Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      16

    • Content Count

      2,358


  2. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      15

    • Content Count

      8,979


  3. Xyl2k

    Xyl2k

    Full Member


    • Points

      12

    • Content Count

      119


  4. Kurapica

    Kurapica

    Full Member


    • Points

      11

    • Content Count

      862


Popular Content

Showing content with the highest reputation since 09/22/2020 in all areas

  1. So you want to download some releases from snd? alright let's see at snd.webscene.ir, the distribution section menu contain a link pointing at hxtps://keygens.pro/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So let's pick something, i don't know, maybe 7-Data.Card.Recovery.1.1.keygen-SND hxtps://keygens.pro/crack/729775/ lol @ description on the page, didn't know reagan was from snd and born in russia Anyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree
    7 points
  2. Info: https://www.reddit.com/r/windowsxp/comments/iz46du/the_windows_xp_source_code_has_been_leaked_on/ Most of the torrent includes previous leaked data/files. But now claims to include the full source to Windows XP (looks like SP1 based on pics people have posted). If you plan to download this (42gig torrent) I'd seriously recommend a VPN.
    5 points
  3. Here are some of my keygen/crack GFX's / templates i've made on photoshop + WinASM studio these days : (1) https://imgur.com/vS71RaO (2) https://imgur.com/3fWUf30 (3) https://imgur.com/5YfB8Xg (4) https://imgur.com/2Bt54Ne (5) https://imgur.com/fDC4FfK (6) https://imgur.com/p4TBQ4J (7) https://imgur.com/gNOgPnR (8) https://imgur.com/vkwSQ01 Please note that PERYFERiAH team is not a warez group. It is actually a vlogging team since i was making vlogs in high school in the past. And the people of the PERYFERiAH (PRF for short) were actually my
    3 points
  4. Eric S. Raymond is either very naive or has been smoking some strong stuff... Microsoft is not going to abandon the only thing that differentiates them from Ubuntu. Windows kernel is here to stay for a very long time.
    3 points
  5. Comments by a developer inside the Windows Media Player source code pastebin.com/PTLeWhc2
    3 points
  6. What I find of most interest is the API index and any documentation that exist. Line comments in the code can tell you a lot about what was going on internally within Windows. I recall chuckling over things like this in code comments, "Certain lame apps (Norton Desktop setup)"... Ted.
    3 points
  7. @underthevoidDid you try downloading from this thread, most of the links from this thread is working for me. vnekrilov's thread Rar file I am not an expert in unpacking, but u may try compile your own small executable files and protect it with various protection options one at a time and analyze/compare with that original, that way you can learn what is happening with each protection options.
    2 points
  8. Search for the keyword: vnekrilov He published a set of scripts and tutorial covering pretty much all features of Asprotect. Tutorial was machine-translated from Russian to English but it was sufficient for learning purposes.
    2 points
  9. After spending three days i m still stuck at 4th challenge now i understand what it mean to be a reverse engineer. May be i will not solve all(or may be even the half of them) the challenge but i still try my best till the last day.
    2 points
  10. 2 points
  11. bleepingcomputer.com/news/microsoft/windows-xp-and-server-2003-compiled-from-leaked-source-code/
    2 points
  12. "App does not want to close, ask user if he wants to blow it away" Ted.
    2 points
  13. https://dev.to/gabbersepp/create-a-net-profiler-with-the-profiling-api-start-of-an-unexpected-journey-198n https://github.com/gabbersepp/dev.to-posts/tree/master/blog-posts/net-internals call-c-from-cpp debugging-profiler digging-into-callbacks how-does-profiler-work how-to-debug-with-windbg marshal-example net-bitness profiler-attach/code/DevToNetProfiler profiler-fn-enter-arguments profiler-fn-enter-leave-x64 profiler-fn-enter-leave stacktrace-linenumber/code/DevToNetProfiler write-net-profiler
    2 points
  14. With all respect to the efforts of the authors of the challenges, I advise you guys not to evaluate yourself or skills based on how many challenges of those you were able to solve, do it only for fun, it can be really depressing not to be able to pass some of the challenges, it's just a CTF in the end.
    2 points
  15. 214 downloads

