Jump to content
Tuts 4 You

Leaderboard

Popular Content

Showing content with the highest reputation since 08/24/2021 in all areas

  1. https://githacks.org/vmp2/vmdevirt vmdevirt lifts vmp IL generated by vmemu to llvm ir which can then be optimized and compiled back to native instructions. I have released a pretty rough/early version of EasyAntiCheat devirtualized here: https://www.unknowncheats.me/forum/anti-cheat-bypass/468099-easyanticheat-sys-devirtualized-version-1-optimizations.html The goal has been to generate semantically correct native so that you can execute the binary... here is hello world devirtualized: https://githacks.org/-/snippets/45 If you have any input/suggestions for llvm you can reply or email me at _xeroxz@back.engineer P.S vmdevirt will also be used for vmp3 as the lifters/profiles are pretty much the same. All I need to do to support vmp3 is to recode some of vmemu...
    6 points
  2. This is a prime example of how combining obfuscators can only work in your favour if you actually use them properly. Spoiler alert: they are not used correctly in this unpackme Approach: TestCawkMod-cleaned.exe
    5 points
  3. Code of Main method is pre-compiled (AOT) and stored in assembly resource. It is not possible to restore original MSIL code from this but since algorithm is very simple it can just be rewritten. To get key we need to attach through x64dbg and analyze it dynamically. Final key is: 68 01 f6 c4 47 5b 04 ad ca 75 45 d2 2b f1 2c 28 or aAH2xEdbBK3KdUXSK/EsKA== in base64 format.
    3 points
  4. fixed src using @sama files and added also project file for winASM. + aboutbox spinning dna strand project alone because it's lovely. SND.Reverser.Tool.1.5b1.SRC.fixed.zip Spinning DNA strand.zip
    3 points
  5. Alternatively, you can use CyberChef. It has basically every encryption / encoding / hashing algorithm you can think of, and they are easily combined together with the drag n drop interface that they have: https://gchq.github.io/CyberChef/
    3 points
  6. @pepegaswiper69: the direction is right, just one of your assumptions is wrong.
    2 points
  7. A MUST HAVE COMPUTER.... greetz
    2 points
  8. You can get challenges from old REA here (under copy protection): https://github.com/Info-security/binary-auditing-training It was later transformed to binary auditor. Unfortunately no solutions / math + fun / crypto.
    2 points
  9. ProtonMail deletes 'we don't log your IP' boast from website after French climate activist reportedly arrested www.theregister.com/2021/09/07/protonmail_hands_user_ip_address_police/ ProtonMail received a legally binding order from Swiss authorities which obligated to comply with protonmail.com/blog/climate-activist-arrest/ Commodore 64 ads from the 1980s lunduke.substack.com/p/commodore-64-ads-from-the-1980s-still A Generation of American Men Give Up on College www.wsj.com/articles/college-university-fall-higher-education-men-women-enrollment-admissions-back-to-school-11630948233 Revolt: Open-source alternative to Discord written in Rust revolt.chat/ Automatically replace jQuery from existing projects and generate vanilla js alternatives (lol) github.com/sachinchoolur/replace-jquery Larry Page: I think we should look into acquiring YouTube (2005) twitter.com/TechEmails/status/1433837480449613839 Google introduces $50 4G smartphone www.globalvillagespace.com/google-introduces-50-4g-smartphone-to-enable-billions-of-people/ The number of legal chess positions estimated at 4.5x10^44 github.com/tromp/ChessPositionRanking Malware found preinstalled in classic push-button phones sold in Russia therecord.media/malware-found-preinstalled-in-classic-push-button-phones-sold-in-russia/ Today Sci-Hub is 10 years old. I'll publish 2M new articles to celebrate (05/09) twitter.com/ringo_ring/status/1434356217208623106 Melatonin: Much