Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. XenocodeRCE

    AssemblyGuard.io

    @Rextor No Idea why you negged my answer ? @OP : private void rWxHGbNyRwJQwkKTxvITtNVTObBy(object A_1, EventArgs A_2) { if (this.fxPPCqxJaEkasrESqMqXrjHHfJCDA.Text == Convert.FromBase64String(Convert.FromBase64String(Convert.FromBase64String(Regex.Unescape("\\u0056\\u0047\\u0031\\u0077\\u0055\\u006d\\u0056\\u0047\\u0062\\u0046\\u0056\\u0054\\u0057\\u0047\\u0078\\u0050\\u0054\\u0057\\u0078\\u0077\\u0063\\u006c\\u0052\\u0074\\u0063\\u0046\\u005a\\u004e\\u0052\\u006d\\u0078\\u0078\\u0059\\u006b\\u0064\\u0077\\u0054\\u0031\\u005a\\u0046\\u0057\\u006e\\u0052\\u0055\\u0061\\u0032\\u0052\\u0047\\u0054\\u0055\\u0055\\u0035\\u0056\\u0057\\u004a\\u0048\\u004d\\u0057\\u0046\\u0069\\u0056\\u0056\\u0056\\u0035\\u0056\\u0032\\u0030\\u0078\\u0054\\u0032\\u004a\\u0057\\u0061\\u0033\\u006c\\u0056\\u0056\\u0044\\u0041\\u0039"))))) { MessageBox.Show("Thats really correct! Please tell me how u did it :("); } else { MessageBox.Show("Invalid key, try again!"); } } Use ConfuserEx public deobfuscator tools
  3. Yesterday
  4. blank

    Dynamic Methods Madness

    I think with this approach, patching the exe would be way harder though. If it wasn't validating a serial, but relying on a simple if condition, one would have to unpack the whole thing to get to that condition and change it. Or it might be possible to just dump the actual method, change it, and replace the other layers of dynamic methods with it. I don't know if the dynamic method would work after being modified though. It would be awesome if someone could try to patch it, although the valid keygen was already posted.
  5. blank

    Dynamic Methods Madness

    @kao Darn it, I forgot you can break on framework methods.🙂 Well, what can I say, you are amazing. Thank you for taking the time to look at it. I found a commercial solution that just came out a few days ago and uses dynamic methods. I might post a crackme using that solution too sometime.
  6. kao

    Flare On 5

    @Sina_DiR: Where exactly are you stuck? Driver does something, usermode EXE does something. Analyze what exactly they do. 1) To load and run the driver, you need a reasonably new CPU and VM. My configuration was Intel i5-2500K and VMWare 12 with "Virtualize Intel VT-x/EPT or AMD-V/RVI" option enabled. 2) If you can't run driver for some reason (twitter commenters say they had some issues), just analyze it statically. Driver is based on open-source code, it should get you started.
  7. kao

    Dynamic Methods Madness

    1) Instead of putting breakpoint in the LoaderLibrary.LoadObject, you need to put breakpoint on System.Reflection.Emit.DynamicILInfo.SetCode(). 2) Instead of using data directly from "serializableMethod", you can put breakpoint on System.Reflection.Emit.DynamicILInfo.GetTokenFor(RuntimeMethodHandle method, RuntimeTypeHandle contextType), GetTokenFor(RuntimeFieldHandle field) and GetTokenFor(string literal). I wouldn't call that "impossible". It is slightly harder than previous but not that much.. Keygen for BlankEnhanced.zip
  8. Hey guy i dont why tuts4you can open in my browser...its tell ssl error..now im using vpn everthing is ok...but cachito tell me that im maybe stucked in mitm attack!!so guys i need your help
  9. blank

    Dynamic Methods Madness

    Yeah, I used 4.6.1 when building, so better to have at least that. I am expecting it to work on windows 7 or higher, as stated in the specifications. Please let me know if there are any problems while running it on current configurations. (windows xp is a bit outdated 😁)
  10. CodeExplorer

    Dynamic Methods Madness

    See the end of this message for details on invoking just-in-time (JIT) debugging instead of this dialog box. ************** Exception Text ************** System.TypeLoadException: Could not load type 'System.Reflection.RuntimeReflectionExtensions' from assembly 'mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089'. at LoaderLibrary.Loader.FindMethod(Type Owner, String Name, Type[] GivenParameters) at LoaderLibrary.Loader.LoadObject(Byte[] o, Boolean b) at WindowsFormsApp1.Form1.Form1_Load(Object sender, EventArgs e) at System.Windows.Forms.Form.OnLoad(EventArgs e) So it uses Framework 4.5++ types, won't work on old OS like Windows XP.
  11. blank

    Dynamic Methods Madness

    Difficulty : 9 Language : .NET Platform : Windows OS Version : 7 and above Packer / Protector : just dynamic methods (custom solution) Description : I learned a lot while building my original dynamic methods crackme so I decided to take it up a notch and created a new version. This one works the same: it asks for a name and a serial code, and if the serial is valid for the given name, it displays an ID calculated from the name. The goals are to either make the program calculate the ID without checking the serial, or build a keygen that creates valid serials. One pair of name and serial is provided. I tried to make it impossible to dump the dynamic methods contents this time. Have fun! Screenshot : crackme enhanced.zip
  12. fRiESLVe

    dUP2 Twice Skin

    View File dUP2 Twice Skin This Skin Twice girl-group girls from song "What is Love" 2018 Submitter Urgtvrgorfbr Submitted 09/23/2018 Category diablo2oo2 Universal Patcher (dUP)  
  13. Version 1.0