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. S
    2 points
  16. 12,210 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    2 points
  17. pekill ASProtect 2.xx eng.pdfthis also contains a description of the aspro vm, and lists its static opcodes. edit: i also reuploaed my pep tutorial: https://forum.tuts4you.com/files/file/2155-private-exe-protector-v3-unpacking-by-deepzero/
    1 point
  18. I can see that automating the process of unpacking is the future, totally. Thing is I want to work in this field and to do so I need to know the basics. Could you throw me some links or words so I can search in this forum that will help me on learning how to unpack ASProtect? I'm very new to this community so I'm a bit lost with so much information Thanks in advance!
    1 point
  19. https://torrentfreak.com/games-piracy-scene-reinvigorated-four-denuvo-protected-titles-released-in-one-day-201015/ Games Piracy Scene Reinvigorated, Four Denuvo-Protected Titles Released in One Day cheers B
    1 point
  20. Man, Flareon is for experienced reversers or at least those who are not just starting, I recommend that you start mastering the basics and familiarize yourself with the many concepts that you may need to understand, and come back next year to play those Flareon challenges, you will definitely score better.
    1 point
  21. Just a little tip, JitDumper is good as long as you are running it against an executable which needs .NET 4.0 or earlier but once you start unpacking DLLs which require .NET 4.5 or higher, it will probably crash, so it's going to be obsolete sooner or later and a new approach will have to be created.
    1 point
  22. Thanks NOP i went with Elcomsoft in the end as i was having a few problems with hashcat and the tables. it is something i would like to come back to though as its something you need a few days to understand not the few hrs i have had, also would like to dig deeper into John the ripper. Cain and Abel wasn't that great as you say it's dated as is ophcrack Anyway i found the password within 10 minutes, it was a 40 character password, and much longer than originally thought and wouldn't be easy to guess as its random " Hj0KNmz2" exc... so it shows again passwords mean nothing if your us
    1 point
  23. When I was growing up, IT department was held responsible for all hardware misconfigurations and backup f*kups. In the new "Agile/DevOps age" they blame the hardware instead..
    1 point
  24. Heya, sorry I didn't see all the replies to this. Just happened to be cruising through, and remembered the thread. The VB6-specific code cache is at https://www.fortypoundhead.com/browse.asp?catid=122 Looks like y'all already found Github space for all of it. It's kinda of weird to discover my old stuff in there. Some of it I even forgot about, after all these years.
    1 point
  25. old stuff made me smile https://github.com/Planet-Source-Code/xylitol-a-patch-in-vb__1-70460
    1 point
  26. hmmm..things sound funky out there these days.. cheers B https://www.toptutorials.co.uk/games-cracker-empress-wants-to-crowdfund-denuvo-cracks-torrentfreak/ https://www.reddit.com/r/Piracy/comments/gqg4fc/why_did_codex_stop_cracking_denuvo_games/ https://torrentfreak.com/games-cracker-empress-wants-to-crowdfund-denuvo-cracks-200926/
    1 point
  27. romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part1/ bonus Really Atari ST? - os2museum.com/wp/really-atari-st/ - troll @ sqlite.org/copyright.html -> Buy button -> hwaci.com/cgi-bin/license-step1 Bringing Edge to Linux - venturebeat.com/2020/09/22/microsoft-edge-linux-developers-october-2020/
    1 point
  28. I've also been able to change the PE header for a driver to a DLL, LoadLibrary it, and call the routines as exports ... or just call() straight into them. It's very ghetto-ish, and did it for an earlier year. Like Flare-on 2015, Challenge 10 https://www.ghettoforensics.com/2015/09/solving-2015-flare-on-challenges.html
    1 point
  29. Your fear is unwarranted. Please post your link... Ted.
    1 point
  30. here's the keygen template from the first pic. the keygen algo is removed from the project. xm by zalza (low-pitched by me to sound better for the kg) KeygenTemp4.zip
    1 point
  31. Keep the source code bloopers coming, gotta love it
    1 point
