Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Past hour
  2. Yesterday
  3. Last week
  4. Hey, great!So simple just doing the change in default mode, hehe.Anyway, so it works now.Thank you for that info Kurapica. greetz
  5. Tried setting the defaults like this ? https://superuser.com/questions/581924/i-want-to-permanently-change-the-background-color-to-white-and-the-text-color-to/581926
  6. Aptitude

    [UnPackMe] Modded ConfuserEx

    Language : .NET Platform : Windows 32 bit OS Version : All Packer / Protector : "DARKSPROTECTOR 2.0 | PROTECT YOUR .NET APPS WITH THE BEST CONFUSEREX" Description: Unpack the file and say how Screenshot: DL: unpackme.exe
  7. Hi guys, I have a small question about the CMD windows on Win 10.So I wanna use a other color sheme and not the default sheme with black background.My goal is it to set the colors for all CMD windows which gets started but here I have some problem and it dosent seems to work.I did change the CMD color by executing the CMD as admin and one time without admin.Now when I start them manually then they using my set colors.The problem now when I do start CMD window by any other apps via CreateProcess (ffmpeg & others) then the CMD windows are using the default color sheme with black background.So this sucks.Does anyone know how to setup the CMD colors / settings just only once anywhere so that my set config will used for all CMD windows?Would be nice if anyone does know that to tell me.Thank you. greetz
  8. Leila.Morar48

    Testing obfuscators need a reverser and good advice.

    Why people don't use C++/CLI ?
  9. Yes, confuserex is (relatively) easily removable. Searching the forum will get you a lot of useful information. For example, this topic:
  10. Hey i was testing some simple program with obfuscations could you guys tell me if its easly reversable ?? ( i tried myself but im not that good as you guys ) de4dot breaks on this application / and dnSPy not displaying anything important i will include 2 binaries first one is obfuscated and clean as refference how it should look like both of them are c# programs what does the application? it starts console application grabs some hardware id's and creates an unique hardware id and displaying it on screen then waiting on key press (everything from code can be found in github/stack GetHWID_clean.exe GetHWID_obfuscated.exe
  11. Teddy Rogers

    Feedback and Ideas

    The intention is all existing categories, topics and posts will remain and be visible in the forum. Similar to the Archive category. Members can post to existing topics. They will not be able to create new topics. New topics/ challenges would have to be created in Downloads. There will be a redirect link to Downloads in the forum's... Ted.
  12. deepzero

    Feedback and Ideas

    Would the Crackme Subforum entirely disappear? I think advertising it as challenges in the forum does have a certain appeal (.net spam aside).
  13. Teddy Rogers

    Feedback and Ideas

    Not entirely. Using Downloads allows for mandatory fields. This is useful for people submitting challenges - and moderators - as it will be likely all fields will be filled with the correct information first time. Downloads also allows for additional options and features that are out of scope of the general forum. I don't think there are any features that allows you to do that. The other thing is ensuring the styling and formatting are correct, searching for keywords wouldn't stop or fix that... Ted.
  14. CodeExplorer

    Feedback and Ideas

    I guess this has to do with garbage from CrackMe's. Anyway, instead of doing this, did you consider searching for keywords in the topic ("Language", "Platform", "OS Version", "Packer", "Protector", "Description", "Screenshot" and if the topic doesn't contain those don't add it.
  15. Teddy Rogers

    Feedback and Ideas

    I am considering moving the CrackMe, UnpackMe, KeygenMe sections from the forums to the Downloads section of the site. If you check now I have added the relevant categories. There is a sample "CrackMe" file with all fields completed for everyone to check out and provide feedback. You can find it here; If you want to see what the fields look like whilst creating/ submitting the entry check out the attached screenshot. Please provide feedback to me if you think something needs to be added or omitted. Better to have it all figured out and sorted before going live. Thank you... Ted.
  16. Teddy Rogers

    Example CrackMe - Debug Blocker x64


    This is an example for submitting a CrackMe in the Downloads section of the site. You can download the file and run Debug Blocker x64. Nothing exciting will happen!
  17. mamo434376

    KoiVM - Ksydfius_Encryption

    Language : .NET Platform : Windows 32/64 bit OS Version : Tested on Win10 only, Win 7 and 8 also probably work Packer / Protector : Modded KoiVM and XXXX Level : 10/8 Description : Good luck everyone. Screenshot : Protected.rar
  18. 2 downloads

    Run-time packers are often used by malware-writers to obfuscate their code and hinder static analysis. The packer problem has been widely studied, and several solutions have been proposed in order to generically unpack protected binaries. Nevertheless, these solutions commonly rely on a number of assumptions that may not necessarily reflect the reality of the packers used in the wild. Moreover, previous solutions fail to provide useful information about the structure of the packer or its complexity. In this paper, we describe a framework for packer analysis and we propose a taxonomy to measure the runtime complexity of packers. We evaluated our dynamic analysis system on two datasets, composed of both off-the-shelf packers and custom packed binaries. Based on the results of our experiments, we present several statistics about the packers complexity and their evolution over time.
  19. Teddy Rogers

