Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Today
  2. Xyl2k


    By seeing the number of imports on your screenshot and the ollydbg.exe in upper case i would guess you tried this on ollydbg v1.10, not on ollyv2 The description don't mention it here but that thing is for v2, if you look inside the readme of the archive, it says (in french) that the code has been rewrote for olly 2. So try with v2, or recompile the dll for v1. Also i'm checking the src and this can really be improved more. Especially for the v2 as if you rename ollydbg.exe to blabla.exe, then it will look for blabla.ini, but OllyPath2 will create only 'ollydbg.ini' as this string is in hard inside.
  3. Yesterday
  4. File hashes are only used to get/recognize a sample that is already know. You can't really do the same with a mutex as there is probably tons of files having the same mutex already and they can be also generated on the fly by the malware so it would be unreliable 'alone'. If you know already the hash of a file (sha256 preferably) then you don't need more. Mutexes are only good to find new similar samples, but once again you need to couple that with some other indicators, otherwise you will get many false positives if you rely only on that.
  5. atom0s

    PDF files.

    There are multiple sites that cover the format, along with Adobe releasing specifications of the format previously: https://www.adobe.com/content/dam/acom/en/devnet/pdf/pdfs/pdf_reference_archives/PDFReference.pdf https://www.adobe.com/content/dam/acom/en/devnet/pdf/pdf_reference_archive/pdf_reference_1-7.pdf https://www.adobe.com/content/dam/acom/en/devnet/flashplayer/pdfs/adobe_supplement_iso32000.pdf https://resources.infosecinstitute.com/pdf-file-format-basic-structure/
  6. Jason Long

    PDF files.

    Hello, Is it possible to reverse .pdf files? Sometimes hacker find bugs in PDF. They examined Adobe Acrobat application or...? Thanks.
  7. View File KoiVM Modified (ConfuserEx-Mod-By-Bed 1.4.1) KoiVM is a virtualizing protector for .NET applications, as a plugin of ConfuserEx. ConfuserEx is a open-source protector for .NET applications. It is the successor of Confuser project. This file is protected with KoiVM using; MD5 Hash Check Constants Renamer Anti-Tamper I took KoiVM from https://github.com/BedTheGod/ConfuserEx-Mod-By-Bed (1.4.1) and modified it to make OldRod fail devirt. Submitter 0x72 Submitted 05/20/2020 Category UnPackMe (.NET)  
  8. Last week
  9. requizm

    [keygenme] Anti Olly 1.0...

    I can't bypass anti-debug stuff. I'd do: -IsDebuggerPresent bypass: easy -"Debugger Detected" messagebox bypass: 00477B12 . 74 1D JE SHORT Anti_Oll.00477B31 ; important conditial jump, i have to jump 0x477B31 to bypass 00477B14 . BB E8030000 MOV EBX,0x3E8 00477B19 > 8D55 F0 LEA EDX,DWORD PTR SS:[EBP-0x10] 00477B1C . B8 987C4700 MOV EAX,Anti_Oll.00477C98 00477B21 . E8 C6DFFFFF CALL Anti_Oll.00475AEC 00477B26 . 8B45 F0 MOV EAX,DWORD PTR SS:[EBP-0x10] ; eax = ASCII "Debugger Detected ! " 00477B29 . E8 5635FBFF CALL Anti_Oll.0042B084 ; create message box, and wait till user input (click ok button) 00477B2E . 4B DEC EBX ; ebx always greater than 1 00477B2F .^75 E8 JNZ SHORT Anti_Oll.00477B19 ; so this is basically infinite loop -OutputDebugString bypass: I made the start of the function 'ret 4'. But ı'm stuck here.
  10. Teddy Rogers

