Jump to content
Tuts 4 You


Popular Content

Showing content with the highest reputation on 07/22/2021 in Posts

  1. Target uses homomorphic encryption of two pieces of code, which are the crucial part of verifying the serial. Not sure if it's keygennable, maybe someone else will make it. If the string that we enter to the input box is passed to these following two methods and both of them return expected result then we get goodboy ("Hooollaaaaa :)") message. Result of this method internal static int check1(string input) { int num = 0; for (int i = 0; i < input.Length; i++) { num += (int)(input[i] + 'P'); } return num; } must be 5214 Result of this method internal static int check2(string input) { int num = 0; for (int i = 0; i < input.Length; i++) { num += i * (int)input[i] % 0x7FFFFFFF; } return num; } must be 40106
    3 points
  2. Migrating Facebook to MySQL v8.0 engineering.fb.com/2021/07/22/data-infrastructure/mysql/ Akamai Edge DNS Down edgedns.status.akamai.com/ www.bbc.com/news/technology-57929544 AlphaFold Protein Structure Database alphafold.ebi.ac.uk/ Even if you’re paying, you’re still the product odysee.com/@CyberLounge:a/even-if-youre-paying-youre-still-the-product:7 Wiser – minimal hypervisor boots Linux VM. Written in C github.com/flouthoc/wiser open-source-alternatives www.btw.so/open-source-alternatives Reflections as the Internet Archive turns 25 blog.archive.org/2021/07/21/reflections-as-the-internet-archive-turns-25/ Man Arrested in Connection with Alleged Role in Twitter Hack www.justice.gov/opa/pr/man-arrested-connection-alleged-role-twitter-hack NSO group say enough is enough www.nsogroup.com/Newses/enough-is-enough/ Colorado River is shrinking www.sciencemag.org/news/2021/07/colorado-river-shrinking-hard-choices-lie-ahead-scientist-warns sudo - music for developers sudo.fm Bezos donates $100 million each to CNN contributors www.cnn.com/2021/07/20/media/van-jones-bezos-100-million/index.html Telegram founder listed in leaked Pegasus project data www.theguardian.com/news/2021/jul/21/telegram-founder-pavel-durov-listed-spyware-targets-nso-leak-pegasus Epic Games acquires Sketchfab techcrunch.com/2021/07/21/epic-games-acquires-sketchfab-a-3d-model-sharing-platform/ How do Chrome extensions impact browser performance? www.debugbear.com/blog/chrome-extension-performance-2021 Neverinstall – A platform to bring desktop applications to the browser neverinstall.com/ Intel Distribution for Python software.intel.com/content/www/us/en/develop/tools/oneapi/components/distribution-for-python.html Google pushed a one-character typo to production, bricking Chrome OS devices arstechnica.com/gadgets/2021/07/google-pushed-a-one-character-typo-to-production-bricking-chrome-os-devices/ G - Introducing the Data Validation Tool for EDW migrations cloud.google.com/blog/products/databases/automate-data-validation-with-dvt Kaseya obtained a decryptor for victims of the REvil ransomware apnews.com/article/lifestyle-technology-joe-biden-europe-business-bb7298b31b7157640fbd5f90fc19c224 helpdesk.kaseya.com/hc/en-gb/articles/4403440684689-Important-Notice-July-21st-2021 California Sues Gaming Giant Activision Blizzard Over Unequal Pay, Sexual Harassment www.npr.org/2021/07/22/1019293032/activision-blizzard-lawsuit-unequal-pay-sexual-harassment-video-games Our genes shape our gut bacteria www.sciencedaily.com/releases/2021/07/210708170331.htm Zip - How not to design a file format games.greggman.com/game/zip-rant How TikTok's Algorithm Figures Out Your Deepest Desires www.wsj.com/video/series/inside-tiktoks-highly-secretive-algorithm/investigation-how-tiktok-algorithm-figures-out-your-deepest-desires
    1 point
  3. I was unable to unpack this executable but have made some progress in creating a devirtualiser.First thing I've done it debug the program to understand how the vm works.There I've realised that class \u0008\u2008 is the VM class, in which most of the VM code is located.Then I dumped \u0008\u2008.\u0006\u2002 this is a field of type Dictionary<int, \u0008\u2008.\u0002\u2000> where int is vm op code id and \u0008\u2008.\u0002\u2000 is a method associated with that VM opcode.After I had that dumped I ran it through my program and was able to link some of those methods to CIL opcodes.You'll be able to download the map from the file below.Then I linked those CIL opcodes to instruction ids.This allows me to devirualise virtualized code. Now I needed method bodies. Those were pretty easy to obtain.You'll be able to see both virtualised and devirtualised bodies in the file below.Ok so I knew what op code corresponds to what VM op code and had all the virtualised bodies so I should be able to unpack it, but that wasn't the case because of 2 factors.First one is that the operands for certain instruction(call,ldtoken,callvirt,ldfld,stfld...) are encrypted.All eaz assemblies have an encrypted resource from which they get these values.I tried to decrypt these values but failed, but fortunately I was able to semi-circumvent this. Eaz caches all the decrypted operands so I ran the program gave a wrong input and dumped the assembly and obtained these value, unfortunately the values that were not decrypted didn't get cached so I was unable to obtain them.List of decrypted operands are in the file below.Second issue is the eaz opcode callinernal(my nickname).This opcode takes an encrypted operand as the argument and uses it to pretty much create a dynamic method, I wasn't able to get bodies for these methods(I was able to get 3 including anti-dbg code), and from the looks of it they are important.I tried to fix these to issue but couldn't so I gave up.I decided to just devirtualise bodies I had with limited information I had and you can get those unpacked bodies from the file below.I hope this info proves useful to someone so they can make an unpacker.I just wanna be clear on this one <Decrypted></Decrypted> field refers to wheter the operand was decrypted and <BranchTo></BranchTo> refers to command that branch instruction is referencing. Forgot to mention, might be important the method that runs the vm code looks like this: private void \u0008\u2000(bool \u0002) { uint u0005_u = this.\u0005\u2001; for (;;) { try { while (!this.\u000E) { if (this.\u0008\u2003 != null) { this.\u0003\u2001 = this.\u0008\u2003.Value; this.\u0002((long)((ulong)this.\u0003\u2001)); this.\u0008\u2003 = null; } else if (this.\u0003\u2001 >= u0005_u) { break; } this.\u0006(); } } catch (object u) { this.\u0002(u, 0U); if (\u0002) { continue; } this.\u0008\u2000(true); } break; } } the part that executed the vm op code is this.\u0006(); and it looks like this private void \u0006() { this.\u0002\u2002 = this.\u0003\u2001; int key = this.\u000E\u2003.\u0006(); this.\u0003\u2001 += 4U; \u0008\u2008.\u0002\u2000 u0002_u; global::\u0008\u2008.\u0006\u2002.TryGetValue(key, out u0002_u); u0002_u.\u0003(this, this.\u0002(this.\u000E\u2003, u0002_u.\u0002)); } This like generated vm opcode id int key = this.\u000E\u2003.\u0006(); And this line gets the method associated with that key global::\u0008\u2008.\u0006\u2002.TryGetValue(key, out u0002_u); and the last line executes it Data.xml
    1 point
  • Create New...