    PE Packers Opcodes Graphics


    Three info-graphic projects showing the structure of portable executables, packers and opcodes.
  20. Teddy Rogers

    Realizing Import Redirection


    Before I start I would like to say thanks to all the great reversers writing tutorials and explaining the when and whys – it seems that this way of writing got lost somewhere during RE evolution… Also there will be a dedicated section for import reconstruction hindering techniques. So, here is a list how to do import redirection in your programs, enjoy.
  21. 1 download

    Packers, whether third-party or bespoke, are still widely used by malware authors in an attempt to evade detection. Conficker, FakeAV, Bredolab and TDSS are but a few examples of malware which make extensive use of packers. The wide variety of packers used for both legitimate and malicious purposes pose a challenge for the anti-virus industry. The anti-virus community has decided, within the framework of the Malware Working Group (MWG) within the Industry Connections Security Group (IEEE ICSG http://standards.ieee.org/prod-serv/indconn/icsg), to address the issue of packers with a common voice. In addition, the stigma and the anti-virus detections associated with the use of legitimate packers by malware, along with the performance impact related to scanning benign packed files, are likely to lead to an impact on both the reputation and revenue of the packer vendors involved. Therefore it is in the best interests of both parties to work together to identify and implement solutions to the core issues associated with packers. One of the fruits of the collaborative IEEE ICSG sessions, involving representatives from across the anti-virus industry, is a document describing various packer properties and standards for their use. This document is intended to provide a yardstick for the formulation of policy on how to treat different packers and a potential set of best practice guidelines for packer vendors. The specific contents of the document are subject to the outcome of negotiations with packer vendors. It is hoped that the guidelines can be used to improve end-user security through the concerted efforts of the anti-virus industry when dealing with packers, and via cooperation and information exchange with packer vendors. Thus it is expected to facilitate a more robust approach to the generic static flagging of suspicious packed files for the beneffit of all (other than the malware authors, of course).
  22. 6 downloads

    I created a video tutorial where you can see how to use my script. I also added some UnpackMe's which you can also test. If something not works then post a reply in my topic.
  23. Teddy Rogers

    VMProtect CRC Bypass Methods


    Today I want to show you two ways how you can bypass the CRC checks in VMProtected targets in an easy way. I found two different methods which you can use for this. You can also use these methods for some other protections like TheMida and WinLicense to. I created a large tutorial package for you with three video and one text tutorial and also I have note all important steps on diffrent text files which you can read and follow so that nothing can go wrong if you try this ways by yourself. I created two different MultiASM [M1 & M2] Templates which you can use with the plugin [see tools folder] to write my dynamic patch into your added section. You just need to fill some RVA values.
  24. Teddy Rogers

    VMProtect Defeating the CRC


    A tutorial showing a method of defeating VMProtect's checksum scheme.
  25. 7 downloads

    A video showing operation and understanding of VMProtect's virtual machine.
  26. 4 downloads

    This tutorial will try to cover some of the functions included in TitanEngine SDK, dynamic, unpackers programming using TitanEngine SDK and FUU [F]aster niversal npacker. First of all I would like to comment that this tutorial is going to be about a tool that I met a few years ago from a presentation in BlackHat 2009. Unfortunately I was not lucky enough to go to that conference but I could read the papers that were presented there, one of them took my attention in particular. It was about an SDK designed for File Analysis and Unpacking, called TitanEngine from the people of ReversingLabs among them there is aP0x, (A well known Reverser and author of the famous tool RLPack). After we take a look of the Framework we're going to see a little tool that I made which core is based in this framework, I use that to develop unpackers in an easy and quickly way without worrying too much of the functions implementations like dumping, add a section to the binary, etc.; these are the things that the framework does for us.
  27. 2 downloads

    This is about the "secret ingredient" in my EXE packer kkrunchy, which was used in our (Farbrausch) 64k intros starting from "fr-030: Candytron", and also in a lot of other 64k intros or similarly size-limited productions by other groups including several well-known 64ks from other groups such as Conspiracy, Equinox and Fairlight, I'm happy to add.
  28. Teddy Rogers

    How To Write Your Own Packer


    Why write your own packer when there are so many existing ones to choose from? Well, aside from making your executables smaller, packing is a good way to quickly and easily obfuscate your work. Existing well-know packers either have an explicit 'unpack' function, or there are readily available procdump scripts for generating an unpacked version.
  1. Load more activity
  • Create New...