Jump to content
Tuts 4 You


Popular Content

Showing content with the highest reputation since 11/16/2019 in all areas

  1. 8 points
  2. 4 points
    Actually Winrar was a kind of an earl adopter of ECDSA licensing, but they made a mistake in the implementation, much like level 10 armadillo. I still remember when I first came across this release - i thought, man, not another hardcoded-pseude-keygen ... then I saw "SeVeN/FFF". I was like "ahh shit here we go". Problem for Winrar is that their license is tied to archive signatures - if they change it they will break the signature mechanism.
  3. 3 points
    The password is: Explanation: To apply VMProtect properly, you need to understand how each and every option works. Specifically, packing option just compresses data, it doesn't add any real protection. And if you do not use "VMProtect.SDK.DecryptString", strings are not encrypted. It's enough to run protected software under any debugger and search for strings in memory: As for proper unpack and/or devirtualization, it's something I have on my todo list. But I haven't got a "proper" solution that I could share at the moment.
  4. 3 points
    i remember also the cracktro https://defacto2.net/f/b42719a and that core stole the release https://defacto2.net/f/b22ed7a
  5. 3 points
    https://invidio.us/ src - https://github.com/omarroth/invidious
  6. 2 points
    If I recall correctly the free Epic games giveaway is due to end this month. I have to give credit to Epic for giving these away for free, some classics I was not expecting... ๐Ÿ‘ Ted.
  7. 2 points
    FFF - This name I have encountered so many times. A guy named Axis -FFF have keygenned/Patched dozens of App and great thing is that, If he patch, everything works well. Some of Great Protectors for HWID Lock (I wont mention name but all knows which is widely used for .NET, Delphi bla bla ) is done by Axis / FFF though many others cracked or modified Demo like PC-RET or many others but there Crack is not ok. Means If you protect your file, then anyone else without the project can create keys for your protection (All he need is to just use same algo. which can be easily understand using Demo Key) But only the Axis/FFF works always like an original.
  8. 2 points
    I can't believe it all happened in 2009, a full decade ago. It does not feel like it was that far back... Ted.
  9. 2 points
  10. 2 points
    I am glad you have a workaround for this in the end. You may find suspending operation for around ~10 milliseconds after setting the cursor position and before simulating the mouse down input, using the Sleep function, adds a little bit more reliability and may not require you to add a second call to SetWindowPos. If you are concerned about accidentally activating a menu when simulating the mouse down you can calculate the centre of the windows titlebar or populate NONCLIENTMETRICS structure. Just be mindful there may be occasions where this may still occur particularly with owner drawn windows and Windows 10 apps. I still recommend the timer option... ๐Ÿ˜Ž Ted.
  11. 2 points
    This seems to solve your problem. Give it a try, hopefully all good for you... Global User32 = OpenLibrary(#PB_Any, "user32.dll") Prototype.i AddClipboardFormatListener_(hWnd) Global AddClipboardFormatListener_.AddClipboardFormatListener_ AddClipboardFormatListener_ = GetFunction(User32, "AddClipboardFormatListener") Procedure WindowToFocus(hWnd, uMsg, wParam, lParam) Static lpPoint.POINT, tagINPUT.INPUT Static cOnr, cWnd, Timer #WM_CLIPBOARDUPDATE = $031D Select uMsg Case #WM_CLIPBOARDUPDATE If IsClipboardFormatAvailable_(#CF_TEXT) ; Find the last clipboard