Reverse Engineering Articles
Share an interesting blog, news page or other RE related site...
346 topics in this forum
-
Flare-On 7 1 2 3 4
by kao- 8 followers
- 95 replies
- 67.1k views
Get your tools ready!
-
- 16 followers
- 178 replies
- 60.8k views
Get ready! Source: http://www.fireeye.com/blog/threat-research/2021/08/announcing-the-eighth-annual-flare-on-challenge.html
-
Following the good old tradition, this thread will be dedicated to the annual Flare-On challenge. Who's going to participate this year?
-
8086 Opcode Map
by CodeExplorer- 4 replies
- 42.3k views
8086 Opcode Map />http://www.mlsite.net/8086/ />http://board.flatassembler.net/topic.php?t=7803 />http://blog.llvm.org/2010/01/x86-disassembler.html />http://stackoverflow.com/questions/924303/how-to-write-a-disassembler />http://www.devmaster.net/forums/showthread.php?t=2311 />http://www.devmaster.net/codespotlight/show.php?id=25 Great one: />http://www.c-jump.com/CIS77/CPU/x86/lecture.html#X77_0040_opcode_sizes
-
LabyREnth Capture the Flag (CTF) Challenge - 2017 1 2 3 4
by crystalboy- 92 replies
- 35.1k views
Official site: http://labyrenth.com/Announcement: https://researchcenter.paloaltonetworks.com/2017/04/unit42-labyrenth-ctf-2017/
-
LZMA vs LZMA2 vs WinRAR64...
by Teddy Rogers- 2 replies
- 34.3k views
Had a bit of a slow day today so decided to do a mini-review/test... http://www.tuts4you.com/download.php?view.2726 Ted.
-
Site for reverse engineering tutorials 1 2
by R4ndom- 35 replies
- 34.2k views
My name is Random and I have been in the reversing community for a long time. I have started a site offering what I hope to be a long list of tutorials on reverse engineering. I have been doing this quite a while and I really just felt like I owed it to all the people who helped me learn what I know to give something back. I know, I know, "Another site for cracking tutorials", ...great. But hey, I'm just trying to be more active in the community. Anyway, the site is http://www.TheLegendOfRandom.com/blog/ The first several tuts are done.
-
- 92 replies
- 31.4k views
Last year was fun! Source: https://www.fireeye.com/blog/threat-research/2016/09/_announcing_the_thir.html Challenge site: http://www.flare-on.com/
-
VMPROTECT vs. LLVM
by RYDB3RG- 1 follower
- 4 replies
- 28.6k views
Hi, I made a tool that interprets a vmp rsi-stream, it records the handlers (or vm instructions) and connects them via their data dependencies. This is how a JCC looks like The edges in this graph represent data dependencies. Sequences of nodes with one input and one output are collapsed into blocks. Green nodes are constant nodes. They do not depend on external values (such as CPU registers), unlike red nodes. The hex number left of a node is a step number, the right number is its result. Only const nodes (green) can have a result. The graph contains all nodes that directly or indirectly contribute to the lower right "loadcc" instruction. CMP/…
-
- 9 followers
- 117 replies
- 27.9k views
Fasten your seatbelts; Flare-On 9 starts on September 30! https://www.mandiant.com/resources/blog/announcing-ninth-flareon-challenge
-
Video tutorial - how make skins for dUP2. 1 2
by Diver- 1 follower
- 32 replies
- 26.8k views
A large lesson on creating skins for the dUP2 Manufacture of skins for the dUP2, starting with Photoshop - finishing with dUP2. Parts: Part 1 - Photoshop. Steps: Change the main window Create buttons Create mask for RGNerator Create index of Main Window Create a window "About" Part 2 - RGNerator. Part 3 - ResHacker. Part 4 - DUP2. ==================================== Tools: 1 Photoshop. 2 RGNerator. 3 ResHacker. 4 dUP 2.21. ==================================== ==================================== Info: Format: SWF Time: 42 min. Size: 52 mb. Download Video-tut Tools - contains Adobe Photo…
-
Long List Of UnPackMe Formats... 1 2
by Teddy Rogers- 30 replies
- 24k views
I've added some new PE32 unpackme formats to Tuts 4 You. Rather than create a topic for each format I'll just give the list here: AlexProtector 1.0 Beta 2, Anskya Polymorphic Packer 1.3, AZProtect 0001, ExeFog 1.1, Hmimys Packer 1.0, JDPack 1.01 (Repacked), JDPack 2.00, JeyJey UPX Protector, Kkrunchy 0.23, Password Protect UPX 0.30, PeStubOEP 1.6, PolyCrypt PE 2.00, RLPack 1.0, Simple Pack 1.0, Simple Pack 1.11, Simple Pack 1.2, softSENTRY 3.00, Software Compress LITE 1.4, UnOpix 1.10, UPXScramb 2.2, VMProtect 1.1, VMProtect 1.2, VMProtect 1.21, VMProtect 1.22, VMProtect 1.24 There are more planned when I get the time, such as; Armadillo, ASProtect, Themida, Enigma, Mol…
-
- 4 followers
- 23 replies
- 23.6k views
I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header and maybe you shoud also fix .net header This way is more complex than use Me…
-
- 59 replies
- 23.5k views
Official site: http://labyrenth.com/ Announcement: http://researchcenter.paloaltonetworks.com/2016/06/unit-42-countdown-to-labyrenth-capture-the-flag-ctf-challenge/
-
Android Hackmes
by Loki- 1 reply
- 20.5k views
The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested. http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html Have fun! -------------------------------------------- Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android s…
-
- 4 followers
- 103 replies
- 18.9k views
Seems like the website of Flare-On (http://flare-on.com/) just added a timer; Flare-On 10 is going to start on September 29! I wonder if the medal shipments of last year will be in time before this next installment Who's joining this year?