More Than You Wanted to Know (2018) slatestarcodex.com/2018/07/10/melatonin-much-more-than-you-wanted-to-know/ PayPal Mafia (haha good to know) en.wikipedia.org/wiki/PayPal_Mafia Back Orifice (1998) web.archive.org/web/20180715070715/http://www.cultdeadcow.com/tools/bo.html news.ycombinator.com/item?id=28413994 US Air Force chief software officer quits www.theregister.com/2021/09/03/usaf_chief_software_officer_quits_angry_post/ Dynamic visualization of your WiFi signal blog.ui.com/2021/08/19/wifiman-introduces-enhanced-signal-tracking-features/ git-cliff: generate changelog files from the Git history github.com/orhun/git-cliff news.ycombinator.com/item?id=28423843 El Salvador becomes first country to adopt Bitcoin as an official currency theverge.com/2021/9/7/22660457/el-salvador-bitcoin-legal-tender-currency-cryptocurrency-chivo-wallet
    2 points
  10. Since Firefox 69, you must go into about:config and set “toolkit.legacyUserProfileCustomizations.stylesheets” to “true” The userChrome.css file does not exist by default, you first have to create the file in the appropriate location inside your Firefox profile folder. howtogeek.com/334716/how-to-customize-firefoxs-user-interface-with-userchrome.css/ ---- latest #1# Go to about:support in Firefox. Search for Application Basics, find Profile Directory and click on Open Directory. Copy the userContent.css into the chrome folder (usually has -release at the end, and you should create the chrome folder if it doesn't already exist). #2# Go to about:config in Firefox. Search for toolkit.legacyUserProfileCustomizations.stylesheets and set it to true by clicking on the arrow button. Restart Firefox. src github.com/FirefoxCSSThemers/Natura-for-Firefox/tree/main/chrome *no tested*
    2 points
  11. Mozilla - uBlock Origin review addons.mozilla.org/blog/ublock-origin-everything-you-need-to-know-about-the-ad-blocker/ Flying a Stunt Plane Through TWO Tunnels (2.2km / 43.44sec) hyperlol www.facebook.com/RedBullMotorsports/videos/375390900880444/
    2 points
  12. Don't know of a tool that will do it all for you easily, but you can either make one or make use of a few separate tools and a bit of work. For finding things, you can use Cheat Engine: https://www.cheatengine.org/ Scan a programs memory for known patterns of file type headers. For example, PNG's header information can be found here: http://www.libpng.org/pub/png/spec/1.2/PNG-Structure.html Knowing the first 8 bytes are always '89 50 4E 47 0D 0A 1A 0A' you can scan for this array of bytes and find matches in a programs memory. Once found, you can use a tool like 010 Editor: https://www.sweetscape.com/010editor/ You can use this hex editor to remotely open memory of another process and map data structures via templates onto the memory. This can help with finding valid full images, as in this example PNGs, in memory. You can also then use this tool to know how much data to copy out and save to a new file as the templates will hold all the data needed for the PNG to be valid on disk once saved. Then rinse and repeat for all file types you want to do. Otherwise, you can make your own app to do all these steps as well: Open a remote target for reading. (OpenProcess) Dump the processes memory to a local buffer for faster scanning. (ReadProcessMemory) Scan for known byte patterns within the dumped data, like above, to find known file types you wish to find. At the start of each found entry, begin reading the file type like any other app would to determine if the full file is there/valid. (Use file header information for known file types and such to know how to read the various files you want to dump.) If a valid file is found, dump it from the local buffer into a new file with just the data needed to make said file valid. And so on. Rinse and repeat for each file type you want to scan for etc.
