Jump to content
Tuts 4 You

All Activity

This stream auto-updates     

  1. Yesterday
  2. Teddy Rogers

    .Net UnPack Challenge (NetGuard.io)

    Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply]
  3. </DarkCod3r> (IRAN)

    .Net UnPack Challenge (NetGuard.io)

    Language : (C# .Net) Platform : (Windows x32/x64) OS Version : (All) Packer / Protector : (NetGuard.io) Description : Hi everyone, hope one of you friends can finally full unpack netguard and teach us how to unpack this crap protector Screenshot : UnpackMe_protected.exe
  4. mamo434376

    Modded ConfuserEX

    as I said for big projects
  5. Last week
  6. My13

    Rebuild x64dbg

    Hi. I try to rebuild all modules of x64dbg, but don't understand makepath of openssl (libeay32.dll, ssleay32.dll) + jansson (dll) + yara (windows src) -> yara.dll Does anyone know how to do this?
  7. Cursedzx

    Baldr Stealer Confused

    Ok, I have deobfuscated the file. Enjoy i guess. Btw some parts of the file uses "dynamic" so it wouldn't look like just "dynamic" it dnspy. There will be something like callsite stuff cuz that's how the compiler interprets the dynamic data type. sample(2)-SysMathCallFixed-DelegatesFixed-FieldToLocalFix-VarsUnmelted-StringDec_deobfuscated.exe
  8. Teddy Rogers

    Analyzing Keyboard Firmware

    Analyzing Keyboard Firmware Part 2 Ted.
  9. Cursedzx

    Modded ConfuserEX

    Unpacked! Steps to unpack: 1. Renamed file and the assembly due to loading errors 2. Removed antitamper with dnspy. 3. Removed all junk calls in cctor with my tool (Too lazy to nop it 1 by 1 in dnspy). 4. Removed remaining calls such as antidump, antitamper call, and etc. 5. Resolved values for sizeOfs and parsed strings that are integers. 6. Converted x86 Methods to IL 7. Decrypted strings with my tool 8. Cleaned cflow Credits: NotAccursed for cflow remover Key: Nword2-callsremoved-SizeOfRemoved-StrToIntResolved_noProxy-NoX86-StringDec_cleaned.exe
  10. You should better encrypt it wit aes-256 hashing is useless in your case.
  11. mamo434376

    Modded ConfuserEX

    Language : .NET Platform : Windows OS Version : All Packer / Protector : Modded CEX Description : This protection is for large projects. [+] .net core supported [+] .net framework 4.8 supported Screenshot : UnpackME.exe
  12. mamo434376

    [.NET] Modded KoiVM V4

    Y O U N O T C O M E ☜(゚ヮ゚☜)
  13. mamo434376

    Modified ConfuserEx + KoiVM

    This protection will not work for big projects but ice VM HARD SHİT
  14. LCF-AT

    Opera Pink?WTF!

    Hi guys, does anyone know how to change flash permissions for specific sites? Normaly I have flash disabled but for some sites I wanna use it.In such cases the Brave browser does recognize it by itself whether the site wants to use flash or not and I do see it into the URL bar / left site where I can enable / disallow flash.Now in some cases I dont get this allow / disallow (seems to be Brave issue / bug so in Firefox it works and does recognize flash) and I need to set it manually for that site (choosing URL / left side / settings for URL / allow flash / reload URL page / now I get flash menu to see in URL bar left side where I can set it to allow).So this way is pretty laborious to do this each time specially for server sites (xy.server). When I call this in browser... chrome://settings/content/flash ..then I get a overview of sites I did set flash settings I did allow.Unfortunately I can not edit the URLs there to set something like this.. https://*.server.com:443 ...putting a * at the start.Not sure whether this would work or not.I tried this but it always shows %2A instead of * as URL.Also when I am using this URL code %2A and add it to allow flash it dosent work.Just can set each site manually to allow it to get the flash menu showing to allow / disallow it. Maybe anyone has a idea how to force Brave showing that flash menu in the URL bar / left side icon to allow / disallow it when I call any page.In my case I get first this to see without showing the flash menu... ...now I need to press settings menu there and setting flash manually to allow for this URL.After this I do reload the same page in browser and then I get this menus to see when I do press left side icon in URL bar... ....where I can allow flash for this URL.As I said this menu with flash will not shown by Brave itself (must be a bug / recognize problem) and I need to make this detour to get the menu.Now it would interesting whether its possible to force showing that flash menu (second picture above) for all URLs anyway whether the page used flash or not.Would be a good to idea to popup this flash menu when Brave dosent recognize flash on any page to prevent this detour and to enable flash quickly for the page you know.Anything like that.Maybe you know any setting point in Brave I can change to force showing this flash menu to allow / disallow it so that would be already ok for me.Some hints about that are welcome. Thank you EDIT: Hmmmm!Ok I found it! Just had to change this menu... ..to this... ....and now I get always the menu to see.Sorry guys my fault again.Stupid me!!!
  15. ElektroKill

