticate to compile.. but its hidden processes...
If some one find the ubot license verification system... i just loook for this

There are few process to take care of.

1) uBOT creates XML and hide it inside a temp folder which will be deleted as soon as you close the program

2) IP spoofing is a good start but uBOT has 2 ways of auth (a) application auth during start and login, (b) auth during selecting options and compiling

3) the 2 auth have to meet the exact token at their auth server

4) The actual complication is not done on your PC as early days, it is done at their server side. think of uBOT on your PC is only a webview of your account on their server.

The way to do it is to create a php script to confirm both auth. then create a script to confirm a compilation request and block the auto during the 2nd pass of the compilation.

The older version had the compilation process in the memory of your PC which takes a good coder to manipulate the compilation process in the memory to be performed by a java and php code on his local PC as a localhost.

the generated XML file has definitions of compilation parameters and its function is to pass those parameters to the compilation server.

The process may sounds complex but in the matter of fact is not impossible.

So let us first start with dealing with the obfuscations and dump the header then append it back the the uBOT .exe then we deal with the rest

Sandra

[bindass]

(10-23-2015 01:10 AM)gamelover Wrote:  

(10-23-2015 12:21 AM)bindass Wrote:  

(10-23-2015 12:10 AM)gamelover Wrote:  

(10-23-2015 12:02 AM)bindass Wrote:  I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

Pass it on.

JMP and BP are not the way to deal with uBOT. the header is compressed and will usually pass calls to the kernel.

I one the old version but then they have changed the call-back.

As mentioned one of the reasons uBOT or its generated .EXE appears as a virus because the header is compressed. any program compresses the header and involve a kernel call inside the execution part would be reported as a virus by most of anti-virus programs.

If I was you I would look more into the obfuscation section on the code. but before that you need to disable any anti-virus on your PC. and better remove the anti-virus services from the memory so you don't get a memory leak during your treat.

I would give it a try if you wish

Sandra

Thanks dear..... you are 100% right i using the JMP its passed way the from but crashed..

actually i cracked my own way like ip spoofing... main problem is that Ubot generate a xml from server authenticate to compile.. but its hidden processes...
If some one find the ubot license verification system... i just loook for this

There are few process to take care of.

1) uBOT creates XML and hide it inside a temp folder which will be deleted as soon as you close the program

2) IP spoofing is a good start but uBOT has 2 ways of auth (a) application auth during start and login, (b) auth during selecting options and compiling

3) the 2 auth have to meet the exact token at their auth server

4) The actual complication is not done on your PC as early days, it is done at their server side. think of uBOT on your PC is only a webview of your account on their server.

The way to do it is to create a php script to confirm both auth. then create a script to confirm a compilation request and block the auto during the 2nd pass of the compilation.

The older version had the compilation process in the memory of your PC which takes a good coder to manipulate the compilation process in the memory to be performed by a java and php code on his local PC as a localhost.

the generated XML file has definitions of compilation parameters and its function is to pass those parameters to the compilation server.

The process may sounds complex but in the matter of fact is not impossible.

So let us first start with dealing with the obfuscations and dump the header then append it back the the uBOT .exe then we deal with the rest

Sandra

Dear, as i say you clear my mind and most the problem..
thanks dear, you are truly legend...
You clarify my 2 years old problem for another application... thanks
Hands off to you

Heart

[gamelover]

(10-23-2015 04:11 AM)bindass Wrote:  

(10-23-2015 01:10 AM)gamelover Wrote:  

(10-23-2015 12:21 AM)bindass Wrote:  

(10-23-2015 12:10 AM)gamelover Wrote:  

(10-23-2015 12:02 AM)bindass Wrote:  I have a already a developer license... i just wanted to share with all BBHF lover...
If some one interested to crack i will give you all the information you want..
i have not enough time to investigate this...

My little trying : i found the IP... JMP and BOOL and Break point

the latest version are 5.0.9 --



If any one one need the .exe file i will give you


lets f...kkk Ubot huge cost

Pass it on.