    2 points
  13. thx for uploading the DNA animation btw i've also made a mod for the Starfield effect coded by takerZ , just added some RGB effect and only static text :
    2 points
  14. i heard some files are missing? (all credits to the dev.) have a nice day MissingFiles.rar
    2 points
  15. There has been an update of Keygener Assistant from v2.1.0 to v2.1.1 March 1st, 2016 - Fixed bug with RSA Encrypt/Decrypt (buggy FGIntRSA changed). - Update Interface : - Skin removed Download: KeygenerAssistantV2.1.1Remix
    2 points
  16. My Delphi binding for Intel X86 Encoder-Decoder. https://github.com/Pigrecos/XED_Delphi
    2 points
  17. twitter.com/ForumCovid/status/1439893319048380419 Raspberry Pi gets $45M to meet demand for low-cost PCs and IoT techcrunch.com/2021/09/21/raspberry-pi-gets-45m-to-meet-demand-for-low-cost-pcs-and-iot/ Lithuanian government warns about secret censorship features in Xiaomi phones therecord.media/lithuanian-government-warns-about-secret-censorship-features-in-xiaomi-phones/ Distribution Of Global Wealth www.visualcapitalist.com/distribution-of-global-wealth-chart/ WHO global air quality guidelines 2021 apps.who.int/iris/handle/10665/345329 Reasons to Quit Social Media durmonski.com/life-advice/reasons-to-quit-social-media/ Why You Should Stop Reading News fs.blog/2013/12/stop-reading-news/ World War 3 To Be Fought Over Semiconductors? goldsilver.com/blog/world-war-3-to-be-fought-oversemiconductors-wealthion/ Waydroid – Run Android containers on Ubuntu waydro.id/ Authenticated Boot and Disk Encryption on Linux http://0pointer.net/blog/authenticated-boot-and-disk-encryption-on-linux.html EU proposes mandatory USB-C on all devices www.theverge.com/2021/9/23/22626723 FDA Vaccine Panel Comes Out Against Deadly Injections infowars.com/posts/bombshell-testimony-from-fda-vaccine-hearing-reveals-injections-killing-more-than-saving-driving-variants/
    1 point
  18. @Darth Blue: you got this far, so you certainly have skills. I'm sure you'll figure it out. To answer your question - it's not strictly necessary but might help you with *something*. You'll know more once you analyze the binary.
    1 point
  19. DOS Subsystem for Linux github.com/haileys/doslinux YouTube recommendation system blog.youtube/inside-youtube/on-youtubes-recommendation-system/ NEWScan files.rayogram.com/news/ freedomforum.org/todaysfrontpages/ A collection of modern games for the TI-99/4A http://tigameshelf.net/asm.htm India says Google abused Android dominance www.engadget.com/google-abused-android-dominance-india-antitrust-124019374.html AMD Chipset Vulnerability Leaks Passwords, Patch Available www.tomshardware.com/news/amd-chipset-vulnerability-leaks-passwords Library Genesis libgen.is/ Belgian ISP under 250 Gbps DDoS for days on end issues.edpnet.be/
    1 point
  20. It probably depends on which compiler & what settings you use. My VS2019 builds your code perfectly for both x86 and x64. If your compiler keeps being stupid, try using this: hthread = CreateThread(0, 0, &animate, hWnd, 0, 0);
    1 point
  21. Ray-Ban Stories - in partnership with Facebook, they discover first generation of smart sunglasses www.ray-ban.com/usa/discover-ray-ban-stories/clp Apple fires senior engineering program manager Ashley for leaking information www.theverge.com/2021/9/9/22666049/apple-fires-senior-engineering-program-manager-ashley-gjovik-for-allegedly-leaking-information Mastercard acquires CipherTrace to enhance crypto capabilities www.mastercard.com/news/press/2021/september/mastercard-acquires-ciphertrace-to-enhance-crypto-capabilities/ Exploring the Amiga (2018) www.thedigitalcatonline.com/blog/2018/05/28/exploring-the-amiga-1/ All about graphics on the following years youtube.com/watch?v=I0H7w06SxwA&list=PLHFiqDkNCp1g5AW0QO_g9xDK-R1bsPF_l&index=12 Ozzillate – Transfer Files via Sound www.ozzillate.com/ What Exactly Is This 'Great Reset' wakingtimes.com/what-exactly-is-this-great-reset-people-keep-talking-about/ A cross-platform GUI for youtube-dl github.com/jely2002/youtube-dl-gui
    1 point