    Modified ConfuserEx + KoiVM

    Not all of this is correct. However, I am not going to tell you which information is incorrect.
  16. CodeExplorer

    [.NET] Modded KoiVM V4

    @mamo434376: Not you. :-) @TobitoFatito Posted a solution but without explaining what he did so the post is still unapproved : can be viewed only by moderators. After he will explain a bit of what he did I will approve those posts!
  17. mamo434376

    [.NET] Modded KoiVM V4

  18. CodeExplorer

    [.NET] Modded KoiVM V4

    @TobitoFatito: Please explain what you did !!!
  19. TobitoFatito

    [.NET] Modded KoiVM V4

    Tutorial: Removed anti-tamper from the .dll manually and then ran a mutations remover. After that i modified oldrod to find the specific entry type of the runtime dll by mdtoken, then i modified a method on oldrod to get the 2 'run' methods by mdtokens, since it can't really detect them since the parameters are changed, After that i simply edited the method on oldrod which gets the exportID of a method, and added the mutation that you did on the runtime dll, After saving i just runned oldrod with these arguments UnpakMEG_Devirtualized.zip
  20. evlncrn8

    Get Last Error with out api

    you'll never guess what SetLastError does 😜
  21. I would like to know how most of the software developers create their own licensing key system. I would like to create my own one for my software application. I believe it is something related to cryptography. As I am already using Crypto++ library in my application for MD5 and SHA1 hashing, I would be happy and thankful if someone with expertise explain to me how to do it. NB: I mainly use C++ in my coding. Also, I need it to be related to a hardware number obtained from a USB connected SIM card in the format of 123456789, so the end-user will only send me that number and I will send him back the license key. TIA.
  22. If you are looking to do this in code, the struct is referred to has the TEB/TIB (Thread Environment Block or Thread Information Block). Info about it entirely here: https://en.wikipedia.org/wiki/Win32_Thread_Information_Block https://www.nirsoft.net/kernel_struct/vista/TEB.html Value you are interested in is LastErrorValue. (Keep in mind some of these values can be at different offsets depending on the system used. The struct has changed over the various Windows versions.)
  23. Hi You just need look at GetLastError with debugger
  24. I read in an article GetLastEror function can be emulated with TIB data .How can it be done ?
  25. Teddy Rogers

    DNS over HTTPS

    DNS resolvers and queries (over HTTPS) seem to be a bit of a popular topic in the news of late. There are a number of reasons why people should be using DoH (or DoT); privacy, security, prevention against eavesdropping and man-in-the-middle attacks. For those not familar and for those of you interested there are ad-blocking DoH resolvers. Below is a list of ad-blocking resolvers that I am currently aware of. Obviously these will perform better or worse depending on where you are located geographically in the world. My top three for performance are the first three in the list, the others are ranked in no preferential order. https://adblock.mydns.network/dns-query - Anycast (Cloudflare) / DNSSEC / DDoS https://dns.adguard.com/dns-query https://doh.tiarap.org/dns-query - Malware / DNSSEC https://ads-doh.securedns.eu/dns-query - DNSSEC https://doh.dnswarden.com/adblock - DNSSEC https://dns-nyc.aaflalo.me/dns-query https://dns.aaflalo.me/dns-query - DNSSEC https://doh.tiar.app/dns-query - Malware / DNSSEC https://dns.oszx.co/dns-query - DNSSEC If you know of some others out there please share them... Ted.
  26. https://www.epicgames.com/store/en-US/product/surviving-mars/home
  1. Load more activity
  • Create New...