Blogs

Our community blogs

  1. Wrote this a while ago, to understand how trojans gets antivirus products when they request such information, turns out it works pretty good

    [For Educational Purposes and Usage ONLY]

    ; English Forum: https://forum.tuts4you.com/
    ; Author: 0xNOP
    ; Date: 6.April.2016
    ; OS: Windows
    ; Demo: No
    
    Global.s Dim output(0)
    
    Procedure explodeStringArray(Array a$(1), s$, delimeter$)
      Protected count, i
      count = CountString(s$,delimeter$) + 1
      
      ;Debug Str(count) + " substrings found"
      Dim a$(count)
      For i = 1 To count
        a$(i - 1) = StringField(s$,i,delimeter$)
      Next
      ProcedureReturn count ;return count of substrings
    EndProcedure
    
    Procedure getAV(ID.i)
      Output$ = ""
      ProgID = ID
    If ProgID
      While ProgramRunning(ProgID)
        If AvailableProgramOutput(ProgID)
          Output$ + ReadProgramString(ProgID)
        EndIf
      Wend
      CloseProgram(ProgID) ; Close the connection to the program
    EndIf
    SplittedString$ = ""
    FindStr$ = Left(Output$, 12)
    Occurences$ = Str(CountString(Output$, FindStr$))
    If(Val(Occurences$) = 0)
      MessageRequester("Woops!", "No Antivirus Found!")
    Else
      If(Val(Occurences$) >= 1)
        ;This system has more than one Antivirus!" ; Do Split for 1 antivirus <- We want this value :)
        explodeStringArray(output(), Output$, "displayName=")
        MessageRequester("We've Got a Hit!", "Installed: " + output(1))
      EndIf
    EndIf
    EndProcedure
    
    ; I've read that WMI changed the way it behaves from Vista SP2 and above, earlier "root\SecurityCenter" was needed, now "root\SecurityCenter2" is needed.
    
    If OSVersion() <= #PB_OS_Windows_Vista
      ID = RunProgram("wmic", "/Node:localhost /Namespace:\\root\SecurityCenter Path AntiVirusProduct Get displayName /Format:List", "", #PB_Program_Open | #PB_Program_Read | #PB_Program_Hide)
      getAV(ID)
    Else ;Host OS is higher than Vista. We can rest assured and run it with the new WMIC statement :D
      ID = RunProgram("wmic", "/Node:localhost /Namespace:\\root\SecurityCenter2 Path AntiVirusProduct Get displayName /Format:List", "", #PB_Program_Open | #PB_Program_Read | #PB_Program_Hide)
      getAV(ID)
    EndIf 

    Simply gets the listed Antivirus :D

    Adapted for PureBasic :D

    References:
    WMIC Access Secuity Products https://blogs.msdn.microsoft.com/alejacma/2008/05/12/how-to-get-antivirus-information-with-wmi-vbscript/#comment-180

    Explode String (Php2Pb): http://www.purebasic.fr/english/viewtopic.php?p=320348&sid=a3457eb3b08ec9dc6eb5b8ac3ee67656#p320348

     

    *Updated 4/5/2016*

    Added Support for earlier versions of Windows (Vista and earlier), as I've read the structure of the WMI command changed a little bit for those versions of Windows :D

  2. With the excitement of Windows 10 and a host of bug fixes out of the way I can now concentrate some time on Tuts 4 You which also allows me to post some code on this blog. This blog entry is in regard to a recent query from LCF on viewing icons contained within DLL's, executables, icon files, etc. I coded a small tool for this a while ago that enabled me to quickly view icons contained primarily within shell32.dll and imageres.dll so that I could take advantage of those icons in other code. Most of the magic is done by Windows API ExtractIconEx function and from there we simply manipulate the icon images to display them in a gadget list window. As you can see from the code below I have taken advantage of mixing both Windows API with PureBasic API's to achieve the results. For those of you who have read my previous blog entries may be astute enough to see the similarities with the code posted in my PureBasic Adventures blog entry.

    The attached archive contains compiled code for those who would like to see use the end result and do not have PureBasic installed (shame on you!). The archive also contains the .pb code file(s) and some rough bonus code using DrawIconEx API to draw icons directly to a window...

    UsePNGImageEncoder()
    
    ; Declare the procedures...
    
    Declare Menu_ExtractIcon()
    Declare Menu_ExtractIconAll()
    Declare Menu_About()
    Declare Menu_Callback(hWnd, uMsg, wParam, lParam)
    
    ; Declare some global variables...
    
    Global Gadget
    Global FileName.s
    Global Title.s = "Quick Icon Viewer v0.1"
    Global Info.s = "A small program to view and extract icons as .BMP or .PNG."+Chr(13)+Chr(13)+"Code: Teddy Rogers"+Chr(13)+"URL: http://tuts4you.com"+Chr(13)+"E-Mail: teddyrogers@tuts4you.com"
    
    ; Create our window and explorer list gadget then let the magic happen...
    
    If OpenWindow(0, #Null, #Null, 600, 500, Title.s, #PB_Window_ScreenCentered | #PB_Window_SystemMenu)
      ExplorerListGadget(0, 1, 2, 598, 297, GetCurrentDirectory(), #PB_Explorer_GridLines | #PB_Explorer_AutoSort | #PB_Explorer_HiddenFiles | #PB_Explorer_FullRowSelect)
      
      ; Create the icon gadget windows and set the attributes to display small and large icons...
      
      ListIconGadget(1, 1, 300, 299, 176, "", #Null)
      ListIconGadget(2, 301, 300, 298, 176, "", #Null)
      
      ; Customise the list icon display mode...
      
      SetGadgetAttribute(1, #PB_ListIcon_DisplayMode, #PB_ListIcon_SmallIcon)  
      SetGadgetAttribute(2, #PB_ListIcon_DisplayMode, #PB_ListIcon_LargeIcon)
      
      ; Create the status bar and text fields for some stats/counters...
      
      If CreateStatusBar(0, WindowID(0))
        AddStatusBarField(#PB_Ignore)
        AddStatusBarField(#PB_Ignore)
        AddStatusBarField(#PB_Ignore)
        AddStatusBarField(#PB_Ignore)
        
        StatusBarText(0, 0, "Small Icons (16 x 16) :", #PB_StatusBar_Right)
        StatusBarText(0, 2, "Large Icons (32 x 32) :", #PB_StatusBar_Right) 
      EndIf
      
      ; Create the popup menu and bind the menu events...
      
      If CreatePopupMenu(MyMenu)
        MenuItem(1, "Extract")
        MenuItem(2, "Extract All")
        MenuBar()
        MenuItem(3, "About")
        
        BindMenuEvent(MyMenu, 1, @Menu_ExtractIcon())
        BindMenuEvent(MyMenu, 2, @Menu_ExtractIconAll())
        BindMenuEvent(MyMenu, 3, @Menu_About())
        
        ; Create the callback to process the events in the icon gadget lists...
        
