Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. dangducluan

    CrackMe VMP

    VMP is hard decode. Password : vccode, appears a few in the entrance VM Bytecode(RVA : 001D5EC3) on the EAX, ESI register. And you can see clearly at the address RVA 00004790(stack and register) just before it was compared and return value ☺️.And only patch return value or trace find vm-jcc
  4. Last week
  5. Hi, I found that info already but it dosent work. Microsoft Windows [Version 6.1.7601] Copyright (c) 2009 Microsoft Corporation. Alle Rechte vorbehalten. C:\ffmpeg-4.0.1-win32-static\bin 1>ffmpeg -headers $'X-API-KEY: g\r\nuser-agent:3' -i "....m3u8" -v trace ffmpeg version 4.0.1 Copyright (c) 2000-2018 the FFmpeg developers built with gcc 7.3.1 (GCC) 20180710 configuration: --enable-gpl --enable-version3 --enable-sdl2 --enable-bzlib --enable-fontconfig --enable-gnutls --enable-iconv --enable-libass --enable-libbluray --enable-libfreetype --enable-libmp3lame --enable-libopencore-amrnb --enable-libopencore-amrwb --enable-libopenjpeg - -enable-libopus --enable-libshine --enable-libsnappy --enable-libsoxr --enable-libtheora --enable-libtwolame --enable-libvpx --enable-libwavpack --enable-libwebp --enable-libx264 --enable-libx265 --enable-libxml2 --enable-libzimg --enable-lzma --enable-zlib --enable-gmp --enable- libvidstab --enable-libvorbis --enable-libvo-amrwbenc --enable-libmysofa --enable-libspeex --enable-libxvid --enable-libaom --enable-libmfx --enable-amf --enable-ffnvcodec --enable-cuvid --enable-d3d11va --enable-nvenc --enable-nvdec --enable-dxva2 --enable-avisynth libavutil 56. 14.100 / 56. 14.100 libavcodec 58. 18.100 / 58. 18.100 libavformat 58. 12.100 / 58. 12.100 libavdevice 58. 3.100 / 58. 3.100 libavfilter 7. 16.100 / 7. 16.100 libswscale 5. 1.100 / 5. 1.100 libswresample 3. 1.100 / 3. 1.100 libpostproc 55. 1.100 / 55. 1.100 Splitting the commandline. Reading option '-headers' ... matched as AVOption 'headers' with argument '$'X-API-KEY:'. Reading option 'g\r\nuser-agent:3'' ... matched as output url. Reading option '-i' ... matched as input url with argument '.....m3u8'. Reading option '-v' ... matched as option 'v' (set logging level) with argument 'trace'. Finished splitting the commandline. Parsing a group of options: global . Applying option v (set logging level) with argument trace. Successfully parsed a group of options. Parsing a group of options: input url .....m3u8. Successfully parsed a group of options. Opening an input file: .....m3u8. [NULL @ 0052f780] Opening '.....m3u8' for reading [https @ 04943b80] Setting default whitelist 'http,https,tls,rtp,tcp,udp,crypto,httpproxy' [https @ 04943b80] request: GET /....m3u8 HTTP/1.1 User-Agent: Lavf/58.12.100 Accept: */* Range: bytes=0- Connection: close Host: .....net Icy-MetaData: 1 Thats the problem.If I use -headers parameter once then it will add it below but I need to add many header paramters not only one.If I use more than one -headers xy then it only adds the last one.Any more clues? greetz
  6. Hi @LCF-AT, Try something like(tested): ffmpeg -headers $'X-API-KEY: g\r\nuser-agent:3' ...
  7. Hi guys, I have a new small question about ffmpeg and using custom request http header datas.I have test it and I dont get it working anymore so correctly and I just get it work with only one header paramter also if I am using more than one.So ffmpeg said this... http AVOptions: -headers <string> ED....... set custom HTTP headers, can override built in default headers ...so if I use this paramter -headers "User-Agent: test" then it works.So now I would like to use more than one but if I do that then only the last -headers paramter gets added to the header and all before gets ignored.So does anyone remember how to make it correctly to set more than one header paramters for a commandline I can enter in CMD window?Is there any issue with CLRF and if yes how to enter that in text form?Maybe anyone has any example for that. Thanks
  8. alifeti54

    CrackMe VMP

    Yes, pw is correct. can u take a cracked file?
  9. GautamGreat

    CrackMe VMP

    Password is : vccode
  10. Cursedzx

    Night Protector 2.0

    What i got so far... i just went to the method where it decrypts it and set a bp to get the key. some strings are decrypted. i don't know how to make my own string decrypter to do the other parts automatically. key: crack-me_obfuscated_stringdec.exe
  11. alifeti54