  32. Okay a bit late but maybe this'll help somebody. Shellcode is not a vulnerability, it's the code that can be used to exploit a vulnerability. The vulnerability is something that executes the shellcode (like a buffer overflow, use after free or something else). Which is not supplied in the link. Writing shellcode does need the ability to write Assembly that a Reverse engineer has. So he could make shellcode (which is similar to inline patching). However RCE goes way deeper it is the skill to deduce function out of complex VM's, obfuscation, functions and what not. You can then use th
    1 point
  33. don't brute-force it, and forget about the crypto function, it's all in the function which does the shifting A pseudo code would look like Local $flxmdchrqd = DllStructCreate("struct;byte[54];byte[" & $flvburiuyd - 54 & "];endstruct", DllStructGetPtr($flnfufvect)) Local $Counter = 1 ;first Loop >> For $dummy = 1 To DllStructGetSize($lowerCompName) Local $flydtvgpnc = 0 ;second loop For $LoopCounter = 6 To 0 Step -1 $flydtvgpnc += BitShift(BitAND(Number(DllStructGetData($flxmdchrqd, 2, $Counter)), 1), -1 * $LoopCounter)
    1 point
  34. GetAsyncKeyState GetKeyboardState GetKeyState To name a few.
    1 point
  35. God bless you for this shit !
    1 point
  36. Like once every 10 years?
    1 point
  37. I never expected Tuts 4 You to keep going for nearly twenty years and here it is, not far off twenty. If I, and the site, are still around in another 50 years it will be an achievement worth celebrating... Ted.
    1 point
  38. First of all, this crackme is version dependent, it only works with Python 3.8 x86. I don't have it installed, so I had to replace _pytransform.dll with the x64 equivalent downloaded from here to be able to run it with my x64 version of Python 3.8. By looking in the memory of python.exe and placing hardware breakpoints on write on an encrypted code of PyArmor (that starts with \x50\x59\x41\x52\x4d...) we can find a place in _pytransform.dll where it decrypts it to the actual marshalled code object of Python. It is a function at RVA 0x254D0. Then we have to deal with the second layer of Py
    1 point
  39. I think Washi's solution is actually for At least, the provided keys work for that executable.
    1 point
  40. Sure, i gonna release a unpacker for net reactor 6x soon.
    1 point
  41. https://mega.nz/file/xgonHADA#6-giBWOZXfODm7sLFAMzuCH9L2uQz4sL_9NNBlDkLTM - for those who don't want to fill in the stupid questionnaire with company email address, job position and what not. https://mega.nz/file/Nt4xSaoK#jRcuuuM2vS77DM9Y-KuT4UQUKiYIEl0KkKd6Cp9t7hE - code samples that TheHackersNews forgot to include. Book tries to cover very wide area of topics - from Windows to .NET to Linux, IoT, iOS, Android and shellcodes. By doing so, it fails to cover any of the topics in sufficient details. So, it's a "Jack of all trades, master of none".
    1 point
  42. _PyEval_EvalFrameDefault executes a code object on the Python frame. To dump the code object to a file you need to use PyMarshal_WriteObjectToFile / PyMarshal_WriteObjectToString at an appropriate place within the function. DnSpy has nothing to do with Python. It's just a piece of string inserted there on purpose.
    1 point
  43. My observation over the past few months shows the following categories of unpackmes/crackmes: 1. Genuine ones by members serious about RE: These are becoming more and more rare. These are the ones where the OP had put in personal effort to make them interesting and a real challenge to reversers, often using their own techniques to obfuscate or complicate the code.These are the ones that the likes of @kao and @Washi would enjoy. Here, the OP can post the solutions visible only to the mods. 2. Quick unpackmes/crackmes created from the latest releases of (commercial) protectors: These a
    1 point
  44. Try ManagedJiter´╗┐Fr4 on NetBox 4.0; Plus ConfuserExFixer for removing wrong metadata; some stream left even after removing; You can't do anything without removing anti-tamper; which currently I can't! I've found this: https://github.com/BedTheGod/ConfuserEx-Unpacker-Mod-by-Bed/releases Is any connection with this?
    1 point
  45. Here, fixed that for you: "If the user is an idiot who disables all MS Office security settings, the malware will run automatically upon hovering over hyperlink." It's the same as to claim that office macro malware runs automatically if user has enabled office macroses - total nonsense and FUD.
    1 point
  46. Ported to FASM diablo2oo2's snr patchengine and little search&replace patch example. snr_example_scr_fasm.zip
    1 point
  47. Figured I drop this here. Its the packer and decompressor I use for my private build of my exe packer. Feel free to do what you want with it. lzma_decenc.rar
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...