        SetWindowCallback(@Menu_Callback())
      EndIf  
      
      Repeat
        MyEvent = WaitWindowEvent()
        
        Select MyEvent
          Case #PB_Event_Gadget
            Select EventGadget()
              Case 0
                Select EventType()
                  Case #PB_EventType_Change
                    
                    ; Auto size the four explorer list gadget columns...
                    
                    For i = 0 To 4
                      SendMessage_(GadgetID(0), #LVM_SETCOLUMNWIDTH, i, #LVSCW_AUTOSIZE_USEHEADER)
                    Next i
                    
                  Case #PB_EventType_LeftClick
                    
                    ; Check if the user selected a different file in the explorer gadget list before processing new events...
                    
                    If FileName.s <> GetGadgetText(0) + GetGadgetItemText(0, GetGadgetState(0))
    
                      ; Get the directory and file name from ExplorerListGadget...
                      
                      FileName.s = GetGadgetText(0) + GetGadgetItemText(0, GetGadgetState(0))
                      
                      ; Clear up any previously diaplyed icons...
    
                      ClearGadgetItems(1) : ClearGadgetItems(2)
                      
                      ; Return the total number of icons in the specified file...
                      
                      IconNum = ExtractIconEx_(PeekS(@FileName), -1, #Null, #Null, #Null)
                      
                      ; Create a simple array for storing the small and large icons...
                      
                      Dim hIcon_Small(IconNum) : Dim hIcon_Large(IconNum) 
                      
                      ; Extract the icons in to the array...
                      
                      If IconNum
                        ExtractIconEx_(PeekS(@FileName), #Null, hIcon_Large(), hIcon_Small(), IconNum)
                      EndIf
                        
                      ; Change the window icon. Using SHGetFileInfo retrieves file, folder, directory, and drive icons...
                      
                      If SHGetFileInfo_(PeekS(@FileName), #FILE_ATTRIBUTE_NORMAL, @FileIcons.SHFILEINFO, SizeOf(SHFILEINFO), #SHGFI_ICON | #SHGFI_SMALLICON | #SHGFI_USEFILEATTRIBUTES)
                        SetClassLongPtr_(WindowID(0), #GCL_HICON, FileIcons\hIcon)
                        DestroyIcon_(FileIcons\hIcon)
                      EndIf
    
                      ; Add the icons stored in the array to the gadget list and destroy the icon in the array...
                      
                      For a = 0 To IconNum - 1
                        If hIcon_Small(a)
                          AddGadgetItem(1, -1, Str(a) + " / $" + Hex(a), hIcon_Small(a))
                          DestroyIcon_(hIcon_Small(a))
                        EndIf
                        
                        If hIcon_Large(a)
                          AddGadgetItem(2, -1, Str(a) + " / $" + Hex(a), hIcon_Large(a))
                          DestroyIcon_(hIcon_Large(a))
                        EndIf
                      Next a
                      
                      ; When we are finished displaying the icons in the gadget list free both arrays from memory...
                      
                      FreeArray(hIcon_Small())
                      FreeArray(hIcon_Large())
                      
                      ; Count the items in each of the icon gadget windows...
                      
                      StatusBarText(0, 1, Str(CountGadgetItems(1)), #PB_StatusBar_Center)
                      StatusBarText(0, 3, Str(CountGadgetItems(2)), #PB_StatusBar_Center)
                      
                    EndIf
                EndSelect
                
              Case 1
                Select EventType()
                  Case #PB_EventType_LeftClick
                    
                    ; First check to see if there are any icons in the gadget then change the window icon...
                    
                    If GetGadgetState(1) => 0
                      If ExtractIconEx_(PeekS(@FileName), GetGadgetState(1), #Null, @iIcon, 1)
                        SetClassLongPtr_(WindowID(0), #GCL_HICON, iIcon)
                        DestroyIcon_(iIcon)
                      EndIf
                    EndIf
                    
                EndSelect
                
              Case 2
                Select EventType()
                  Case #PB_EventType_LeftClick
                    
                    ; First check to see if there are any icons in the gadget then change the window icon...
                    
                    If GetGadgetState(2) => 0
                      If ExtractIconEx_(PeekS(@FileName), GetGadgetState(2), @iIcon, #Null, 1)
                        SetClassLongPtr_(WindowID(0), #GCL_HICON, iIcon)
                        DestroyIcon_(iIcon)
                      EndIf
                    EndIf
    
                EndSelect
            EndSelect
        EndSelect
        
      Until MyEvent = #PB_Event_CloseWindow    
    EndIf
    
    Procedure Menu_ExtractIcon()
      Protected MyImage, x, SaveFilename.s, ImageFormat, Extension.s
      
      ; If there are no icons selected create an error message then exit procedure...
      
      If GetGadgetState(Gadget) = -1
        MessageRequester("Error!", "There is no image to save!", #MB_ICONINFORMATION | #MB_TOPMOST | #MB_SETFOREGROUND)
        ProcedureReturn
      EndIf  
      
      ; Show the save dialogue and ask user to input file name, we can create a default filename based upon current date/time...
      
      SaveFilename.s = SaveFileRequester("Saving your image...", FormatDate("%yyyy.%mm.%dd-%hh.%ii.%ss", Date()), "PNG Format|*.png|BMP Format|*.bmp", #Null)
      
      ; Store the required extension and format type...
      
      Select SelectedFilePattern()
        Case 0  ; PNG
          ImageFormat = #PB_ImagePlugin_PNG
          Extension.s  = ".png"
          
        Case 1  ; BMP
          ImageFormat = #PB_ImagePlugin_BMP
          Extension.s  = ".bmp"
      EndSelect
      
      ; If called from small gadget list we want small icons and vice-versa for large, then extract a single icon...
      
      If Gadget = 1
        ExtractIconEx_(PeekS(@FileName), GetGadgetState(Gadget), #Null, @iIcon, 1)
        x = 16
      Else
        ExtractIconEx_(PeekS(@FileName), GetGadgetState(Gadget), @iIcon, #Null, 1)
        x = 32
      EndIf
      
      ; Create a new image then draw the icon to it...
      
      If CreateImage(MyImage, x, x, 32)
        StartDrawing(ImageOutput(MyImage))
        DrawingMode(#PB_2DDrawing_AllChannels)
        DrawImage(iIcon, 0, 0, x, x)
        StopDrawing()
      EndIf
      
      ; Destroy the icon in the array to prevent GDI leaks...
      
      DestroyIcon_(iIcon)
      
      ; If the image is a valid image save it then free the new image from memory when done...
      
      If IsImage(MyImage)
        If SaveImage(MyImage, SaveFilename.s + Extension.s, ImageFormat)
          FreeImage(MyImage)
        EndIf
      EndIf  
      
      ProcedureReturn
    EndProcedure
    
    Procedure Menu_ExtractIconAll()
      Protected MyImage, x, a, SaveFilename.s, ImageFormat, Extension.s
    
      ; If there are no icons selected create an error message then exit procedure...
      
      If GetGadgetState(Gadget) = -1
        MessageRequester("Error!", "There are no images to save!", #MB_ICONINFORMATION | #MB_TOPMOST | #MB_SETFOREGROUND)
        ProcedureReturn
      EndIf
      
      ; Show the save dialogue and ask user to input file name, we can create a default filename based upon current date/time...
      