owner then bring our window to the foreground. cOnr = GetClipboardOwner_() cWnd = GetParent_(cOnr) SetWindowPos_(cWnd, hWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) ; Save the current mouse pointer coordinates. GetCursorPos_(@lpPoint.POINT) ; Find our window position then activate our window. GetWindowRect_(hWnd, @lpRect.RECT) SetCursorPos_(lpRect\left + 10, lpRect\top + 10) ; Simulate mouse down. tagINPUT\type = #INPUT_MOUSE tagINPUT\mi\dwFlags = #MOUSEEVENTF_LEFTDOWN SendInput_(1, @tagINPUT, SizeOf(INPUT)) ; Simulate mouse up. tagINPUT\mi\dwFlags = #MOUSEEVENTF_LEFTUP SendInput_(1, @tagINPUT, SizeOf(INPUT)) ; Return mouse pointer to original position. SetCursorPos_(lpPoint\x, lpPoint\y) EndIf EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure If OpenWindow(0, 0, 0, 300, 200, "WindowToFocus", #PB_Window_ScreenCentered | #PB_Window_SizeGadget | #PB_Window_MaximizeGadget) AddClipboardFormatListener_(WindowID(0)) SetWindowCallback(@WindowToFocus()) Repeat Until WaitWindowEvent() = #PB_Event_CloseWindow EndIf Ted. WindowToFocus.exe WindowToFocus x32.exe
  12. 2 points
    Injector uses VB P-Code, you'll need to use VB decompiler or some P-Code disassembler for analysis. It's pretty funky code using shellcode, resolving APIs by hash and what not. Or you can simply put breakpoint on RtlDecompressBuffer and then dump decompressed payload from memory. It's an old shitty backdoor called XpertRAT. BTW, injector works just fine in my VMWare (32bit Win7).
  13. 2 points
    @Washi has finally made his writeups public: https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2019/ Some of his solutions make me green with envy. Great job!
  14. 1 point
    That was one of the selling points that got me to purchase licences for WinRAR, to have authenticity information tied to archived files. After the keygen was released authenticity was later dropped from RAR as a feature following the release of version five... Ted.
  15. 1 point
    A couple of decent freebies this week at epic Wolf Among Us: https://www.epicgames.com/store/en-US/product/the-wolf-among-us/home The Escapists: https://www.epicgames.com/store/en-US/product/the-escapists/home
  16. 1 point
    I know one guy that paid for WinRAR. Probably earned himself a spot in the VIP section in the afterlife.
  17. 1 point
    You're overcomplicating things. You have video that has 300 frames. You need it to last 60 seconds. Necessary frame rate is 300/60=5 frames per second. Who would want to write a specific tool that does one division operation? Certainly not me.
  18. 1 point
    Starting from the smallest: IrfanView, XNView Classic, Paint.NET. Rotate works in all 3; Saving transparency info is slightly crappy in IrfanView, works perfectly in all others; Resize on mouse scroller - haven't seen in any editor ever. Works in all 3 by entering resize % (eg. 200%) or target dimensions;
  19. 1 point
    Hi all: Recently I've analyzed a VB malware sample. This VB injector runs on physical analyzer machine (Win7 x86) and virtual machines (Win7 x64 and Win XP) without injection behavior. But when I upload the sample to the online sandbox, it appears to inject iexplorer.exe and sends DNS request to C&C server. By the way, the VC runtime library and .NET framework 2&4 are already installed on the virtual machine. I have not found any way to make the sample appear any injection behavior by checking Process Monitor yet. Can anyone figure out the reason, it's welcome to communicate, or is there anyone who can dump out its Trojan body, please let me know, thks a lot... The password of the sample zip package is "infected". Do not run or debug on the real machine! ANY.RUN report (PC-side access): https://app.any.run/tasks/2be96389-5c11-4541-b3b2-bb027f445add/ Hybrid Analysis report: https://www.hybrid-analysis.com/sample/0e0a3f5fa2d7e092dbb9e31b55e8f1dc6879673d9af92735577522dc504e7af9?environmentId=120 VB_Injector_password_infected.zip