  22. View File SecureVM This file is protected with SecureVM - a new VM to protect your code (based on CawkVM modification). You have to completely unpack the code in order to pass this challenge. Make sure your unpacked file should be able to run. Submitter BlackHat Submitted 09/07/2021 Category UnPackMe (.NET)  
    1 point
  23. Australia’s new mass surveillance mandate digitalrightswatch.org.au/2021/09/02/australias-new-mass-surveillance-mandate/ DeepFaceLive: Live Deep Fake github.com/iperov/DeepFaceLive Unity patents ECS pdfpiw.uspto.gov/.piw?PageNum=0&docid=10599560 Anbernic RG280M Review christine.website/blog/rg280m-review
    1 point
  24. This requires knowledge of git internals. All versions of pyamor ever released can be found on their GitHub repo: https://github.com/dashingsoft/pyarmor-core/ Essentially what you need to do is hash search (md5/sha etc) your target pyarmor dll/pyd in that repo to find the file and thus the commit. However there's another point to keep note of. As mentioned in this thread, pyarmor now bundles the license data within the dll/pyd. Hence the license data would led to a different hash in-spite of the rest of the dll/pyd contents being the same. To solve this problem, instead of hashing the whole file you can hash only a part (say the last 10KiB of the target dll/pyd which excludes the license data) and search all blobs in the repo which have the same hash for the last 10 KiB bytes. You can use a library like gitdb for searching. Using this you should be able to pinpoint the exact commit and the corresponding file on the repo. As for the other question, the mode use can be deciphered from the numerical prefix. 0 => NONE (dll) 7 => JIT, ANTI-DEBUG, ADV (dll) 11 => JIT, ANTI-DEBUG, SUPER (pyd) 21 => VM, ANTI-DEBUG, ADV (dll) 25 => VM, ANTI-DEBUG, SUPER (pyd) For example, windows.x86_64.25.py39 implies VM + ANTI-DEBUG + ADV modes using the dll pyd.
    1 point
  25. 1 point
  26. Samsung Is the Latest SSD Manufacturer Caught Cheating Its Customers www.extremetech.com/computing/326377-samsung-is-the-latest-ssd-manufacturer-cheating-its-customers Facebook Has Trackers in 25% of Websites and 61% of the Most Popular Apps slashdot.org/story/21/08/29/1758218/facebook-has-trackers-in-25-of-websites-and-61-of-the-most-popular-apps www.msn.com/en-us/news/technology/there-s-no-escape-from-facebook-even-if-you-don-t-use-it/ar-AANRTjr Mass exploitation of Atlassian Confluence CVE-2021-26084 - Please patch immediately if you haven’t already— this cannot wait until after the weekend twitter.com/CNMF_CyberAlert/status/1433787671785185283 Mushroom Cultivation Automation w/ Raspberry Pi www.youtube.com/watch?v=z41Wy5ZF4O8 OpenMoji: Open-source emojis openmoji.org RSA chief believed cryptographers’ warnings on Dual EC DRBG lacked merit (2014) http://jeffreycarr.blogspot.com/2014/02/six-cryptographers-whose-work-on-dual.html Visual Studio Code now available as Web based editor for GitHub repos docs.github.com/en/codespaces/developing-in-codespaces/web-based-editor GateBoy – a gate-level Game Boy simulator github.com/aappleby/MetroBoy Music Theory for the 21st-Century Classroom musictheory.pugetsound.edu/mt21c/MusicTheory.html Docker Desktop no longer free for large companies www.theregister.com/2021/08/31/docker_desktop_no_longer_free/ Windows 11 available on October 5 blogs.windows.com/windowsexperience/2021/08/31/windows-11-available-on-october-5/ Facebook open sources Glean: a scalable code search and query engine glean.software/?open China has forbidden under-18s from playing games for more than three hours/week www.reuters.com/world/china/china-rolls-out-new-rules-minors-online-gaming-xinhua-2021-08-30/ Reverse engineering software licensing from early-2000s abandonware yingtongli.me/blog/2021/08/29/drm5-1.html EU states looking for MS Teams/O365 alternatives news.ycombinator.com/item?id=28353718 8 Bits of history: My first game is still available on the internet - All we are is dust in the wind smackeyacky.blogspot.com/2021/08/8-bits-of-history-my-first-game-is.html Arctic Adventure: A lost 1981 TRS-80 adventure game by Harry McCracken www.arctic81.com/ Toyota halts all self-driving e-Palette vehicles after Olympic village accident www.reuters.com/business/autos-transportation/toyota-halts-all-self-driving-e-pallete-vehicles-after-olympic-village-accident-2021-08-27/ 'Worst cloud vulnerability you can imagine' discovered in Microsoft Azure arstechnica.com/information-technology/2021/08/worst-cloud-vulnerability-you-can-imagine-discovered-in-microsoft-azure/ A CSS framework to recreate Windows 7 GUI github.com/khang-nd/7.css Why Facebook Is Suddenly Afraid of the F.T.C. www.newyorker.com/news/daily-comment/why-facebook-is-suddenly-afraid-of-the-ftc AT&T Archives: The UNIX Operating System www.youtube.com/watch?v=tc4ROCJYbm0