      SaveFilename.s = SaveFileRequester("Saving all your images...", FormatDate("%yyyy.%mm.%dd-%hh.%ii.%ss", Date()), "PNG Format|*.png|BMP Format|*.bmp", #Null)
      
      ; Store the required extension and format type...
      
      Select SelectedFilePattern()
        Case 0  ; PNG
          ImageFormat = #PB_ImagePlugin_PNG
          Extension.s  = ".png"
          
        Case 1  ; BMP
          ImageFormat = #PB_ImagePlugin_BMP
          Extension.s  = ".bmp"
      EndSelect
      
      ; If called from small gadget list we want small icons and vice-versa for large, then extract all icons in to an array...
      
      If Gadget = 1
        Dim iIcon(CountGadgetItems(1))
        ExtractIconEx_(PeekS(@FileName), #Null, #Null, iIcon(), ArraySize(iIcon()))
        x = 16
      Else
        Dim iIcon(CountGadgetItems(2))
        ExtractIconEx_(PeekS(@FileName), #Null, iIcon(), #Null, ArraySize(iIcon()))
        x = 32
      EndIf
      
      ; Create a new image then draw the icon to it...
      
      For a = 0 To ArraySize(iIcon()) - 1
        If CreateImage(MyImage, x, x, 32)
          StartDrawing(ImageOutput(MyImage))
          DrawingMode(#PB_2DDrawing_AllChannels)
          DrawImage(iIcon(a), 0, 0, x, x)
          StopDrawing()
        EndIf
        
        ; Destroy the icon in the array to prevent GDI leaks...
        
        DestroyIcon_(iIcon(a))
        
        ; If the image is a valid image save it then free the new image from memory when done...
        
        If IsImage(MyImage)
          If SaveImage(MyImage, SaveFilename.s + Str(a) + Extension.s, ImageFormat)
            FreeImage(MyImage)
          EndIf
        EndIf
        
        ; Process next icon in the array until all complete then free the array...
        
      Next a
      
      FreeArray(iIcon())
      
      ProcedureReturn
    EndProcedure
    
    Procedure Menu_About()
      
      MessageRequester(Title.s, Info.s, #MB_ICONINFORMATION | #MB_TOPMOST | #MB_SETFOREGROUND)
      
    EndProcedure
    
    Procedure Menu_Callback(hWnd, uMsg, wParam, lParam)
      
      If uMsg = #WM_CONTEXTMENU
        Select wParam
          Case GadgetID(1)
            DisplayPopupMenu(MyMenu, WindowID(0))
            Gadget = 1
          Case GadgetID(2)
            DisplayPopupMenu(MyMenu, WindowID(0))
            Gadget = 2
        EndSelect
      EndIf
    
      ProcedureReturn #PB_ProcessPureBasicEvents
    EndProcedure

     

    The "cycle icons" sample found in the attached archive...

     

    Declare CycleIcons(void)
    
    If OpenWindow(0, 0, 0, 100, 100, "CycleIcons", #PB_Window_ScreenCentered | #PB_Window_SystemMenu)
      CreateThread(@CycleIcons(), #Null)
      
      Repeat
        Event = WaitWindowEvent()
      Until Event = #PB_Event_CloseWindow
    EndIf
    
    Procedure CycleIcons(void)
      
      FileName.s = GetCurrentDirectory() + "\test files\imageres.dll"
      
      IconNum = ExtractIconEx_(FileName.s, -1, #Null, #Null, #Null)
      
      Dim hIcon_Small(IconNum)
      Dim hIcon_Large(IconNum)
      
      ExtractIconEx_(FileName.s, 0, hIcon_Large(), hIcon_Small(), IconNum)
      
      hDC = GetDC_(WindowID(0))
      
      For a = 0 To IconNum - 1
        ExtFloodFill_(hDC, #Null, #Null, $f123, #FLOODFILLBORDER)
        
        SetWindowText_(WindowID(0), "Icon: " + a + "/" + Hex(a))
        SetClassLongPtr_(WindowID(0), #GCL_HICON, hIcon_Small(a))
        
        DrawIconEx_(hDC, 25, 30, hIcon_Small(a), #Null, #Null, #Null, #Null, #DI_NORMAL)
        DrawIconEx_(hDC, 65, 30, hIcon_Large(a), #Null, #Null, #Null, #Null, #DI_NORMAL)
        
        DestroyIcon_(hIcon_Small(a))
        DestroyIcon_(hIcon_Large(a))
        
        Sleep_(500)
      Next a
      
      DeleteDC_(hDC)
      
    EndProcedure


    Ted.

    Quick Icon Viewer.zip

  3. overkill's Blog

    • 2
      entries
    • 6
      comments
    • 3766
      views

    Recent Entries

    I put this out here to be diffrent, give ya something else to read besides all the other cool crap out there!

     

    *** Really wanted to delete this because it sounds weak,but i think its a insight to people who are not like you!! ...My personal msg for crackers or coders or scene people..you might be something or someone to somebody out there who is got Nothing..you might be an idol, a hero. Shit when cats were naming super heros I was the kid naming crackers and scene groups..0days cats. ((regardless what anyone thinks)) I just put it out there.

     

    I hope your not out there and thinking to yourself " im just a freakin coder bro, or a cracker or R.E.... grow up, move on, get a life.. 'get a real life'. If i'm judged because Im a fan of this scene of these groups, these people and your doing this for fun then whats the point of having an alias? To gain respect from others like you? maybe.
    - mAYBE IM LOST. No one will read this or maybe I will just be flamed...I'm just putting it like this cats, I'm into bodybuilding as a hobby, I work at a major retailer...and know a tiny bit about R.E. but I think what you do is cool as shit, and would love to have half the knowledge you guys have forgot...
    thanks for your time...
    your friend Overkill^

  4. xSRTsect's Blog

    • 1
      entry
    • 4
      comments
    • 5070
      views

    Recent Entries

    It has been a while since this good debugger is available for download at immunity's homepage. Such debugger has a lot of improvements over his older brother - odbgr. One of such improvements is the ability of coding scripts on python integrated interface that runs over completely the obsolete odbgr scripting. It has got endless potential and I advice you to look elsewhere for more information on the use of immdbg's integrated APIs. Today I am posting a small script I coded to unpack upx code - keep in mind that no iat reconstruction will be preformed as this is merely an ilustrative script that may help you to get started at coding scripts over immunity if you feel interested.