  20. 1 point
    Hi again, I changed the code a little... invoke GetClipboardOwner mov cOnr,eax invoke GetParent,cOnr mov cWnd,eax invoke SetWindowPos,cWnd,hWin,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS invoke GetCursorPos,addr lp invoke GetWindowRect,hWin,addr rc mov eax, rc.left add eax, 30 mov ecx, rc.top add ecx, 10 invoke SetCursorPos,eax,ecx invoke SetWindowPos,hWin,HWND_TOPMOST,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS invoke SetWindowPos,hWin,HWND_NOTOPMOST,0,0,0,0,SWP_NOSIZE or SWP_NOMOVE or SWP_ASYNCWINDOWPOS mov INP.INPUT._type,INPUT_MOUSE mov INP.INPUT.mi.dwFlags, MOUSEEVENTF_LEFTDOWN invoke SendInput,1,addr INP,sizeof INP mov INP.INPUT.mi.dwFlags, MOUSEEVENTF_LEFTUP invoke SendInput,1,addr INP,sizeof INP invoke SetCursorPos,lp.x,lp.y ...adding SetWindowPos x2.Now it works better.Also moved mouse more to left to prevent to open that menu.But also in this case its not working all over.When I do copy something from browser or other sources then WM_CLIPBOARDUPDATE seems to fail.Before I used WM_DRAWCLIPBOARD with SetClipboardViewer functon etc and there it was working.Strange is that its now no more working.Maybe using AddClipboardFormatListener function and RemoveClipboardFormatListener isnt a good choice or doing change something on my system = WM_DRAWCLIPBOARD fails.Now I need to reboot PC to check this out.Hhmm!!!So thats pretty bad,dont wanna each time do a reboot just to get my old stuff working again.Otherwise I will just using SetWindowPos x2 alone without getting the avtive window status if the other code examples doing some strange problems later. greetz EDIT: My fault about WM_DRAWCLIPBOARD so its still working.Just forgot that I added a check yesterday.So I think now its seems to work better using example from Ted WindowToFocus x32 just with adding SetWindowPos x2 and moving mousepointer some more to right side where it does click on.I think with this method I can live now so far. I can use it with WM_DRAWCLIPBOARD (SetClipboardViewer etc) or also with WM_CLIPBOARDUPDATE with AddClipboardFormatListener function.This seems to be easier just need to call this function once + RemoveClipboardFormatListener at the end. Thank again guys.
  21. 1 point
    Waiting on mouse movement this time... Global User32 = OpenLibrary(#PB_Any, "user32.dll") Prototype.i AddClipboardFormatListener_(hWnd) Global AddClipboardFormatListener_.AddClipboardFormatListener_ AddClipboardFormatListener_ = GetFunction(User32, "AddClipboardFormatListener") Procedure LastInput(cWnd) Protected lpPoint.POINT Protected oldx, oldy GetCursorPos_(@lpPoint.POINT) oldx = lpPoint\x oldy = lpPoint\y Repeat GetCursorPos_(@lpPoint.POINT) Delay(10) Until oldx <> lpPoint\x Or oldy <> lpPoint\y SetWindowPos_(WindowID(0), cWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) EndProcedure Procedure WindowToFocus(hWnd, uMsg, wParam, lParam) Static cOnr, cWnd #WM_CLIPBOARDUPDATE = $031D Select uMsg Case #WM_CLIPBOARDUPDATE If IsClipboardFormatAvailable_(#CF_TEXT) ; Find the last clipboard owner then bring our window to the foreground. cOnr = GetClipboardOwner_() cWnd = GetParent_(cOnr) SetWindowPos_(cWnd, hWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) ; Save the current mouse pointer coordinates. CreateThread(@LastInput(), cWnd) EndIf EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure Ted.
