Reverse Engineering Articles

I have renamed the program to ensure anonymity. Hello everyone. I am trying to debug this program that is compiled with py2exe (you can tell from the icon) But when I try to debug it (x64dbg and others) it does not show the text. When you first run the program it gives you 3 options. One is to start mining, 2nd is to Send coins, and 3rd is to Check balance or view your public key. What I expected is that when running in a debugger it would expose what server it connects to and other ways. I can tell that the program is created in python because when ran in a debugger it shows Py commands. I have tried a method known as unpy2exe to decompile it but when I…

https://www.uperesia.com/hancitor-packer-demystified Ted.

https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482 Ted.

https://youtu.be/Sv8yu12y5zM bonus - VSCodium - Binary releases of VS Code without MS branding/telemetry/licensing - hxxps://github.com/VSCodium/vscodium

Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using n…

slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/

Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software

Lets assume we have this code: test_proc proc VM_EAGLE_BLACK_START add rax, rcx add rax, rdx add rax, rsi add rax, rdi ret VM_EAGLE_BLACK_END test_proc endp So we have a single basicblock with multiple inputs: RAX, RCX, RDX, RSI, RDI and a single output: RAX. The protected version of that has about 10.000.000 instructions (Themida 2.4.6.0 demo). Lets run it through Unicorn and connect instructions via their sideeffects. While we are at it, lets assume we have an unlimited number of registers so we can remove memory indirections and connect instructions directly. Out of the initial 10mio instructions, how many contribute directly or ind…

Reversing ALPC: Where are your windows bugs and sandbox escapes - https://sandboxescaper.blogspot.com/2018/10/reversing-alpc-where-are-your-windows.html

Reverse-Engineering WebAssembly binaries: https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Best Regards, Evilcry

The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges coveri…

Here you go: https://crackmes.one/ BR, Evilcry

Protecting RSA-based Protocols Against Adaptive Chosen-Ciphertext Attacks : Link to Full Article

Full Article here: An excerpt from the post:

I just came across to this video on YouTube and thought it will not be a bad idea to share it with the community, and I don't know if this is new for some people or not but...

https://kbdsmoke.me/obtaining-unexported-function-addresses-using-exceptions BR, Evilcry

A malware explicitly designed to sabotage the computer systems of the Olympic opening ceremony, how infects,steal credentials, performs lateral movements to propagate across the network and destroy the victim machines. https://cyber.wtf/2018/03/28/dissecting-olympic-destroyer-a-walk-through BR, Evilcry

Hi, this is a really nice blog-post about using IDAPython to write an x86 emulator in order to solve (obtain) statically a challenge. http://0xeb.net/2018/02/writing-a-simple-x86-emulator-with-idapython

There you can find awesome articles on how to face FinSpy VM: http://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation https://www.welivesecurity.com/wp-content/uploads/2018/01/WP-FinFisher.pdf Credits to Rolf Rolles and Filip Kafka

These couple hundred of tutorials also contains mainly game programming aswell . http://www.moviex.info/forums/index.php?ac...t=0#entry649239 NOTE:This website requires you to register at it to download stuff from it so register and enjoy first of all all these tutorials and second of all this great site to dl movies and stuff from .

White Rabbit crackme! https://hshrzd.wordpress.com/2018/02/03/white-rabbit-crackme/ Ted.

Print("hii") from math import math * Dec("1024)

Reverse engineering a Gameboy ROM with radare2 https://www.megabeets.net/reverse-engineering-a-gameboy-rom-with-radare2/ Ted.

LinuxReversing&Links: LinuxReversing.txt: small tutorial about reversing command for linux. LinuxReversingLinks.txt Maybe someone will find them usefull. I am not a linux expert! LinuxReversing&Links.zip

Introducing New Packing Method: First Reflective PE Packer Amber https://pentest.blog/introducing-new-packing-method-first-reflective-pe-packer/ Ted.