    Ubbelol .NET Reversing Series


    Various collection of reversing tutorials in video covering various aspects of .NET from Ubbelol. Name Size Type Modified Attr MD5 Checksum .NET Cracking 101 #1 - Absolute basics.mkv 21.5 MB Matroska 5/10/2017 5:12 AM -a----- 4c70dc7c9f6b47f39a4cde2c2e172ef3 .NET Cracking 101 #2 - WinDbg basics.mkv 55.8 MB Matroska 29/06/2014 6:55 PM -a----- 56b4f7138fe1dbbdac358d6d8ba6fe5b .NET Cracking 101 #3 - Additional techniques.mkv 26 MB Matroska 9/10/2017 2:20 PM -a----- aefe75ee91f2c2df13522e2084797e27 .NET Cracking 101 #4 - ChewBox crackme.mkv 25.4 MB Matroska 10/10/2017 12:51 AM -a----- 4eee0cae85fe1a85257adf09bd432eef .NET Cracking 101 #5 - 0xDEADDEAD Crackme.mkv 42.5 MB Matroska 29/09/2017 3:32 PM -a----- 665c6e1bfaeb0e531c38b033deaf843a .NET Cracking 101 #6 - WinDbg_.NET Seal 2.mkv 31 MB Matroska 7/10/2017 12:02 AM -a----- 0bd46985e743fe5ab1f72ffa30c7d5dc .NET Cracking 101 #7 - AutoJitPatcher by 0xDEADDEAD.mkv 22.6 MB Matroska 10/10/2017 3:24 PM -a----- 96f125c6966155826b44900ae0c10925 .NET Deobfuscation 101 #1 - Symbol renaming.mkv 52.8 MB Matroska 10/10/2017 7:19 AM -a----- d0485addca7d551af4c423b680574570 .NET Deobfuscation 101 #2 - Phoenix Protector.mkv 48.3 MB Matroska 20/10/2017 11:35 PM -a----- 0a557679daf3444daf86099b4516782a Confuser 1.9 Anti-tamper tool.mkv 12.4 MB Matroska 11/10/2017 2:39 PM -a----- 0990b4977988ac8ff99aaf7313e4364e Confuser 1.9 Deobfuscator WIP - YouTube.mkv 10 MB Matroska 30/09/2017 10:11 AM -a----- 761e56dc774e70417a0cd8a46b5d270e uNet example application.mp4 85.3 MB MP4 16/02/2013 3:21 AM -a----- b9cb5dc6717def0802c7a27affc6b02d
  11. @kuazi GA I'm pretty sure the future version will take this step back or atleast make it optional. @Progman Back in that time, I used to scrap every piece of paper making in question the weakness of this system next to polynomial analysis, and they were alot, pretty much analysts talked about this subject including bruce shneider ( i used to follow him in quotidian, even i emailed him once ) who made the first theorical hypothesis of weakness of this system, Edward Snowden later backed up his claims, the reason i say AES1 in RAR < 4.x is weak to linear attacks is because the susbtitution tabe and N° of rounds which are small and not black-boxed, for example the substitution table of the old-version of this system took me one whole month to find a bijective function leading to each value Y from its preimage, while in the actual version, AES2 uses way more encryption rounds and larger table, with multiple branching, i discourage anyone to try it out, especially when winrar took down CRC check and header signature, It's way above impossible.
  12. whoknows

    VMProtect v3.4.0.1155

    without debugger detection awesome.vmp_nodbg.rar
  13. 4D43


    What i do now?
  14. rajadurai82

    Tally Developer tcp file to text unpack

    sample file Due.tcp
  15. Hai Tally Developer is the tool for Tally Customization application. if i compiling text file it will convert to tcp format i need tcp file to txt source code
  16. CoronaVyris

    AdvancedScript x64dbg Plugin

  17. Civ VI Free on Epic Store https://www.epicgames.com/store/en-US/product/sid-meiers-civilization-vi/home
  18. Some nice music (I think) I listen: Rudimental - Free ft. Emeli Sandé [Official Video] https://www.youtube.com/watch?v=KDPW_g2AhAU Freya Ridings - Lost Without You (Official Video) https://www.youtube.com/watch?v=tDPpex1wvOc
  19. I read one article about the analysis of the some Trojan, there a friend wrote that "hardly anyone needs the name of the mutex." With what it can be connected? It’s just that hashes are usually translated along with the virus by which they can be easily determined, but it seems to me that mutexes are also getting better in this.
  20. Teddy Rogers

    VMProtect v3.4.0.1155

    That is still light on with detail and context. It basically links to a tool you used and someone else's post... Ted.
  21. kat3chrome

    Hello everybody, I am new here!

    My point of interest is malware analysis now. I am finish reading "the practical malware analysis" and i try to reverse some random malware from web. And you?
  22. Reza-HNA

    VMProtect v3.4.0.1155

    @CodeExplorer hi, added some info
  23. whoknows

    VMProtect v3.4.0.1155

    @Reza-HNA shared the solution through PM, restore body method and decrypt the string.
  24. I dont think SSL pinning is an issue. But do see here: https://wiki.wireshark.org/TLS
  25. Can you provide research papers to back up the AES128 weakness claims? Even linear attacks or what have you are not near 2^64 AFAIK which is already past ordinary computing limits. I mean sure the NSA might be able to break it but it's still outside the reach of most people. Of course I would also encourage AES256 in general now as well. Given the birthday paradox even which puts a nice square root into the mix, 2^64 even is slowing seeming smaller. Though even most researchers with a laboratory at their disposal dont try to touch anything more than 2^56 to 2^60
  26. CodeExplorer

    VMProtect v3.4.0.1155

    @Reza-HNA, with all the respect there isn't any tutorial on how you did it.
  1. Load more activity
  • Create New...