    1 point
  27. If it's not protected or packed then strings will be located in the .text section wherever this section is mapped in memory. all you need is to find the scan the process memory for any occurrences of that string and then patch it correctly giving attention to the length of that string. https://reverseengineering.stackexchange.com/questions/22130/how-to-find-the-starting-address-of-text-section-of-a-dll-inside-a-process-64
    1 point
  28. SND.Reverser.Tool.1.5b1 with sources https://mega.nz/file/EoFjmCjI#obPLdFKURn9JIF7uEKWVxqeN4OngWawjKtiEi2sZhKs SND.Reverser.Tool.1.5b1.zip
    1 point
  29. Hi again and thanks for the tool infos. All are working good so far (also that nice offline webpage tool).Only the old SND_RT tool gets deleted by Defender (Ransomeware). Anyway, the other tools also having pretty same functions included I can use there.Thank you. greetz
    1 point
  30. Here's the SND one you mentioned. SND_RT.zip
    1 point
  31. You can get this from our own forum and also read the fll thread in the process: Download it: https://forum.tuts4you.com/applications/core/interface/file/attachment.php?id=8499
    1 point
  32. How to Unpack ? Solution - 3.9.5.3.zip
    1 point
  33. Hi! I think you are looking for something like this: Link: http://www.kahusecurity.com/tools.html Or something like "Keygener Assistant": Link: https://www35.zippyshare.com/v/ZcLY8Dxm/file.html
    1 point
  34. the Buster: Captcha author writes @ chrome.google.com/webstore/detail/buster-captcha-solver-for/mpbjkejclgfgadiemmefgebjfooflfhl?hl=en driving you to install an executable app.
    1 point
  35. 32,992 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding
    1 point
  36. Fully unpacked V3: So I noticed that the dll and the executable are both protected with .NET Reactor. The dll has 5 virtualized methods. The purpose of that is probably to prevent people from cracking the unpackme. Since this is not a crackme, I have decided to fully unpack cuz I have a lot of free time to do it. I just dragged the files to my deobfuscator so I'll just explain the steps of what my deobfuscator did to deobfuscate the contents of the unpackme. 1. Get rid of the code flow obfuscation. You can use Hussaryn/NET-Reactor-Cflow-Cleaner-6.7.0.0 since this one is updated. I haven't tested this one though so I am not sure. 2. Detect necrobit and read encrypted method bodies in resources. The method bodies are stored in resources and the decryption routine has a part in the code that has a random generated mutation. The trick to that is using a CIL emulator. I use DNEmulator, but the repository is gone. I think De4dot emulator is good enough for this one. 3. Do step 1 again since it might have control flow obfuscation applied to some methods. You could also read this blog and use reflection to get the decrypted method bodies. It is explained where .NET Reactor stores its decrypted method bodies. But I am not a fan of using reflection, so I don't want that. I guess this should work on most unpackmes but not all since it is lacking something. 4. Detect obfuscated ldtokens. The obfuscated token is not really obfuscated. It is just stored as an integer and some function resolves the token and returns the runtimetypehandle of that. 5. Detect and devirtualize virtualized functions. I learned a lot from @TobitoFatito's explanation. The Instruction Set Architecture of .NET Reactor VM is almost the same as .NET CIL. So it should be easy to understand the VM if you already understand .NET CIL. 6. Do step 1 again since it might have control flow obfuscation applied to some devirtualized methods. 