Advert: (Original is on hackforum, but HF seem under heavy DDoS)
Cold$eal is a lame vb6 crypter who use usual crypt tech, they just decorated the GUI to make it “yeahhh”
but really nothing news inside (even on old 4.0 version).
Cold$eal come with a OCX pack, and a folder tools who contain UPX and reshacker.
The author $@dok have forget to remove infos from the tools settings.
The builder is packed with a scrambled UPX.
Here is a tiny 'how to' for make it unpackable without firring the debugger:
Rename the sections rr01 and rr02 to UPX0 and UPX1
Then load the file into your favorite hex editor and go to 0x3E0
Remplace the "00" by "UPX!"
Once done: upx.exe -d enjoy.exe (i've told you that come from HF right?)
And then you just have to crack it. (and once again it's vb6, mean if you know the tricks you can do it even without firing a debugger)
Hmm.. yeah you want to know how, right ?
ok, here we have our typical VB header:
Search for "VB5!" and you will got it.
The information we need is the address of the form header table in yellow, so we go to 0xA560 (Intel format is reversed)
And here we go:
The red part is a delimiter for each form.
the magenta part show the Form attribute
And the yellow part show the Form adress (+ 64h)
We rapidly identify that the HWID check form is "Form5" and the main form is "Form1"
By replacing 006F to 906F on the Form1 attribute and 9003 to 8003 on the Form5 attribute...
Form1 will magically load instead of Form5
And because you know, everything who come from HF is lame, here is our traditional 'HF faggotry':
Cold$eal have a feature to scan your files on Element Scanner.
So you click on the button and...
By simply looking inside the bin or by sniffing the network activity you get the password.
So here you go, free element scanner account:
The following urls was found:
The following files was found:
Ah also... you can download Cold$eal and the stub here:
Took 2 sec to brute force..
Or.. no, you can get the archive password from here:
Call that a leak or whatever you want, like it was says on a forum: this is probably the lamest piece of shit i have ever seen.