    __VERSION__ = '1.0'import immlib import getoptimport immutilsfrom immutils import *imm = immlib.Debugger() #init debugger#functions#maindef main(args):	imm.log("Started search for jmp at oep...")	imm.updateLog()	regtable = imm.getRegs() # gets all register table-like	patt = "\x00\x00\x00\x00\x00\x00\x00\x00" #UPX-Target pattern	count = 0	eip_curr = regtable["EIP"] #retrives current ep	while (count < 768):		mem = imm.readMemory(eip_curr+count, 8)		if (mem == patt):			imm.log("match: %08x" % (eip_curr+count))			break		count = count + 1		if (mem != patt):		imm.log( "No pattern found: YOU NEED TO BE AT OEP!" )		return "failure"		imm.setBreakpoint(eip_curr+count-5)	imm.run()	imm.stepIn()	imm.log( "code ep sucessfully found" )	return "success"

    Check the help file for the list of all Immunity API, keep in mind that this list does not describe the behaviour of the APIs - it just lists them. Also the unpacker seems to be working fine - report otherwise

  5. mrexodia's Blog

    • 1
      entry
    • 2
      comments
    • 15241
      views

    Recent Entries

    Hello everyone,

    Lately I thought it would be good to share some of the stuff I did with Armadillo to the general public, this time it will be about Armadillo’s Stolen Keys feature. When I have some time available, I will update this blog, but in general I don’t like typing long essays so don’t expect too much from that promise.

    What are stolen keys?

    Quite obvious, stolen keys are stolen (or otherwise illegally obtained) serials for an Armadillo project. The project developer can maintain a list of these stolen keys and when one of them is entered in the registration dialog it will not be accepted.

    Very briefly, in Armadillo you have various types of keys and also various key levels. Except unsigned keys (level 0), all keys consist of two parts:

    [KEYBYTES][sIGNATURE]

    The signature is the digital signature of the keybytes, this is just to verify the integrity of a key. For this post, only it’s size is of importance.

    The keybytes also have a variable length. Every serial in Armadillo can store 5 so-called ‘otherinfo’ WORD, 1 date WORD, 1 DWORD (symmetric key) and optionally a keystring. The symmetric key is the key we are looking for when dealing with Armadillo. It is (together with some other constant values) used to decrypt certificate descriptors. These are used to decrypt the program code an optionally the secured sections.

    Here is a the outline of a key:

    [ [OTHERINFO][DATE][sYM][KEYSTRING] ][sIGNATURE]

    As you can see, our target is somewhere near the middle of a key that is fully filled. Luckily, with the correct info, we can strip out the signature, leaving us 1-6 WORDS (otherinfo+encoded date value) and possible a keystring.

    Before I continue I would like to point out that the stolenkeys are not stored unencrypted in the target file. Every key is encrypted using a simple XOR-encryption with the name bound to the key as seed.

    Encryption/Decryption goes as follows:

    char tmp[2048]="";CookText(tmp, name); //UPPERCASE and strip bad charactersunsigned int seed=crc32(tmp, strlen(tmp), NewCRC32); //CRC32 of nameInitRandomGenerator(seed); //Initialize random number generatorfor(int i=0; i<keylength; i++)    keybytes[i]^= NextRandomRange(256);

    NextRandomRange gets a pseudo-random byte in the provided range, in this case a byte. Here is the source code from the random number generator:

    /* source start */#define m 100000000L#define m1 10000L#define b 31415821L unsigned long a; unsigned long mult(long p, long q){    unsigned long p1=p/m1, p0=p%m1, q1=q/m1, q0=q%m1;    return (((p0*q1+p1*q0) % m1) * m1+p0*q0) % m;} void InitRandomGenerator(unsigned long seed){    a=seed;} void NextRandomSeed(){    a=(mult( a, b )+1) % m;} unsigned long NextRandomRange(long range){    NextRandomSeed();    return (((a/m1)*range)/m1);}/* source end */

    Attacking

    Our goal is to find the decryption key of the stolen key. Let’s take a close look at the random number generator. Actually, when we look at NextRandomSeed, we can see one very easily: the final seed is divided by m (100000000) and the remainder becomes the actual new seed. This means that every seed is limited to 99999999 and that is a fairly small amount of brute force attempts!

    Our goal for today is to write a function, that returns a possible symmetric key from a seed and a piece of data collected from any stolen key (specifically the encrypted symmetric key). Before I start with that I would like to point out that the first two bytes of a stolen key can always be considered junk. This is because either the date, or various otherinfo parameters are always before the symmetric key. In reality, only a maximum of 4 otherinfo parameters is possible (the SoftwarePassport GUI does not have a use for the 5th otherinfo parameter). This means that we would only have to try a maximum of 5 times before we actually find the symmetric key.

    /* source start */unsigned long NextRandomRangeMod(unsigned int seed){    return (((a/m1)*256)/m1);} unsigned int NextRandomSeed(unsigned int seed){    return (mult( seed, b )+1) % m;} unsigned int decrypt_data(unsigned int seed, unsigned int data){    int next=seed;    int res=NextRandomRangeMod(next)<<24; //no little edian    next=NextRandomSeed(next);    res|=NextRandomRangeMod(next)<<16;    next=NextRandomSeed(next);    res|=NextRandomRangeMod(next)<<8;    next=NextRandomSeed(next);    res|=NextRandomRangeMod(next);    return res^data;} int main(){    stolen_data=0x????????;    for(int i=0; i<m; i++)    {	    unsigned int sym=decrypt_data(i, stolen_data);	    if(VerifySym(sym)) //imaginary function that checks the sym	    {		    printf(“found: %.8X”, sym);		    break;	    }    }}/* end of code */

    Conclusion

    When implemented in CUDA, brute forcing Armadillo v3-v7.2 goes from ~20 to less than a second. Armadillo v7.4 and higher goes from 2.5-3 hours to 4 minutes!

    rm71hv.png

    Little tool I created for testing my theories, it actually works!

    In the attachment I included a DLL that implements the algorithm (and various other Armadillo-related algorithms) with multi-threaded support. I decided not to include the tool because this post is about how it works, not all the tools I created in my life.

    Last but not least, a hint to the guys at SiliconRealms: do not store (encrypted) keys in a protected file, just store a list of hashes :)

    I hope you learned something from this!

    Greetings,

    Mr. eXoDia

    PS If you have any remarks or found a mistake (not related to grammar please), feel free to PM me.

  6. blog-0894582001365629857.pngI've made ​​more simple, I include source manually code with different code as well,

    Example + Source Code.

    This time I just use my 4-layer stacking horizontally so easy to understand,

    [120x80] [120x80] [120x80] [120x80] = [480 x 80]

    may can help.

