kavar.dyminsky

I represent all clients that bought this software. Smart guard, be honest with yourself and refund every noob that you sold it to. Instructions: Decrypt any files protected by SmartCrypt with effectively two lines of code. SmartCrypt can be bypassed simply by loading the file you want into memory via the Core.dll method appLoadFileToArray The array loaded by appLoadFileToArray will be completely free of any encryption, it can then be saved to file, I personally use appSaveArrayToFile as the Core already has this function for us. This proof of concept was created on the Interlude client but should work without issue on any client version. The following code must be compiled using Visual Studio as a DLL and the resulting DLL should be attached to l2.bin Attaching DLL Instructions #include <windows.h> void DumpFile() { typedef void (__cdecl *f_appLoadFileToArray)(char *, wchar_t *, int); typedef void (__cdecl *f_appSaveArrayToFile)(char *, wchar_t *, int); f_appLoadFileToArray appLoadFileToArray = (f_appLoadFileToArray)GetProcAddress(GetModuleHandleA("Core.dll"), "?appLoadFileToArray@@YAHAAV?$TArray@E@@PBGPAVFFileManager@@@Z"); f_appSaveArrayToFile appSaveArrayToFile = (f_appSaveArrayToFile)GetProcAddress(GetModuleHandleA("Core.dll"), "?appSaveArrayToFile@@YAHABV?$TArray@E@@PBGPAVFFileManager@@@Z"); char TArray[0x14]; memset(TArray,0,0x14); appLoadFileToArray(TArray, L"..\\System\\Interface.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A"))); appSaveArrayToFile(TArray, L"..\\System\\Interface.decrypted.u", *((int *)GetProcAddress(GetModuleHandleA("Core.dll"), "?GFileManager@@3PAVFFileManager@@A"))); } bool dumped = false; void StartCheck() { // wait until WinDrv is loaded just so we know everything we need is initialized correctly if (GetModuleHandleA("WinDrv.dll") != NULL) { if (!dumped) { DumpFile(); dumped = true; } } } __declspec(dllexport) BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: case DLL_THREAD_ATTACH: StartCheck(); case DLL_THREAD_DETACH: case DLL_PROCESS_DETACH: break; } return TRUE; } Below are screenshots of a successfully decrypted SmartCrypt protected Interface.u with source fully viewable via UTPT The words of the developer: "Private encryption keys - 100% safety!" "Protected files are guaranteed from being modified or viewed" That's your chance to claim your money back and quit wasting money. I wasn't sure where was the best place to stick this topic as it didn't really fit into the categories so if a mod feels it's better placed somewhere else feel free to move it, thanks!