    CrackMe VMP

    Difficulty : 6-7 Language : C++, Platform : Windows x32 OS Version : Windows 7+ Packer / Protector : VMProtect 3.0.9 Ultimate Description : Provide correct password or cracked file. if you manage to crack please leave a tutorial. Screenshot : CrackM3.exe
  12. Blah

    Denuvo - In The News

    will be interesting to see this out in the wild and how it holds up (if a game ever has it lol)
  13. evlncrn8

    Denuvo - In The News

    it would also appear theres a new denuvo-a-like in town.. https://valeroa.com/ havent seen anything 'protected' with it though so if anyone comes across any targets, please let me know
  14. Blah

    Denuvo - In The News

    https://torrentfreak.com/hitman-2s-denuvo-protection-cracked-three-days-before-launch-181112/ 😎
  15. Depends on the game. If the movement is synced in some manner after you send the packet to move, the server will respond back that it did or didn't move etc. If the game doesn't sync then if you want to visually see the move you'd have to tell the client to move by force as well.
  16. Hey all, I've created a packet sniffer and lets say I've hooked up a game and can intercept all traffic, modify packets, replay etc. Now the question is, when I replay a packet, lets say Moving packet, how does the game client know it should move when I only send it to server and receive a response? Does the client upon receiving that info from server move or? If anyone has any idea on how exactly this part works I'd appreciate the input. Thanks!
  17. deepzero

    [DevirtualizeMe] VMProtect 3.0.9

    It's called threading / threaded execution. edit: disregard, putting downvoted posts at the end of the thread successfully confused me.
  18. Cursedzx

    ConfuserEx Mod

    Pass: rb3-Unpacked.exe
  19. Raham

    [DevirtualizeMe] VMProtect 3.0.9

    Hi. its month after challenge v2, but i had free time just now, to work on target. Result of both Key 1 & 2 are identical compared to Protected file. Kind Regards devirtualizeme32_vmp_3.0.9_v2_DeVM_Final_OK.exe
  20. RYDB3RG


    Keep in mind that i dont convert vmp's x86 straight to llvm ir (if you are looking for something like that, McSema might help). Instead, I translate the handlers into my own node things, which i then create llvm ir from. There is a bunch of nodes, but most are pretty straight forward. This is how Add looks like: struct AddNode : public BinaryNode { AddNode(const NodePtr &left_value_node, const NodePtr &right_value_node) : BinaryNode(left_value_node, right_value_node) { } void get_name(std::ostream &o) const override { o << "add"; } void gen_ir(GenIr &o) const override { o << id(index) << " = add " << get_ir_type(width) << " " << id(left_value_node->index) << ", " << id(right_value_node->index) << endl; } Width get_width() const override { return left_value_node->width; } }; So it expects 2 input nodes (which usually come from vmp's stack). When generating IR, Node X expects its inputs to already be generated and available via their input's index, so Add can just use consume them, create an Add instruction and thus create a new result, which itself will be consumed eventually (or not, if its a deadstore)
  21. !Eddy420CZ

    CrackMe^ v15 [Packers_Madness]

    Difficulty : 7 Language : C++ (crt support) / C# (:NET 2.0) Platform : Windows 7+ (X86) OS Version : All Widnows Packer / Protector : Rlpack, Upx (custom), ConfuserEx(custom) , Memory protection, Antidebug (ASM) Description : This one is for most experienced reversers. Because computing runtime is spreaded in to the three PE files. Screenshot : CrackMe^ v15___.zip
  22. zodiac

    Excelsior JET 12 Std

    How to find routine?
  23. https://dnssec-analyzer.verisignlabs.com/tut.tuts4you.com
  24. Forum email-service has tut.tuts4you.com domain which has invalid DNSSEC records. So my email-provider classified as spam and rejected these emails. Please fix this misconfiguration.
  25. Earlier
  26. kozera


    How did you convert that assembly to llvm IR? It looks pretty good.
  27. BambooQJ


    good job
  28. estelle970

    [UnpackMe] Private Exe Protector 4.4.2 + License ID

    hello dear, SHADOW_UA I am new here and still learn can you make a detailed tutorial for unpacking private exe protector 4.4.x (prefered video), please? regards
  29. HostageOfCode

    Protection for Native Driver / Applicaition

    Haven't seen so far unpacked or devirtualized driver of any protector above. So far as far as i know exist only dynamic devirtualizers which don't see how will work in kernel mode. Only static devirtualizer for kernel mode would work but not sure any of this exists.
  1. Load more activity