    Download Source Code + Example ----------> ZNP Easy.zip

    unit Unit1;

    interface

    uses

    SysUtils, Graphics, Controls, Forms,

    ExtCtrls, StdCtrls, ComCtrls, Classes;

    type

    TForm1 = class(TForm)

    Memo1: TMemo;

    Timer1: TTimer;

    Label1: TLabel;

    Image1: TImage;

    Image2: TImage;

    Image3: TImage;

    Button1: TButton;

    Button2: TButton;

    Button3: TButton;

    Button4: TButton;

    GroupBox1: TGroupBox;

    GroupBox2: TGroupBox;

    GroupBox3: TGroupBox;

    Timer2: TTimer;

    Timer3: TTimer;

    procedure Timer1Timer(Sender: TObject);

    procedure FormCreate(Sender: TObject);

    procedure Button3Click(Sender: TObject);

    procedure Button4Click(Sender: TObject);

    procedure Button2Click(Sender: TObject);

    procedure Button1Click(Sender: TObject);

    procedure Timer2Timer(Sender: TObject);

    procedure Timer3Timer(Sender: TObject);

    private

    { X-88/Zephio }

    public

    { April, 2013 }

    { Tools : Delphi 7, Adobe PS 7 & Resource Editor }

    end;

    var

    Form1: TForm1;

    IV, OnOff, LeftPosition, RightPosition : Integer;

    implementation

    {$R *.dfm}

    {$R MR.res}

    procedure SetComponentBorder(C : TControl; Colorr: Integer);

    begin

    with TShape.Create© do

    begin

    Parent := C.Parent;

    Top := C.Top - 1;

    Left := C.Left - 1;

    Pen.Color := Colorr;

    Width := C.Width + 2;

    Height := C.Height + 2;

    SendToBack;

    end;

    if C is TComboBox then

    with TComboBox© do

    begin

    BevelInner := BVLowered;

    BevelKind := BKFlat;

    BevelOuter := BVNone;

    end;

    end;

    procedure TForm1.FormCreate(Sender: TObject);

    var

    BM : TBitmap;

    begin

    DoubleBuffered := true;

    BM := TBitmap.Create;

    BM.LoadFromResourceName(HInstance,'Test');

    Image1.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(0, 0, 120, 80));

    //--------------------->

    Image2.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(0, 0, 120, 80));

    BM.Free;

    //------------------------------------------>

    IV := 1;

    OnOff := 0;

    LeftPosition := 0;

    RightPosition := 1;

    //------------------------------------------>

    Randomize;

    SetComponentBorder(Memo1, Random(9998999));

    SetComponentBorder(Button1, $FF00FF);

    SetComponentBorder(Button2, $FF0000);

    SetComponentBorder(Button3, $0000FF);

    SetComponentBorder(Button4, $00FF00);

    end;

    procedure TForm1.Timer1Timer(Sender: TObject);

    var

    BM : TBitmap;

    const

    H = 80;

    W = 120;

    begin

    BM := TBitmap.Create;

    BM.LoadFromResourceName(HInstance,'Test');

    //---------->

    LeftPosition := LeftPosition + 1;

    if LeftPosition = 4 then

    LeftPosition := 0;

    //---------->

    RightPosition := RightPosition + 1;

    if RightPosition = 5 then

    RightPosition := 1;

    //---------->

    Image3.Canvas.CopyRect(Rect(0, 0, W, H),

    BM.Canvas,

    Rect(W * LeftPosition, 0, W * RightPosition, H));

    //---------->

    Memo1.Text := 'Layer Position : '+IntToStr(LeftPosition + 1)+#13#10+

    {Or Layer Position : IntToStr(RightPosition)}

    'Left Pos : '+IntToStr(LeftPosition)+', Right Pos : '+IntToStr(RightPosition)+#13#10+

    'LP : '+IntToStr(LeftPosition * W)+', RP : '+IntToStr(RightPosition * W)+#13#10+

    '--------------------------------------------------------------------'+#13#10+

    'NB : '+#13#10+

    'TImage/Image3 Height : 80, Width : 120'+#13#10+

    'X * Y = 120 x 80 Pixel'+#13#10+

    'LP : Left Position'+#13#10+

    'RP : Right Position'+#13#10+

    'Layer 1 = LP : 0, RP : 120'+#13#10+

    'Layer 2 = LP : 120, RP : 240'+#13#10+

    'Layer 3 = LP : 240, RP : 360'+#13#10+

    'Layer 4 = LP : 320, RP : 480';

    BM.Free;

    end;

    procedure TForm1.Button3Click(Sender: TObject);

    begin

    OnOff := OnOff + 1;

    if OnOff = 2 then

    OnOff := 0;

    Label1.Caption := 'On/Off Position : '+InTToStr(OnOff)+#13#10+'Timer Status : '+Copy(Button3.Caption, 6, Length(Button3.Caption));

    //-------------case OnOff of---------------->

    Timer1.Enabled := not Timer1.Enabled;

    case OnOff of

    0 :

    begin

    Button3.Caption := 'Turn On';

    end;

    1 :

    begin

    Button3.Caption := 'Turn Off';

    end;

    end;

    end;

    procedure TForm1.Button4Click(Sender: TObject);

    begin

    IV := IV + 1;

    if IV = 11 then

    IV := 1;

    Button4.Caption := 'Interval = '+IntToStr(IV * 100);

    Timer1.Interval := IV * 100;

    Timer3.Interval := IV * 100;

    end;

    procedure TForm1.Button2Click(Sender: TObject);

    begin

    Button2.Tag := Button2.Tag + 1;

    if Button2.Tag = 2 then

    Button2.Tag := 0;

    //-------------case OnOff of---------------->

    Timer3.Enabled := not Timer3.Enabled;

    case Button2.Tag of

    0 :

    begin

    Button2.Caption := 'Turn On';

    end;

    1 :

    begin

    Button2.Caption := 'Turn Off';

    end;

    end;

    end;

    procedure TForm1.Button1Click(Sender: TObject);

    var

    BM : TBitmap;

    begin

    BM := TBitmap.Create;

    BM.LoadFromResourceName(HInstance,'Test');

    //---------->

    Button1.Tag := Button1.Tag + 1;

    if Button1.Tag = 4 then

    Button1.Tag := 0;

    //-----Rect(Left, Top, Right, Bottom)----->

    case Button1.Tag of

    0 :

    begin //Layer 1

    Image1.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(0, 0, 120, 80));

    end;

    1 :

    begin //Layer 2

    Image1.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(120, 0, 240, 80));

    end;

    2 :

    begin //Layer 3

    Image1.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(240, 0, 360, 80));

    end;

    3 :

    begin //Layer 4

    Image1.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(360, 0, 480, 80));

    end;

    end;

    end;

    procedure TForm1.Timer2Timer(Sender: TObject);

    const

    MS : String = 'X-88 - [ZN Project] ';

    begin

    Timer2.Tag := Timer2.Tag + 1;

    if Timer2.Tag = Length(MS) then

    Timer2.Tag := 0;

    Form1.Caption := Copy(MS, Timer2.Tag, Length(MS));

    end;

    procedure TForm1.Timer3Timer(Sender: TObject);

    var

    BM : TBitmap;

    begin

    BM := TBitmap.Create;

    BM.LoadFromResourceName(HInstance,'Test');

    //---------->

    Timer3.Tag := Timer3.Tag + 1;

    if Timer3.Tag = 4 then

    Timer3.Tag := 0;

    //-----Left, Top, Right, Bottom----->

    case Timer3.Tag of

    0 :

    begin //Layer 1

    Image2.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(0, 0, 120, 80));

    end;

    1 :

    begin //Layer 2

    Image2.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(120, 0, 240, 80));

    end;

    2 :

    begin //Layer 3

    Image2.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(240, 0, 360, 80));

    end;

    3 :

    begin //Layer 4

    Image2.Canvas.CopyRect(Rect(0, 0, 120, 80),

    BM.Canvas,

    Rect(360, 0, 480, 80));

    end;

    end;

    end;

    end.