  22. 1 point
    I might point out that perhaps what is missing is the task at hand. If I copy a magnet:// link, my torrent app will automatically come to the front and offer to download if it is open. In Windows 10, clicking on a link which has magnet:// now brings up a would you like such and such app to open this warning. The only Windows-sanctioned solution is to use the correct mechanisms like registering your app to handle all of these events. Clipboard Viewer Chain: https://docs.microsoft.com/en-us/windows/win32/dataxchg/using-the-clipboard#adding-a-window-to-the-clipboard-viewer-chain Protocol Handlers: https://docs.microsoft.com/en-us/windows/win32/search/-search-3x-wds-ph-install-registration There are probably tricks you can do. I don't know how the torrent programs monitor and bring to front, but I imagine you could monitor the clipboard for a change, modify the clipboard to contain a protocol that you are registered for e.g. myapp:// and then the system will bring your app to the forefront. I imagine this works in Win7 as well. But its a cleaner and better route in modern windows than hijacking the foreground window which due to annoying apps that have overused that ability has become increasingly complicated, difficult and with all sorts of nuances and details to check for. For example accessibility features, custom keyboard mappings, system style of windows that might make keyboard/mouse simulation complex, privileged windows, UAC elevation prompts, 2 apps that both are trying to capture and bring to front could end up getting in deadlock fight for it, etc. A professional solution probably is not worth it unless its absolutely necessary with no alternatives and could require reversing Windows a bit to get some peculiar details. I've browsed the Win2k source more than few times :). IMO, Microsoft should open source the UI drawing parts of the basic windows controls so its easy to derive clean professional owner-draw solutions and the like which deals with every possible circumstance. That seems long overdue and who knows at the current rate maybe they will some day.
  23. 1 point
    I think I already answered it ๐Ÿ˜‹ When a user is working/interacting in an active window you can't steal focus away from it to another application. The user passes on focused privileges by activating the window. If you are really, really, really intent on stealing focus you can do something immensely annoying by simulating a mouse click on screen in a window. Something like this... Global User32 = OpenLibrary(#PB_Any, "user32.dll") Prototype.i AddClipboardFormatListener_(hWnd) Global AddClipboardFormatListener_.AddClipboardFormatListener_ AddClipboardFormatListener_ = GetFunction(User32, "AddClipboardFormatListener") Procedure WindowToFocus(hWnd, uMsg, wParam, lParam) Static cOnr, cWnd, Timer #WM_CLIPBOARDUPDATE = $031D Select uMsg Case #WM_CLIPBOARDUPDATE If IsClipboardFormatAvailable_(#CF_TEXT) cOnr = GetClipboardOwner_() cWnd = GetParent_(cOnr) SetWindowPos_(cWnd, hWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) ;GetWindowRect_(cWnd, @lpRect.rect) GetWindowRect_(hWnd, @lpRect.rect) SetCursorPos_(lpRect\left + 10, lpRect\top + 10) tagINPUT.INPUT ; Mouse down... tagINPUT\type = #INPUT_MOUSE tagINPUT\mi\dwFlags = #MOUSEEVENTF_LEFTDOWN SendInput_(1, @tagINPUT, SizeOf(INPUT)) ; Mouse up... tagINPUT\mi\dwFlags = #MOUSEEVENTF_LEFTUP SendInput_(1, @tagINPUT, SizeOf(INPUT)) EndIf EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure If OpenWindow(0, 0, 0, 300, 200, "WindowToFocus", #PB_Window_ScreenCentered | #PB_Window_SizeGadget | #PB_Window_MaximizeGadget) AddClipboardFormatListener_(WindowID(0)) SetWindowCallback(@WindowToFocus()) Repeat Until WaitWindowEvent() = #PB_Event_CloseWindow EndIf Ted.
  24. 1 point
    SetWindowPos can change the z order but it doesn't activate the window You can use SetActiveWindow after you have brought to front, if its not in front it will not set as active Have you tried SetForegroundWindow ?