JMP and BP are not the way to deal with uBOT. the header is compressed and will usually pass calls to the kernel.

I one the old version but then they have changed the call-back.

As mentioned one of the reasons uBOT or its generated .EXE appears as a virus because the header is compressed. any program compresses the header and involve a kernel call inside the execution part would be reported as a virus by most of anti-virus programs.

If I was you I would look more into the obfuscation section on the code. but before that you need to disable any anti-virus on your PC. and better remove the anti-virus services from the memory so you don't get a memory leak during your treat.

I would give it a try if you wish

Sandra

Thanks dear..... you are 100% right i using the JMP its passed way the from but crashed..

actually i cracked my own way like ip spoofing... main problem is that Ubot generate a xml from server authenticate to compile.. but its hidden processes...
If some one find the ubot license verification system... i just loook for this

There are few process to take care of.

1) uBOT creates XML and hide it inside a temp folder which will be deleted as soon as you close the program

2) IP spoofing is a good start but uBOT has 2 ways of auth (a) application auth during start and login, (b) auth during selecting options and compiling

3) the 2 auth have to meet the exact token at their auth server

4) The actual complication is not done on your PC as early days, it is done at their server side. think of uBOT on your PC is only a webview of your account on their server.

The way to do it is to create a php script to confirm both auth. then create a script to confirm a compilation request and block the auto during the 2nd pass of the compilation.

The older version had the compilation process in the memory of your PC which takes a good coder to manipulate the compilation process in the memory to be performed by a java and php code on his local PC as a localhost.

the generated XML file has definitions of compilation parameters and its function is to pass those parameters to the compilation server.

The process may sounds complex but in the matter of fact is not impossible.

So let us first start with dealing with the obfuscations and dump the header then append it back the the uBOT .exe then we deal with the rest

Sandra

Dear, as i say you clear my mind and most the problem..
thanks dear, you are truly legend...
You clarify my 2 years old problem for another application... thanks
Hands off to you

Heart

it is my pleasure, reverse engineering is fun and challenge, one of deep subjects I study in university is encryption. it is a very big world but it is more simple that the world "Simple".

Anything digital can be treated, even embedded PPLS chips without de-attachment.

uBOT is not impossible to treat, it is only a time consuming to deal with.

99% of software can be treated, the most hard part is embedding confiscated code to the program after memory dump.

Do the following and you can treat any program

1- de-attach kernel and kernel calls from the header
2- remove obfuscation at the memory level
3- reverse codes from memory back to the lower segment of the header
4- reconstruct all OPs at the binary level
5- rebuild the application .EXE as it suppose to be before protection
6-start your reversing inside the application's body.

Bypass "JMP" by "NOP" and "90" is not the right way to reverse. the good reverse is to find the associations in the code and embed the bypass for the protection. many applications are protected by CHKCM so bypass the JMP wouldn't be helpful.

If you try to bypass a call inside ashmpo software for example you will mess up the code. because new protection spread the actual protection code across many segments, w call it a call-to-call segmental division protection.

Last but not least, enjoy the challenge, do not give up, make notes, and have fun

Sandra

[BHWannaBe]

(10-23-2015 12:10 AM)gamelover Wrote:  Do the following and you can treat any program

1- de-attach kernel and kernel calls from the header
2- remove obfuscation at the memory level
3- reverse codes from memory back to the lower segment of the header
4- reconstruct all OPs at the binary level
5- rebuild the application .EXE as it suppose to be before protection
6-start your reversing inside the application's body.

Bypass "JMP" by "NOP" and "90" is not the right way to reverse. the good reverse is to find the associations in the code and embed the bypass for the protection. many applications are protected by CHKCM so bypass the JMP wouldn't be helpful.

If you try to bypass a call inside ashmpo software for example you will mess up the code. because new protection spread the actual protection code across many segments, w call it a call-to-call segmental division protection.

Last but not least, enjoy the challenge, do not give up, make notes, and have fun

Sandra

I have NO idea how to do that, nor do I have any idea what any of that means.
But you get a +1 anyway....hopefully in 2030, I can probably use this as a guide.