    another way,

    var

    I: Integer;

    var

    BM: TBitmap;

    begin

    BM: = TBitmap.Create;

    BM.LoadFromResourceName (hInstance, 'Test');

    / / ----- Rect (Left, Top, Right, Bottom) ----->

    if I = 0 then

    begin

    Image1.Canvas.CopyRect (Rect (0, 0, 120, 80),

    BM.Canvas,

    Rect (0, 0, 120, 80));

    end

    else

    begin

    if I = 1 then

    begin

    Blah blah blah

    end

    else

    begin

    if I = 2 thenbegin

    Blah blah blah

    end

    else

    begin

    if I = 3 then

    begin

    Blah blah blah

    else

    I := 0;

    Inc (I);

    end;

    Have Fun. :drunk:

  7. ghandi's Blog

    • 1
      entry
    • 10
      comments
    • 2440
      views

    Recent Entries

    I'm not really used to the whole 'blog' thing so bear with me while i simply spill some thoughts, :)

    Anybody who has seen the Keymaker.c source code for Armadillo keygenerating can see how the keys are built and put together, i'm not going to be explaining how i came to any conclusions aside from referring back to that document.

    The single most important thing to make genuine Level 10 Short V3 keys is the Encryption Template, from it the symmetric key is made as well as the private key being generated from it for ECDSA signing. People have already successfully attacked the signature verification as well as symmetric key verification, so this post isn't revealing anything new.

    The string is uppercased in a function called 'CookText' before it is hashed with the MD5 algorithm.

    Looking at the source code, we can see that the BasePointInit value for the elliptic curve used is also taken from the Encryption Template, the first unsigned long of the MD5 hash to be precise.

    So, what do we have at the moment?


    // Hypothetical variables
    unsigned long MD5Hash[4];
    char temp[256];
    unsigned long BasePointInit;
    unsigned long Symmetric;

    // Get the hash of the uppercased string
    CookText(temp, EncryptionTemplate);
    md5(MD5Hash, temp, strlen(temp));

    // Set BasePointInit and Symmetric values
    BasePointInit = MD5Hash[0];
    Symmetric = MD5Hash[0] ^ MD5Hash[1];

    // Remembering the ECDSAPrivateKey is derived from EncryptionTemplate.

    Okay, not a lot to look at to begin with but with the BasePointInit, we have the first dword of the MD5 hash and we can perform a bruteforce lookup for any hashes that begin with that value.

    On its own, this would be totally useless because it returns a lot of false positives so incorporating a check to see whether or not the generated symmetric key will yield a matching checksum when passed through the symmetric checksum function was necessary.

    Now, using CUDA and the symmetric check plus a large charset, it finds a 6 character encryption template in 80 seconds.

    Nothing to jump up and down about but the main thing is it works at all! There would most likely be a way to speed it up more but i'm not sure where to start, it is only a PoC and i'm sharing the theory only so please don't ask me for a copy.

    * Take Checksum, Salt (if used) and BasePointInit.

    * CUDA bruteforce matching MD5 hashes.

    * On matching hash, pass to checksum generation for testing (CPU).

    * On success, exit loop otherwise continue iterating strings until max length is reached.

    210kmsn.png

    I also had the brainwave idea of bruteforcing the 128 bit value which is the private key for ECDSA signing but couldn't find a way that was fast enough using my limited math experience, hehe.

    My conclusion from this little experiment is that although it is possible to recover the encryption template, the character set and probable length of the strings used by Armadillo's users will prevent it from becoming an attack vector for keygenning, especially when the ECDSA_Verify and symmetrickey can both be defeated with faster means.

    HR,

    Ghandi

  8. Killboy
    Latest Entry

    This is the result of trying to play back xm music on 64-bit Windows.

    I wrote a simple wrapper around libmodplug that reads its raw PCM output and writes it to the standard wave output.

    All you have to do is create an instance of ModPlay which needs a buffer + size of the xm file to be played.

    Then just call the play() function and voila :sorc:

    I have to say that it roughly adds 40kb of code to your binaries, you have to decide if that is worth it for you. Personally I don't care, especially because you can compress the **** out of it with UPX :)

    Attached are the wrapper C++ files, WINMM import libraries from the Windows SDK and 2 static libraries of libmodplug (compiled with VS 2008, you might need to build libmodplug yourself for other compilers/configs, see below for tips)

    Any problems, questions, suggestions, let me know.

    PS: If you want/need to compile libmodplug, just make sure you define these to keep the library size as small as possible:

    MODPLUG_BASIC_SUPPORT

    MODPLUG_FASTSOUNDLIB

    MODPLUG_NO_FILESAVE

    NO_PACKING

    For VC++ I added this version of stdint.h, added the libmodplug subfolder to the include dirs and it pretty much compiled out of the box. :wub:

  9. E33's Blog

    • 1
      entry
    • 0
      comments
    • 25177
      views

    Recent Entries

    Hi all,

    guess what, we again targeted activemark new version and this time we are releasing an updated tool for inlining the protection beside of course a tutorial which explains the technique.

    This is help tool for easy generation of binary strings used for inline patching of ActiveMark game protector. There are three possibilities depending on ActiveMark version and ActiveMark options used.

    OLD INLINE: This one is used in AM v6.3.xxx. It uses USER32.SetTimer, and was already covered by AM Inline Patch Generator coded by our teammate Nieylana (credits). Slightly improved.

    SET TIMER INLINE: This one is used in AM v6.6x.xxx, where call for initial browser screen is totally different, and also you can't just NOP the SetTimer call, so another approach is due.

    CREATE THREAD INLINE: This one is also used in AM v6.6x.xxx. Does not utilize Set Timer for checking trial time. It rather creates a thread which checks trial time every 60 seconds.

    All three approaches are explained in the tutorial you can find in ARTeam's Tutorials section.

    You can grab them all from here:

    tutorial: http://www.accessroo...ad.php?view.324

    tool: http://www.accessroo...ad.php?view.325

    thanks to SSlEviN for his great work. Beside this is the first tool he coded on his own! Veery nice beginning

    Source: [ARTeam] ActiveMark "dismembered"

  10. TreaxeR's Blog

    This is my first Dup Skin

    ...

    mtctdupskin.png

  11. Imports Fixer

    • 1
      entry
    • 3
      comments
    • 12275
      views

    Recent Entries

    gallery_5231_7_17354.jpg

    Get the latest release here

    Report bugs, or post suggestions here

    Today I decided to present a new tool meant for rebuilding imports and that will hopefully replace ImpREC. I called it "Imports Fixer" and for convenience will call it "IF" hereafter.

    It has been a long time that the project has been private inside SnD (more than 4 years) and I think that the time has come to go for a first public release. A lot of work and effort has been done so far in order to try to compete with the so beloved ImpREC. I will present here for now a general overview of what IF can do, will do and probably can't do (for the moment ;) ). If you are familiar with ImpREC the following explanations shouldn't be problematic.