-
.Net Manual Deobfuscating
by gholam.illidan- 2 followers
- 19 replies
- 17.1k views
is there any tut or e-book for .net manual unpacking and deobfuscating? (google == nothing) and some e-book on .net DataStructure. my .net cracking skill is verywell but im sucks in deobfuscating. tnx
-
VB API consult
by by:70- 17 replies
- 16.5k views
rtcMsgBox __vbaVarForNext __vbaLenVar __vbaLenVar ................... vb.rar
-
Figure me out
by Alzri2- 3 replies
- 16k views
Hello everyone, This challenge was written by naquadria in at4re forum: There is a file main.c contains this code: #include <windows.h> int iWinMain() { MessageBoxW(NULL, "PoC", "Hello!", MB_ICONINFORMATION); return 0; } 1- Is there a mistake in the code ? 2- Is it possible to build it ? Try to answer without testing it. One more thing... PM me your answer so others can have fun too, I'll post the answer after 3 days
-
Flare On 5 1 2
by kao- 29 replies
- 15.9k views
The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges coveri…
-
Learn Assembly And The Art Of Reverse Engineering
by Assembly101- 17 replies
- 15.4k views
Hello Community,I have recently opened up a site where I post "lessons" about assembly and reverse engineering. The main purpose of the site is to help people interested in assembly and reverse engineer get started and learn the fundamentals. I have seen a lot of assembly/RE tutorials and none of them try to make it simple and easily understandable. In my website, that is what i also really focus on. I want the readers to learn but not make it to hard on them.I think reverse engineering is a great skill, as you can use to to debug your own programs or even use it to exploit programs (make hacks,keys,etc..)If you guys are interested, the site is completely free and easy to…
-
About Themida
by RYDB3RG- 1 follower
- 11 replies
- 13.9k views
Lets assume we have this code: test_proc proc VM_EAGLE_BLACK_START add rax, rcx add rax, rdx add rax, rsi add rax, rdi ret VM_EAGLE_BLACK_END test_proc endp So we have a single basicblock with multiple inputs: RAX, RCX, RDX, RSI, RDI and a single output: RAX. The protected version of that has about 10.000.000 instructions (Themida 2.4.6.0 demo). Lets run it through Unicorn and connect instructions via their sideeffects. While we are at it, lets assume we have an unlimited number of registers so we can remove memory indirections and connect instructions directly. Out of the initial 10mio instructions, how many contribute directly or ind…
-
VMProtect VirtualDeobfuscator
by GautamGreat- 2 replies
- 13.7k views
Any one used this script to Deobfuscate VMPROTECT https://github.com/jnraber/VirtualDeobfuscator
-
Hack in the Box Magazine...
by Teddy Rogers- 4 replies
- 13.3k views
Hack in the Box 6 has been published... />http://magazine.hackinthebox.org/issues/HITB-Ezine-Issue-006.pdf Ted.
-
Injecting 64-Bit DLLs Into 32-Bit Process
by waliedassar- 5 replies
- 13.1k views
Discusses Wow64Log.Dll and how it can be used to inject 64-bit DLLs into Wow64 (32-Bit) Processes. http://waleedassar.blogspot.com/2013/01/wow64logdll.html