  25. 1 point
    I use a free app which I think does what your asking, it is a downloader which monitors the clipboard for new links to sites it supports such as youtube, clicknupload etc. and when a new link is copied to clipboard it pops up a window asking if you want to download it if that's what you want your app to do then maybe you could see how they do it there http://wordrider.net/freerapid/
  26. 1 point
    You cannot take (steal) focus away from another window you do not control whilst the user is currently active inside it. You will not be notified of the other windows' events to make a judgement call when to send your window to back. As @kao mentioned above the only way to do this would be to attach to the thread input queue of that window. You can then change its z-order position whilst focused. There are a few caveats. If the process is elevated you will not be able to attach to the input queue. If there is a problem with the process you are attached to you run the risk of inheriting those problems. Some more questions; Why do you need to bring your window to the front? What is the purpose of your window whilst it is in front, what will it do when it is front? If you need to bring the window to the front how long do you need it to be there? Why do you need to send it to the back? If you only need your window to be front for a short period set a timer event to send it back when its work is done. There are some other methods whilst another window has focus though they are hit-and-miss. Waiting for WM_NCACTIVATE is one, though this event may never occur and shouldn't be relied upon. Global User32 = OpenLibrary(#PB_Any, "user32.dll") Prototype.i AddClipboardFormatListener_(hWnd) Global AddClipboardFormatListener_.AddClipboardFormatListener_ AddClipboardFormatListener_ = GetFunction(User32, "AddClipboardFormatListener") Procedure WindowToFocus(hWnd, uMsg, wParam, lParam) Static cOnr, cWnd, Timer #WM_CLIPBOARDUPDATE = $031D Select uMsg Case #WM_CLIPBOARDUPDATE If IsClipboardFormatAvailable_(#CF_TEXT) cOnr = GetClipboardOwner_() cWnd = GetParent_(cOnr) SetWindowPos_(cWnd, hWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) SetTimer_(hWnd, Timer, 500, #Null) EndIf Case #WM_TIMER Select wParam Case Timer SetWindowPos_(hWnd, cWnd, #Null, #Null, #Null, #Null, #SWP_NOSIZE | #SWP_NOMOVE | #SWP_ASYNCWINDOWPOS) EndSelect EndSelect ProcedureReturn #PB_ProcessPureBasicEvents EndProcedure If OpenWindow(0, 0, 0, 300, 200, "WindowToFocus", #PB_Window_ScreenCentered | #PB_Window_SizeGadget | #PB_Window_MaximizeGadget) AddClipboardFormatListener_(WindowID(0)) SetWindowCallback(@WindowToFocus()) Repeat Until WaitWindowEvent() = #PB_Event_CloseWindow EndIf Ted.
  27. 1 point
    GetWindowThreadProcessId you might wanna check that doesnt destroy ebx
  28. 1 point
    @LCF-AT: I believe this example and explanation should work: https://www.codeproject.com/Tips/76427/How-to-bring-window-to-top-with-SetForegroundWindo My ugly test code (PLEASE don't use it in real life project!): ;invoke SetWindowPos,hWin,HWND_TOPMOST,0,0,0,0, SWP_NOACTIVATE or SWP_SHOWWINDOW or SWP_NOSIZE or SWP_NOMOVE ;invoke SetWindowPos,hWin,HWND_NOTOPMOST,0,0,0,0, SWP_NOACTIVATE or SWP_SHOWWINDOW or SWP_NOSIZE or SWP_NOMOVE pushad invoke GetForegroundWindow mov esi, eax invoke GetCurrentThreadId mov ebx, eax invoke GetWindowThreadProcessId, esi, 0 mov edi, eax invoke AttachThreadInput, ebx, edi, 1 invoke AllowSetForegroundWindow, -1 invoke SetForegroundWindow,hWin invoke AttachThreadInput, ebx, edi, 0 popad Please note that I did only very limited testing with only notepad, your sample app and 3 copy to clipboard attempts. There might be issues, especially in your "very specific" configurations with Sandboxie and what not.. Does that solve your problem? kao.