    So for impatient folks who got bored from ImpREC, here is the new Imports Fixer 1.5a *PUBLIC VERSION*

    med_gallery_5231_7_6166.jpg

    As you can see there are 4 tabs :

    Processes & Modules :

    To get started simply select the process from the list and the loaded modules inside the running process will be automatically loaded.

    You can right click a process to either dump it or kill it (the dumping is more fun than killing ;) )

    Well here is the dumper tool. You can use it in collapsed mode if you do not wish to dump other memory regions and add them to the end of the main dump. You can also dump the PE header or a specific section by right clicking the desired section.

    gallery_5231_7_46340.jpg

    If you want to add other memory regions to the file then use the dumper tool in the expanded mode

    (by clicking the arrow) you will then have a map view of the memory. Simply drag and drop

    selected region into the main dump and it will be automatically added (be sure to not exceed the

    max number of sections allowed).

    med_gallery_5231_7_25065.jpg

    IT & IAT

    med_gallery_5231_7_23543.jpg

    Get Imports : retrieves and tries to resolve thunks starting from IAT begin

    Load Imports : load imports from pre-saved tree

    Save Imports : save imports tree

    med_gallery_5231_7_27643.jpg

    Write Imports : writes import table to the dumped file

    Show invalid thunks : show non resolved thunks

    med_gallery_5231_7_58127.jpg

    Clear Imports : talks for itself ;)

    Enter the OEP and press the IAT auto search button to serach for a possible valid IAT. If it fails try to manually to fill the IAT RVA and Size.

    med_gallery_5231_7_19762.jpg

    When you get imports you will have have a set of options :

    med_gallery_5231_7_13340.jpg

    you can cut, invalidate or show calls for the api :

    med_gallery_5231_7_10099.jpg

    you can also edit manually the api by double clicking it :

    gallery_5231_7_19282.jpg

    Hex Editor :

    Time for some editing. A hex viewer/editor within executable imagesize.

    med_gallery_5231_7_93820.jpg

    Options to search for a sequence of bytes, to go to an address and to modify a byte are also present.

    med_gallery_5231_7_88868.jpg

    Disassembling & Debugging :

    This section is under construction. The disassembling part is ready though, but I wanted to have a full working debugging and disassembling engine before releasing the whole package. But if you are curious here is an overview of what the disassembling would look like :

    gallery_5231_7_22385.jpg

    IF main menu :

    Tools :

    Converter tool : converts values into different formats (VA : Virtual Address, RVA : Relative Virtual Address, Offset : Address on disk)

    gallery_5231_7_9107.jpg

    Hex calculator : basic assembler operations and hextodec, dectohex conversions.

    gallery_5231_7_9844.jpg

    Preferences :

    gallery_5231_7_27070.jpg

    The options are very clear I think, you will get used to them very quickly. As you see IF can be hidden in tray and called when needed :

    gallery_5231_7_10013.jpg

    Help :

    Documentation : includes a detailed help file of all functionalities supported by IF.

    Check for updates : will update automatically IF after detecting a new version.

    Next version update list : will give you ongoing info about updates I'm working on for next versions.

    gallery_5231_7_23550.jpg

    History : All IF updates since 1.0 version.

    gallery_5231_7_7500.jpg

    About : includes greetingz section.

    Well that's it for today, if you appreciate the work an encouraging comment would be nice ;)

    I am not telling at all that it is a perfect tool, but I can say that this is an active

    project with some nice features and that all suggestions are welcome to improve it.

    SC.

  12. DAHipHop - Blog

    • 1
      entry
    • 27
      comments
    • 42641
      views

    Recent Entries

    -In tutorial, I will instruct you to use Ollydbg (For anyone to understand Vietnamese)

    -Includes: Serial Fishing
    -Author: DAHipHop
    -Type Movie: Application (.exe)
    -Language: Vietnamese

    -Tutorial 1:
    />http://www.mediafire.com/?1zhtjjjvmyj

    -Tutorial 2:
    />http://www.mediafire.com/?zhhm52dhzxq

    -Tutorial 3:
    />http://www.mediafire.com/?mm0fojoddmm

    -Tutorial 4:
    />http://www.mediafire.com/?mt3i4doqtkq

    -Tutorial 5:
    />http://www.mediafire.com/?vh4vdwwygqo

    -Tutorial 6:
    />http://www.mediafire.com/?djwmojmtym2

    -Tutorial 7:
    />http://www.mediafire.com/?rngzmtguzej

    -Tutorial 8:
    />http://www.mediafire.com/?m2jwn0yzdqj

    -Tutorial 9:
    />http://www.mediafire.com/?uc1ntojj30w

    -Tutorial 10:
    />http://www.mediafire.com/?z2mw2fzyuho

    -Tutorial 11:
    />http://www.mediafire.com/?fnzyyoewzmy

    -Tutorial 12:
    />http://www.mediafire.com/?yuwi2iaq4om

    -Tutorial 13:
    />http://www.mediafire.com/?yltm2mytanm

    -Tutorial 14:
    />http://www.mediafire.com/?tm3zz3utzjy

    -Tutorial 15:
    />http://www.mediafire.com/?nzn3onzudum

    -Tutorial 16:
    />http://www.mediafire.com/?edd2mhy3jyn

    -Tutorial 17:
    />http://www.mediafire.com/?tmkaiqgigzi

    -Tutorial 18:
    />http://www.mediafire.com/?zqmdhnzajoz

    -Tutorial 19:
    />http://www.mediafire.com/?mnzuzd34nmj

    -Tutorial 20:
    />http://www.mediafire.com/?noiunclxylm

    -Tutorial 21:
    />http://www.mediafire.com/?zmumg1tzije

    -Tutorial 22:
    />http://www.mediafire.com/?ywzlnhjmkyx

    -Tutorial 23:
    />http://www.mediafire.com/?zixmtln2ymz

    -Tutorial 24:
    />http://www.mediafire.com/?vzztmydigml

    -Tutorial 25:
    />http://www.mediafire.com/?qztjgaumzjz

    -Tutorial 26:
    />http://www.mediafire.com/?zylzzwqgwqt

    -Tutorial 27:
    />http://www.mediafire.com/?wmjtmm01ymy

    -Tutorial 28:
    />http://www.mediafire.com/?m2d3lrlyz2w

    -Tutorial 29:
    />http://www.mediafire.com/?zmwumywwwie

    -Tutorial 30:
    />http://www.mediafire.com/?dz2nzlbtwwm

    -Tutorial 31:
    />http://www.mediafire.com/?onn4mzyhydo

    -Tutorial 32:
    />http://www.mediafire.com/?znommnwhkk1

    -Tutorial 33:
    />http://www.mediafire.com/?zezuy0nymqm

    -Tutorial 34:
    />http://www.mediafire.com/?nxynbyzgmty

    -Tutorial 35:
    />http://www.mediafire.com/?mj2dmnzdyjn

    -Tutorial 36:
    />http://www.mediafire.com/?3z5zn3hjdwo

    -Tutorial 37:
    />http://www.mediafire.com/?2hzmyxmdmen

    -Tutorial 38:
    />http://www.mediafire.com/?zhnnlimgjj2

    -Tutorial 39:
    />http://www.mediafire.com/?m4yynmmmqju

    -Tutorial 40:
    />http://www.mediafire.com/?jmj0y1nzvud

    -Tutorial 41:
    />http://www.mediafire.com/?tuoz2hdnynz

    -Tutorial 42:
    />http://www.mediafire.com/?zwwjjdn1ij3

    -Tutorial 43:
    />http://www.mediafire.com/?mugvkf3mzhn

    -Tutorial 44:
    />http://www.mediafire.com/?nzoiyrt2jjw

    P.S: Fix link Tutorial 30,33,34,35 and update Tutorial 41,42,43,44:woot:

  13. So as many of you know, I have been working on a very neat project! It's open source, it runs on LINUX and Windows, it uses cryptography and it eventually will pack and protect files. I'm really proud of this project for a number of reasons. It's creative and unique, but more importantly I made the choice to share my code with the world. Once the code goes up on the project sites SourceForge and Google Code. People will be able to use the source in their projects, hopefully it will promote new ideas for cryptography and how we can implement cryptographic libraries into antivirus technology to improve methods of detection, and create actual methods of detecting cryptographic algorithms used in malicious code. If your interested in the project please join the group and show some support!

    I'm looking for a graphic artist for help with the art on the wiki and art for the software. I also need someone who is good with documentation and instruction as well. If your interested please contact me on the forum. I will be sure to add your names to the GPL and list your name in the project contributor list.

    I promised some updates here is the Visual C++ GUI for the Windows version

    Current functionality for the front end (this is the dobrexor) just had to re-compile the crypto lib to support unicode and make some changes to the code. The Linux version is hopefully with a lot of work going to run in Qt. But for now here is a screen shot of the Win32 GUI. I just finished up the RSAKeyGen functions this evening. So As it stands the application is generating public and private keys supporting 1024, 2048 and 4096 bits. I'll be working on moving the code over to get the functions working for the file encryption and decryption.

    128200954311amix2.png

    What's the difference between Komodo PGMP and Dobrexor?

    Komodo PGMP is the name for the visual front end of Dobrexor which was the original version developed as a console application.

  14. cond0lence's Blog

    • 1
      entry
    • 1
      comment
    • 26253
      views

    Recent Entries

    Ok, it was for me a little joy to create a few new avatars, you might seen them around.

    Don't be sad if not, I think to build for them maybe a little avatar gallery.

    Well, since imageshack or other imagehoster have they limitations its still important to think about the filesize.

    I surely think on this many times for example in portable apps or template developing processes.

    My personally max. limit of avatars is something around 10kb, its just a fine value and you can add things later

    because its far away from 20kb (an avarate limit).

    You might have tasted PNGOut, its also included in XnView, but I don't liked that it consumes so much RAM in Xtreme! Pro

    and the resulting filesize wasn't what I originally dreamed of.

    I just came across the developing forum of portableapps to these Command-line Tools

    advpng.exe, pngcrush.exe and optipng.exe

    They are all packed together at: http://renttopwn.com/png-tests/

    Its not only perfect that you can run the compression process with no probs next to other things,

    you get also better results.

    Just try it you. You will favourite PNG more than GIF or JPEG from this days.

    Or recompress your template. How small can you get it now??

    Another great or almost related to its flexibility tool for recompression is http://psydk.org/PngOptimizer

    If you ever had stuff like something from http://portableapps.com/ and know it can be smaller without any loss, try this out.

    The tool can look in subfolders and recompress every TGA, GIF and PNG and work also with drag 'n drop.

    Just the right thing!

    Maybe the programmer adds the TIFF support soon. We'll see, we'll see.. ;)

  15. ap0x's Blog

    • 3
      entries
    • 24
      comments
    • 1396
      views

    Recent Entries

    ap0x
    Latest Entry

    I know I mentioned this a while ago here at the forum but I never actually added this to UE. Why? Because it was developed for the company I work for and got payed to do it. But code itself isn't such a big mystery but it is uber cool (TF2 player what 'r gonna do) because it uses only one API to do the realignment and that is because it is needed to be Windows 2000 compliant. And that was then... The same API call definition as in y0da's realign15.dll. This was done to retain compliance with my old unpackers which used y0da's realigner. And now... I added a new API called nicely IsPE32FileValid and you know what it does. But what you don't know is how does it do it. Meaning what is checked. And the answer is.... Everything, and it also checks for Microsoft PECOFF version differences between NT and 9x OSes making some files invalid on 9x . Here is a brief list:

    1) Everything said in PECOFF 8.0 (ImageBase, PE32 field data...)

    2) Table content (TLS, Imports [also validates by using existing libraries], Resources)

    3) Section content, accessibility and file alignment

    And there is a much cooler API called FixBrokenPE32File which will NOT be added to Realigner because... Well because it is uber cool and I don't wanna release it just yet. So Realigner comes with two APIs: RealignPE and IsPE32FileValid. And that is it for now. I plan on adding reloc stripping before this little thing gets added to UE. Stay tunned because it could happen very, very soon...

  16. Departure's Blog

    • 3
      entries
    • 11
      comments
    • 29897
      views

    Recent Entries

    Well here is current source code to the mp3 player I have working on using bass.dll, It's proberly very basic for the more expirenced delphi programmers, But this project was done to improve my delphi skills and also give me a little time in photoshop to play around, belive it or not the interface and buttons took more time than the coding LOL. you will find a few good custom functions in this source as I added the ability to send the currently playing song to paltalk room(chat program) this has been done by emnuChildProc to find the text box handel, But I have made a custom function that will use this even if there is more than 1 instanstnce of a control name and the handel changes each and every time... Anyway have a look and tell me what you guys think :)

    CheesyMp3SC.rar

  17. Loki's Musings

    • 1
      entry
    • 4
      comments
    • 35730
      views

    Recent Entries

    Thought I'd start this as one or two others have done. Not sure how often I'll bother to write in here, but hopefully it will be reasonably regularly.

    Been working on v1.4 of reverser tool today. A beta was released in March so I thought it was about time I got back to coding it.

    Today I have overhauled the mini menu (next to the key box). The option to 'Read key in as hex' has been available for a while and I have meant to expand this this to cover the input and output for some time. I have now added the options to 'Read INPUT in as hex' and to 'Display OUTPUT as hex'. I think this is most useful for dealing with encryptions (such as blowfish) which dont always output alpha-numeric characters. It may also save you from an extra conversion depending on the input/output you want.

    I think I'll also add in the option to 'Auto strip non hex chars from input'. At the moment an error is thrown if you enter something like "61 62 63 64" because of the spaces. An auto strip option would allow for "61 62 63 64", "61h 62h 63h 64h", "61,62,63,64", "%61%62%63%64" and any other variable.

    Also need to refix the blowfish code. syk071c noticed and fixed and error, but it now stops short when decoding so I need to take a look at that. Also, in coding today I seem to have completely broken the colour schemes - not sure how that happened but ho hum, thats the fun of it I guess. Something else to fix :P