7. Detect and decrypt string encryption. The decryption routine is similar to necrobit decryption routine and the encrypted string data is stored in resources. Once the resources data is decrypted, you can find the calls that's using the decryption method and get the string data by acquiring the first argument and using that to go to the offset of the decrypted data and read the first 4 bytes and convert it to int32 to get the string length. Then read string data after the string length data. 8. Detect and decrypt resource encryption. The resources has more than 1 decryption mode and it is also compressed. I think the method that de4dot uses for this one still works. Code: ResourceResolver.cs 9. Use de4dot to clean the rest and fix names. Files: WindowsFormsApplication41-Deobfuscated-cleaned.exe WindowsFormsApplication41yippi-Deobfuscated-cleaned.dll
    1 point
  37. Language : C# .Net Platform : Windows x32/x64 OS Version : All Packer / Protector : Agile.Net v6.6 Description : Hi everyone, hope one of you friends can unpack the target and teach us how to unpack it Screenshot : Secured.rar
    1 point
  38. I am of the opinion that any solution posted here should be reproducible (hence the name tuts4you). Anyone reading my solution should be able to follow the steps and get to the same conclusion. For the case of a VM, since they are complicated beasts, it means it gives me only two options: I would have to release the source code of any type of devirtualizer that I would've made, or I would have to spend an entire blog post talking about how VMP's VM works and how to reverse it. While I genuinely enjoy doing both, both options take a lot of time, something I have very little of these days. But even if I had the time, it's arguably not really worth it. If I were to make a devirtualizer for VMP and release it, it will not take long for the VMP developers to catch on and update their software. Unless the devirtualizer was made in such a way that it would be resistant towards the kinds of changes (which again, takes more time), it means it is probably only going to be useful for a short period. Just doing this for a single unpackme posted on a forum does not really make it worth it for me. Also, while I generally don't have any problem with publishing articles or source code (unlike other people that post solutions here it seems), I do have a problem with potentially harming other people's businesses. I am not a fan of releasing devirtualizers or unpackers for protectors that are still in business and have customers. From a legal and ethical perspective, that's just not something I would do easily. Generally speaking though, with reverse engineering it is often not required to fully unpack anyways. You extract what you need and leave out the unimportant business. In a lot of cases that does not require a full deobfuscation. Especially not with keygenme's like these. Maybe someone else thinks differently about that, and does pick this up as a challenge though
    1 point
  39. fixed in v1.7 https://githacks.org/vmp2/vmemu/-/releases/v1.7 (make sure your commandline arguments are also correct)... Also be aware that vmemu currently does NOT support dumped modules as it uses LoadLibraryExA - DONT_RESOLVE_DLL_REFERENCES to load the module... Support for dumped modules will come very shortly, as well as an auto unpacking/drag & drop project.
    1 point
  40. Everyone knows it's DnGuard, just put in dnspy or ILSpy to know. He buys or jailbreaks a copy of dnguard, then runs it on the server, when the user uploads the source for packaging, it also saves the original to steal the NetProtect user's code. Then go around saying its netprotect is number 1, no one can unzip it. I was going to say that a few times, but seeing how many of his fans are, I gave up. But to protect the file, you have to upload the entire source code to his server, which exposes your entire source code.
    1 point
  41. Hello, This isn't anything new... It's just DNGuard 3.9.6.2 with some additional attributes and slight attempts at rebranding. We can also see this in the native dll it drops This is not the first time NETProtect.IO is using other protectors under their own brand name. First it was NETGuard, then Agile.NET, CawkVM, and now DNGuard 😕 As for unpacking DNGuard, i have not done a lot of research into it. If anyone has and is willing to share the research and knowledge i think we all would be thankful