    1 download

    This Skin Twice girl-group girls from song "What is Love" 2018
  14. Sensational news story. Never going to happen... Ted.
  15. Last week
  16. It is the agendas of the wealthy members of the empire, the internet is just a tool or vehicle for peddling this. They are arrogant enough to believe that population control can be inflicted by having people voluntarily manipulated into restricting their own reproductive rights. Economic slavery has worked effectively in that regard but the more perverted behind the scenes aristocrats have decided to peddle additional confusions into the mix just to reinforce that their own pool of slaves will be more perverted in the end as well. Remember +Fravia and reality reversing?
  17. wuvezew

    How to develop nice GUI App

    Take a look at MaterialSkin by IgnaceMaes here: https://github.com/IgnaceMaes/MaterialSkin
  18. An ugly side effect of the internet is the rise of those feminazi whores and all that LGBT shit being forced on the rest of humanity Patiently waiting for the next storm
  19. Before Vista, there were two syscalls to create a process on Windows: NtCreateProcess and NtCreateProcessEx. (the latter is just a version of NtCreateProcess that supports job levels.) Vista added NtCreateUserProcess. All of these are undocumented by Microsoft (not counting the kernel source comments which are quite detailed but not exactly public). In all versions of Windows, CreateProcess[A|W] forwards to CreateProcessInternalW, which is a very (very) big wrapper for one of these syscalls. From the prototypes you can see that the syscalls are quite different: NTSTATUS NTAPI NtCreateProcessEx( _Out_ PHANDLE ProcessHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ HANDLE ParentProcess, _In_ ULONG Flags, _In_opt_ HANDLE SectionHandle, _In_opt_ HANDLE DebugPort, _In_opt_ HANDLE ExceptionPort, _In_ ULONG JobMemberLevel ); NTSTATUS NTAPI NtCreateUserProcess( _Out_ PHANDLE ProcessHandle, _Out_ PHANDLE ThreadHandle, _In_ ACCESS_MASK ProcessDesiredAccess, _In_ ACCESS_MASK ThreadDesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ProcessObjectAttributes, _In_opt_ POBJECT_ATTRIBUTES ThreadObjectAttributes, _In_ ULONG ProcessFlags, _In_ ULONG ThreadFlags, _In_ PRTL_USER_PROCESS_PARAMETERS ProcessParameters, _Inout_ PPS_CREATE_INFO CreateInfo, _In_ PPS_ATTRIBUTE_LIST AttributeList ); The last parameter to NtCreateUserProcess is an attribute list (the attributes on MSDN UpdateProcThreadAttribute roughly correspond to this, except the real syscall supports about twice as many). Only one attribute is actually required: the path to the executable to launch. Seems obvious right? Except if you look at the NtCreateProcess[Ex] prototype, you'll note there is no image path or attribute list. How CreateProcessInternalW worked in the XP days was basically the following sequence (highly abbreviated): NtCreateFile NtCreateSection NtCreateProcessEx NtQuerySection (to get e.g. image type, version, entry point and so on) Allocate and write RTL_USER_PROCESS_PARAMETERS to process Allocate a TEB and stack for the first thread and initialize it with a CONTEXT NtCreateThread (NB: Vista also replaced this with an NtCreateThreadEx, but NtCreateUserProcess always creates the first thread itself) Misc other stuff based on parameters passed in, cleanup etc. Thanks to ReactOS it's possible to see how this was done exactly. Anyway, if you look at the annotations on the functions you'll see that the section, despite being the most important piece of information about a process, is actually optional! Furthermore, NtCreateProcesss[Ex] has not been removed from Windows despite being replaced by NtCreateUserProcess basically everywhere. So to answer the question: you fork a process by obtaining a handle to it with PROCESS_CREATE_PROCESS access, and then calling NtCreateProcess or NtCreateProcessEx with this handle as the parent process. That's it I can't speak for how Cygwin's fork() works as I don't know much about Cygwin. As far as I recall (it's been a while), forking using the method above results in a 'true' fork (meaning copy on write semantics), not a vfork. However it may not be POSIX-compliant for other reasons which would still require a custom wrapper implementation.
  20. https://lulz.com/linux-devs-threaten-killswitch-coc-controversy-1252/
  21. Sina_DiR

    Flare On 5

    @kao I'm totally stuck on level 10 without any idea what should I do, any suggestion?
  22. XenocodeRCE

    AssemblyGuard.io

    10/10 difficulty but that's a free modded ConfuserEx ? I don't understand anything in the scene nowadays .... also there claim to have bytecode encryption, bytecode for .NET ? Doesn't make sense ?
  23. You can use fork() in windows installing cygwin, or that's what I know.
  24. so theres a fork in windows ? please show me the documentation for it ? as the only ones i know are createprocess / shellexecute etc..
  25. Hello All, I created my first reverse engineering project. It's an open source loader called patchya, It's not strong as dUP yet. I am planning to port it to Linux and to add more features as anti anti debugging tricks. Would appreciate any feedback! Github project: https://github.com/misaleh/patchya
  26. I agree with the above post, but forking in Windows is definitely a thing Its uses are obscure though. If for some reason you have Windows Error Reporting enabled you may unwittingly run into Windows becoming too 'fork-happy' like this poor guy.
  27. wuvezew

    AssemblyGuard.io

    Difficulty : I don't know, but they say 10 Language : C# Platform : Any Windows OS Version : All Packer / Protector : AssemblyGuard.io Description: You put the key and it will say "That's really correct!" if the key was correct. I'd like someone who unpacked it to tell me how he/she did it 😕 NOTE: I want it to be unpacked, I don't want you to use Process Hacker just to get the key of the Unpackme file. Screenshot: Thanks! UnpackMe.exe
  28. Gyver75

    Malware music video

    Damn dude! your YouTube channel was been closed … :(
  1. Load more activity
×