Copyright 2004 Unpacking Gods

 

Armadillo Exact Version Location Tutorial

 

Two methods of Manually Finding the EXACT version of an ARMADiLLO protected file

Target........: TARGET.EXE

 

Protection..: ARMADiLLO v3.??

 

Difficulty....: Intermediate

 

Tools Needed:

1.) Olly Debug

-----------------------------------------------------------------------------------------------------------------------

:LEGAL:

This Tutorial is to NOT BE READ by ANYONE

Unpacking Gods is a Group who spends time on these protections for LEARNING PURPOSES

The Application used in this Tutorial is Copyrighted by the author.

All Logo's, Files and names hold Copyrights and Registered Trademarks of the Authors and are in this tutorial for EDUCATiONAL PURPOSES ONLY.

this TUTORIAL is for EDUCATiONAL PURPOSES ONLY.

3 goats, and every ford mustang were harmed in the making of this tutorial.

 

For NO REASON, will Unpacking Gods be held responsable for any persons actions with the knowledge held in this Tutorial.

-----------------------------------------------------------------------------------------------------------------------

PART 1:

 

Definition To Armadillo's version infomation

Thanks to everyone whos helped me along the way..

 

Special thanks to that one l0sts0ul, i wouldnt be anywhere without him :)

Thanks for reading

Welcome!

 

This tutorial will Explain how to locate the exact version of your armadillo protected file.

smoke a bowl, and enjoy.

Alot of people dont know how to find Armadillo's Exact version, some probly think its not even possible..

 

This tutorial will explain how to find the exact version number, and sometimes build of Armadillo Protected EXE's and DLL's.

 

The Method used in this tutorial SHOULD work on ALL ARMADiLLO v3.xx, even with Debug Blocker, or Copymem2.

 

one more thing.. you Should at least know how to unpack Armadillo before you are reading this tutorial.

I have included my own TARGET.EXE Protected with ARMADiLLO v?.??

 

We must find the Version of Armadillo :)

 

The Version Number (and somtimes build) is ENCRYPTED within Armadillo.

Load up TARGET.EXE into OLLY DEBUG

 

You will be at the Entry Point of armadillo..

 

EXAMPLE:

<----------------------------------------------------Right click in your DUMP

                                                                   and select HEX or TEXT Mode.

Now after you select hex or text mode in dump..

 

Press SHIFT+F9 3 times (in this case 3 times)

And you will get a 'PRIVILEGED INSTRUCTION' in this case.

 

Now the CODE is Decrypted and we can find ARMADiLLO's EXACT compiler VERSiON

 

EXAMPLE:

Now in your main code window, press CTRL+B to search Binary strings

 

And in ASCII Type: armVersion>

 

EXAMPLE:

Now Press OK..

 

and it will take you to ARMADILLO's Version!..

 

HIGHLIGHT the FIRST BYTE > right click on it and Click Follow in DUMP > Selection

 

EXAMPLE:

Now in the DUMP  we can see our EXACT ARMADILLO VERSiON!! YAY!!

<---------------------------------------------------------------------- Armadillo version 3.60

Nice!

 

We got Armadillo's EXACT comiler version..

 

This EXE is protected with ARMADILLO v3.60

 

YAY!!! :D

The EASiEST way to find ARMADiLL0's Version is:

 

Once you have the OEP, and you have DUMPED any Armadillo v3.xx Protected file...

Open the dumped file in a HEX Editor (like HIEW) and search for armVersion> in ascii

 

and it will say exact armadillo version in your dumped file :D

this sometimes does not work.

 

but anyways ENJOY!!

Thanks for reading this Tutorial on finding Armadillo's exact version.

 

I hope it helps you on your path to learn more about protections

 

Sincerly..

 

MEPHiST0

Unpacking Gods

PART 2:

 

METHOD 1 - Finding Armadillo's Exact version

PART 3:

 

METHOD 2 - Finding Armadillo's Exact version