    1 point
  42. Necrobit To mess up the old de4dot implementation, the .Net reactor changed the P / Invoke methods, but for the unpack, you can use the SMD from Code Cracker, which will do an excellent job of this. Control Flow To break de4dot.blocks, ezriz added a number of instructions to the flow cases, which de4dot cannot process, it's easy to fix it, just repeat after me) String Encrypt Ezriz changed the resource encryption algorithm for strings, which messed up the old decryptor implementation. This problem is solved by dynamic emulation of the method, with obtaining LDC.I4 values for initializing the decrypt method, I will show an example of getting MethodDef by the Call dnlib operand Hide Methods Calls NEW! New reactor protection, taken half from open source fuser. The bottom line is that system methods are initialized from delegates. It sounds scary, let's try to figure it out)) Well, we won the new reactor, I hope you enjoyed this article, thanks for reading)) All The Credit Goes to Eshelon Mayskih
    1 point
  43. 1,820 downloads

    Various collection of reversing tutorials in video covering various aspects of .NET from Ubbelol. Name Size Type Modified Attr MD5 Checksum .NET Cracking 101 #1 - Absolute basics.mkv 21.5 MB Matroska 5/10/2017 5:12 AM -a----- 4c70dc7c9f6b47f39a4cde2c2e172ef3 .NET Cracking 101 #2 - WinDbg basics.mkv 55.8 MB Matroska 29/06/2014 6:55 PM -a----- 56b4f7138fe1dbbdac358d6d8ba6fe5b .NET Cracking 101 #3 - Additional techniques.mkv 26 MB Matroska 9/10/2017 2:20 PM -a----- aefe75ee91f2c2df13522e2084797e27 .NET Cracking 101 #4 - ChewBox crackme.mkv 25.4 MB Matroska 10/10/2017 12:51 AM -a----- 4eee0cae85fe1a85257adf09bd432eef .NET Cracking 101 #5 - 0xDEADDEAD Crackme.mkv 42.5 MB Matroska 29/09/2017 3:32 PM -a----- 665c6e1bfaeb0e531c38b033deaf843a .NET Cracking 101 #6 - WinDbg_.NET Seal 2.mkv 31 MB Matroska 7/10/2017 12:02 AM -a----- 0bd46985e743fe5ab1f72ffa30c7d5dc .NET Cracking 101 #7 - AutoJitPatcher by 0xDEADDEAD.mkv 22.6 MB Matroska 10/10/2017 3:24 PM -a----- 96f125c6966155826b44900ae0c10925 .NET Deobfuscation 101 #1 - Symbol renaming.mkv 52.8 MB Matroska 10/10/2017 7:19 AM -a----- d0485addca7d551af4c423b680574570 .NET Deobfuscation 101 #2 - Phoenix Protector.mkv 48.3 MB Matroska 20/10/2017 11:35 PM -a----- 0a557679daf3444daf86099b4516782a Confuser 1.9 Anti-tamper tool.mkv 12.4 MB Matroska 11/10/2017 2:39 PM -a----- 0990b4977988ac8ff99aaf7313e4364e Confuser 1.9 Deobfuscator WIP - YouTube.mkv 10 MB Matroska 30/09/2017 10:11 AM -a----- 761e56dc774e70417a0cd8a46b5d270e uNet example application.mp4 85.3 MB MP4 16/02/2013 3:21 AM -a----- b9cb5dc6717def0802c7a27affc6b02d
    1 point
  44. Hi it's because of your assembly code ! read about used instruction here(repne scasb) : https://c9x.me/x86/html/file_module_x86_id_287.html Fixed code : procedure TForm1.BitBtn1Click(Sender: TObject); var pointer_check, pointer_dummy: pointer; label bp_found, bp_not_found; begin pointer_check := @check_credentials; pointer_dummy := @Dummy; asm cld mov edi,pointer_check mov ecx,pointer_dummy sub ecx, pointer_check mov al,$CC repne scasb jz bp_found jmp bp_not_found end; bp_found: application.terminate; exit; //you will findout why you should use this bp_not_found: check_credentials('user', 'pass'); end; BR, h4sh3m
    1 point
  45. Your topic has not been approved. You did not follow the correct posting format and/or provided enough information regarding the challenge. You have 48 hours to correct your topic before it will be moved to the Trashcan. For further details regarding the formatting of the topic please refer to the topic in the below link... [This is an automated reply]
    1 point
  46. [.NET]实战UnpackMe.mp4 -> https://mega.nz/#!YxwQSAxA!Lwd9XStVyue8fdYKZXmYkoDxE0Y7ftsyNYtBKLTRrGM
    1 point
  47. @mdj: 使用x64dbg暴打非托管强壳.mp4 -> https://mega.nz/#!Y5JBTaCS!hJXzN5ssvUyRHW8VgpGxINEVrW1zJ2Up96vqqJVG5co I can upload the second video tomorrow, if you need that too. @all: Please be nice and don't abuse the link, it is a free Mega account and has traffic limitations.
    1 point
×
×
  • Create New...