  29. 1 point
    Hi Did you tried to send mouse down/up message to your window ? sample: https://stackoverflow.com/questions/12363215/send-mouse-click-message BR, h4sh3m
  30. 1 point
    SetWindowPos(windowHwnd, HWND_TOPMOST, 0, 0, 0, 0, SWP_NOACTIVATE | SWP_SHOWWINDOW | SWP_NOSIZE | SWP_NOMOVE); think you can convert that to asm yourself
  31. 1 point
    As @atom0s already mentioned SetFocus is what you are after if you want keyboard events in your window... Ted.
  32. 1 point
    In terms of API that can be used / are used to do this: BringWindowToTop SetActiveWindow SetForegroundWindow SetFocus SetWindowPos ShowWindow SwitchToThisWindow In some cases, you may need to make use of 'AttachThreadInput' as well.
  33. 1 point
    As I said earlier - I don't use Sandboxie and can't help you with that. From the quick search, you could try to enable Trace mode and check the log for hints what needs to be enabled: https://www.sandboxie.com/SandboxieTrace
  34. 1 point
    Over 1.5 Billion unique people, including close to 260 million in the US. Over 1 billion personal email addresses. Work email for 70%+ decision makers in the US, UK, and Canada. Over 420 million Linkedin urls Over 1 billion facebook urls and ids. 400 million+ phone numbers. 200 million+ US-based valid cell phone numbers. https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/
  35. 1 point
    I took dragdrop.asm from raedit, commented out things that didn't immediately compile, added a simple window + initialization code and it sort of works. When something is dragged over window, you can see calls to IDropTarget_AddRef and IDropTarget_DragEnter. After that it messes up because most of the code in IDropTarget_DragEnter was commented out. But that was enough for my dumb test. So, probably you did something wrong with pIDropTarget declaration or implementation.
  36. 1 point
    ..and there's your problem. Sandboxie blocks such communication by design - because that's the only way it can ensure that the sandboxed process doesn't break out of it. I'm not using Sandboxie, so I can't tell you if/how you can work around it. Google for possible configuration options. Maybe (just maybe!) this configuration option could work: https://www.sandboxie.com/OpenWinClass See IDropTarget link from my first answer. It's a COM interface. It's ugly. But that's how things in Windows sometimes work - no way around it. Here's another sample program - http://web.archive.org/web/20050402152142/http://home.inreach.com/mdunn/code/ClipSpy/clipspy.html - there you can actually drag/drop any link from IE, not only from address bar. So, it might be even better example than the first one I gave. Or you can look at RAEdit sources, they have most of the structures defined (no comments, though): https://github.com/m417z/SimEd/blob/master/RAEdit/DragDrop.asm
  37. 1 point
    Sample app does work for me in 64bit Win7 on both Chrome and IE, otherwise I wouldn't suggest it. From Chrome you can drag/drop both address from address bar and hyperlinks from any webpage. From IE8 you can drag/drop address from address bar. I don't use Firefox or Brave or Vivaldi or whatever other weird browsers, so I can't test those.
  38. 1 point
    You need to implement drop target. See MSDN for RegisterDragDrop, IDropTarget and/or http://www.catch22.net/tuts/win32/drop-target for sample app with C sources.
  39. 1 point
    I read somewhere that there are some disk images so you don't need to download the entire torrent. As to what is specifically on there and how revealing that information is I have no idea... Ted.
  40. 1 point
    This one is good to use on your TV's browser - instead of using the default YouTube app - to get around all the annoying ads... Ted.
  41. 1 point
  42. 1 point
    Just a small heads up, the FREEGAME offer for GreenManGames still requires you to create an account AND give them all your personal information just to get the free game. Technically not really free since they are getting your info.
