Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



 150704

XDumpGO v1.2 (Latest Update) - Cracked by 1x37x - How to Reverse Engineer

by 1x37x - 09 June, 2020 - 04:26 PM
This post is by a banned member (Spooky) - Unhide
Spooky  
Godlike
2.149
Posts
809
Threads
5 Years of service
#9
hahah imagine wasting weeks of pure coding to sell the tool for hundreds and then you just come and crack it in some hours keek
This post is by a banned member (xorro) - Unhide
This post is by a banned member (CYBER0) - Unhide
This post is by a banned member (MysticOCE) - Unhide
MysticOCE  
Registered
61
Posts
4
Threads
4 Years of service
#12
lets go nice shit dude fucking making people pay dumb amounts of money
This post is by a banned member (PandaByte) - Unhide
PandaByte  
Supreme
33
Posts
10
Threads
4 Years of service
#13
Awesome release!
This post is by a banned member (SamKolder) - Unhide
SamKolder  
Supreme
1.054
Posts
44
Threads
4 Years of service
#14
You're the best
This post is by a banned member (PureWasHere) - Unhide
31
Posts
11
Threads
5 Years of service
#15
Step by step write up of the video:

Loading The exe:
Step1) Download x64 DBG
Step2) Download the XDumpGo Files
Step3) Open XDumpGo with x64DBG (You can drag XDumpGo into the x64DBG window or press file > Open > Xdumpgo.exe)

Now to find what you need to patch.

Step1) Open the Symbols Tab on the nav bar. xdumpgo.exe should be in the module list. Double click it. The title of x64dbg should now say Module: xdumpgo.exe - Thread <random stuff here>
Step2) click the Run arrow 2 times
Step3) Go to the Memory Map tab
Step4) Locate the Address on the list that says "XDG9" in its info panel. There should be a few. Right click the first one and press "Find refereances to Region"
Step5) That should've opened up the references tab. In the search box at the bottom type "jmp"
Step6) Double click the last result
Step7) Right Click the value that shows up and go into breakpoint and then toggle. The left box should go red.
Step8) Press the Run Arrow 1 Time. The program should stop on that Breakpoint and a box that says RIP with an arrow pointing to the address should appear.
Step9) Right click the value and press follow in the disassembler
Step10) Right click the value and press follow in disassembler again
Step11) The value at the top should now be:mov rdi,qword ptr ss:[rsp]
Step12) Right click that value and go to search > current module > string references
Step13) search for "try again" in the search box
Step14) double click the string that says "Try AgainTypeCNAMETypeHINFOTypeMINFOUarrocir;UnderBar" it is near the bottom
Step15) Press your up arrow 26 times. The top value should look like "jne xdumpgo"

Now you need to apply the changes that bypass the Auth.
Step1) Change the top 4 jne to je by double clicking the value and deleting the n. Press OK then press cancel. DO NOT CHANGE ANYTHING BUT THE "n" OR IT WILL CRASH XDUMPGO.
Step2) After changing the top 4 from jne to je. You should now have a 5th je value at the bottom. Change that from je to jne.

Since x64dbg cannot save these patches to an exe I recommend exporting the patch group so you don't have to redo this process every time you want to run.
- One of a Kind \ Half of an Anomaly -
OBAnomaly Developer

- I quit this shit and programming to become an artist -
This post is by a banned member (valacc) - Unhide
valacc  
Registered
104
Posts
6
Threads
4 Years of service
#16
(10 June, 2020 - 07:27 PM)PureWasHere Wrote: Show More
Step by step write up of the video:

Loading The exe:
Step1) Download x64 DBG
Step2) Download the XDumpGo Files
Step3) Open XDumpGo with x64DBG (You can drag XDumpGo into the x64DBG window or press file > Open > Xdumpgo.exe)

Now to find what you need to patch.

Step1) Open the Symbols Tab on the nav bar. xdumpgo.exe should be in the module list. Double click it. The title of x64dbg should now say Module: xdumpgo.exe - Thread <random stuff here>
Step2) click the Run arrow 2 times
Step3) Go to the Memory Map tab
Step4) Locate the Address on the list that says "XDG9" in its info panel. There should be a few. Right click the first one and press "Find refereances to Region"
Step5) That should've opened up the references tab. In the search box at the bottom type "jmp"
Step6) Double click the last result
Step7) Right Click the value that shows up and go into breakpoint and then toggle. The left box should go red.
Step8) Press the Run Arrow 1 Time. The program should stop on that Breakpoint and a box that says RIP with an arrow pointing to the address should appear.
Step9) Right click the value and press follow in the disassembler
Step10) Right click the value and press follow in disassembler again
Step11) The value at the top should now be:mov rdi,qword ptr ss:[rsp]
Step12) Right click that value and go to search > current module > string references
Step13) search for "try again" in the search box
Step14) double click the string that says "Try AgainTypeCNAMETypeHINFOTypeMINFOUarrocir;UnderBar" it is near the bottom
Step15) Press your up arrow 26 times. The top value should look like "jne xdumpgo"

Now you need to apply the changes that bypass the Auth.
Step1) Change the top 4 jne to je by double clicking the value and deleting the n. Press OK then press cancel. DO NOT CHANGE ANYTHING BUT THE "n" OR IT WILL CRASH XDUMPGO.
Step2) After changing the top 4 from jne to je. You should now have a 5th je value at the bottom. Change that from je to jne.

Since x64dbg cannot save these patches to an exe I recommend exporting the patch group so you don't have to redo this process every time you want to run.

Your reply was extremely helpful, Thank you!

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 10 Guest(s)