  43. 1 point
    https://github.com/DefCon42/op-mutation decided to release the source because it's a neat example of a practical application of linear algebra yes, i know the code does not look great and there's blatant violations of like every standard ever no, i won't change that :^) note: only works with relatively simple operations. add, sub, not, etc will work but higher order operators like multiplication and exponentiation will not
  44. 1 point
    Simple Polymorphic Engine (SPE32) is a simple polymorphic engine for encrypting code and data. It is an amateur project that can be used to demonstrate what polymorphic engines are. SPE32 allows you to encrypt any data and generate a unique decryption code for this data. The encryption algorithm uses randomly selected instructions and encryption keys. https://github.com/PELock/Simple-Polymorphic-Engine-SPE32 Sample polymorphic code in x86dbg window: Another polymorphic code mutation, this time with code junks
  45. 1 point
    Before you potentially dump $50 on CodeStage, look around for free options. Most of what's offered in his library is already free. Protected memory/variables: - https://docs.microsoft.com/en-us/dotnet/api/system.security.cryptography.protectedmemory - https://gamedev.stackexchange.com/a/9851 (Xor'd value, same as how CodeStage protects.) - https://www.alanzucconi.com/2015/09/02/a-practical-tutorial-to-hack-and-protect-unity-games/ - https://github.com/Ymiku/SafeInt - https://github.com/pedro15/UniToolKit Protected player prefs: - https://www.alanzucconi.com/2015/09/02/a-practical-tutorial-to-hack-and-protect-unity-games/ - https://gist.github.com/ftvs/5299600 - https://github.com/rawandnf/SecurePlayerPrefs - Any kind of encryption you prefer works for this. Generate Code Hashes: - Use System.Reflection for this. (MethodBody -> GetILAsByteArray -> hash etc.) Detect Speed Hack: - This is done by monitoring the ticks of an application in a timer/thread checking for any sudden increases that cause the timing of the app/process to be considered fast/slow. - https://github.com/WizardVan/UnityDetector Detect Wall Hacks: - This is done a number of ways depending on what kind of detection you are looking for. Detect Injections: - Walk/monitor the app domains assembly list for unknown modules. (AppDomain.CurrentDomain.GetAssemblies()) - Track a list of valid/allowed modules + checksum hashes. - Track IL edits to functions via hash checks. Keep in mind all of this is bypassable, editable, etc. by a hack/cheat/mod so while you are adding a layer of security it will only work against certain people whom are not familiar with bypassing this kind of stuff.
  46. 1 point
    Hi guys. I have a linux "hacking challenge" x64 binary that is difficult to exploit, you can find it attached to this email. This binary it's vulnerable to buffer overflow + ROP + canary bypass, so will be possible to execute shellcode. The vulnerable input fields are "HOURS WORKED" and "REASON FOR OVERTIME" (this field it's also vulnerable to format string vulnerability, so with an input like %016llX,%016llX,%016llX etc... will be possible to dump the stack and the canary value) Any of you that can give it a look? Thanks a lot guys! (the vulnerable binary it's "vulnelf") vulnelf
  47. 1 point
    https://medium.com/@lduck11007/a-crash-course-in-everything-cryptographic-50daa0fda482 Ted.
  48. 1 point
    this has some more techniques: https://studylib.net/doc/14916230/anti-debugging-techniques-malware-analysis-seminar-meetin...
  49. 1 point
    Good times! I still play UT every once in while, last time was with my son. Happy to participate in a game night/day if someone is able to organise an event and it falls at a suitable date and time... Ted.
  50. 0 points
    I do miss the old times with people actually posting new and interesting stuff in here. Last few years have been really tough. I don't have a solution to that, just the feeling that it's the biggest problem that needs addressing. As for smaller and easier to solve things: 1) It would be nice to have faster actions to stop troll-fights between techlord's fans and their opponents. Last thing we need here is the toxic atmosphere they bring; 2) It's time to stop "Difficulty 10/10" nonsense in crackmes that contain nothing more than a rebranded ConfuserEx. For example, create a rule that members with "Junior" title are not allowed to post crackmes, as they almost inevitably submit total garbage. Or maybe crackme section moderators could do more filtering (I'm not saying they are not doing a good job - they are!, just that the acceptance rules are too relaxed); My 2 cents. kao.
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
  • Create New...