Jump to content
Tuts 4 You

Leaderboard

  1. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      16

    • Content Count

      8,960


  2. newhak

    newhak

    Full Member


    • Points

      13

    • Content Count

      63


  3. LCF-AT

    LCF-AT

    Full Member+


    • Points

      12

    • Content Count

      4,958


  4. Gladiator

    Gladiator

    Full Member


    • Points

      8

    • Content Count

      353


Popular Content

Showing content with the highest reputation since 08/24/2020 in all areas

  1. Fun challenge. I went for finding just the key algorithm rather than fully devirtualizing, but the code is pretty clear. Here some sample keys: Approach: Keygen.7z
    5 points
  2. Here are some of my keygen/crack GFX's / templates i've made on photoshop + WinASM studio these days : (1) https://imgur.com/vS71RaO (2) https://imgur.com/3fWUf30 (3) https://imgur.com/5YfB8Xg (4) https://imgur.com/2Bt54Ne (5) https://imgur.com/fDC4FfK (6) https://imgur.com/p4TBQ4J (7) https://imgur.com/gNOgPnR (8) https://imgur.com/vkwSQ01 Please note that PERYFERiAH team is not a warez group. It is actually a vlogging team since i was making vlogs in high school in the past. And the people of the PERYFERiAH (PRF for short) were actually my
    4 points
  3. Sure, i gonna release a unpacker for net reactor 6x soon.
    4 points
  4. I never expected Tuts 4 You to keep going for nearly twenty years and here it is, not far off twenty. If I, and the site, are still around in another 50 years it will be an achievement worth celebrating... Ted.
    2 points
  5. First of all, this crackme is version dependent, it only works with Python 3.8 x86. I don't have it installed, so I had to replace _pytransform.dll with the x64 equivalent downloaded from here to be able to run it with my x64 version of Python 3.8. By looking in the memory of python.exe and placing hardware breakpoints on write on an encrypted code of PyArmor (that starts with \x50\x59\x41\x52\x4d...) we can find a place in _pytransform.dll where it decrypts it to the actual marshalled code object of Python. It is a function at RVA 0x254D0. Then we have to deal with the second layer of Py
    2 points
  6. Yes exactly you should always have a good efficient organization system for your files. Documents and source code should even be backed up in a repo or the cloud. Downloads which are not personal and can be regotten should be put in a location you can curate from time to time. Of course certain items which might not be redownload able might need a more permanent backed up place. Apps or libraries can go somewhere easily disposable. Organization is key. It will save you from data loss and from difficulty with migrations. Usually you can delete all the files in the root folder
    2 points
  7. Why not reverse the scenario and ask yourself what it is you want to keep. Then back that up that data somewhere and format the drive. Ted.
    2 points
  8. Whoops you are completely right, I posted my reply to the wrong vmp crackme/unpackme challenge thread. @whoknows has made two threads This one is actually easier, since code is pretty much readable (after you dumped it from memory that is). And yea, the password for this one is indeed "duck" rather than tetris.
    2 points
  9. Its a unpack me file not a crack me, and i don't think you know anything about virtualization.
    2 points
  10. Regexps are not particularly efficient here and simple string operations work much better. Anyways, I made a writeup on my blog (https://lifeinhex.com/deobfuscating-autoit-scripts-part-2/) and made a copy-paste below. Unfortunately, all the hyperlinks are gone and I just can't be bothered to go through each and every one of them. Also - it refers a lot to my old solution of another AutoIt crackme, so I really suggest to check that writeup as well: --------- Almost 4 years ago, I wrote a blogpost about deobfuscating a simple AutoIt obfuscator.
    2 points
  11. awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
    2 points
  12. 11,043 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    2 points
  13. Like once every 10 years?
    1 point
  14. PATCH BUTTON IS DEACTIVATED ! exe file is not crunched hi folks, last days i made 2 patches. This one use directX9c. CODE & GFX: inc SOUND: dalezy to run it properly, make sure you have installed DirectX9c latest on your PC Runtime Software RAID Reconstructor v4.40.rar
    1 point
  15. Yes, this is likely coded in PureBasic... đź‘Ť Ted.
    1 point
  16. 72 downloads

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. S
    1 point
  17. You have to place license data and transform key inside _pytransform.dll to be able to use dll that was downloaded from server. Check this source code file, specifically _patch_extension method. To decompile pyc file, you have to deal with some anti-decompiling features that PyArmor has. For example, uncompyle6 does not work on the piece of code with several "NOP" in a row. Check this opcodes reference, you can easily edit pyc file using your favourite hex editor.
    1 point
  18. View File Crypto obfuscator + IntelliLock (Hard) 1- Crypto obfuscator Fake Name Method Hide Calls Encrypt Strings Code Masking 2- IntelliLock Max Settings If you unpack this tell us how you did it and what programs you used. Submitter 2Face Submitted 09/11/2020 Category UnPackMe (.NET)  
    1 point
  19. International Day of The Programmer Free Bundle (Was $143.81) Learn Java 12 Programming Expert Python Programming - Third Edition Beginning C++ Game Programming - Second Edition https://www.fanatical.com/en/bundle/international-day-of-the-programmer-free-bundle Ted.
    1 point
  20. Registration is open
    1 point
  21. I would just like to point out that this is DNGuard Enterprise HVM 3.9.5.1 not 3.9.5.3
    1 point
  22. Just like SSDT can be checked and the 10 anti-DKOM API can be called. By the way it's funny that there are Denuvo discussions here and there are like a couple dozen Tut4you and SnD people working at Denuvo
    1 point
  23. View File DNGuard HVM Try to unpack or alternatively provide the secret key, URL, Name and Address Protections used: DNGuard Enterprice HVM 3.953 Good luck. Submitter Mohd Submitted 09/08/2020 Category UnPackMe (.NET)  
    1 point
  24. github.com/MantechUser/aes-finder bonus businessinsider.com/delete-social-media-phone-parasite-mental-health-instagram-twitter-facebook-2020-9
    1 point
  25. just packer, mutation and refh proxy.
    1 point
  26. reddit.com/r/ReverseEngineering/comments/inet9o/semiautomatic_code_deobfuscation_r2con2020/
    1 point
  27. If the HDD is on a different PC you can try with Hirens boot and if is Win7 i remember i wiped manual system files with the own cd of Win7 which has a utility to manage file explorer without running windows and able to delete anything you want.
    1 point
  28. View File VMProtect v3.5.0.1213 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Submitter whoknows Submitted 08/07/2020 Category UnPackMe (.NET)
    1 point
  29. clean mutations to fully complete
    1 point
  30. privacy-watchdog.io/protonmails-creation-with-cia-nsa/ + privacy-watchdog.io/ bonus krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
    1 point
  31. Unpackers tools - source code C# My source code: https://gitlab.com/CodeCracker https://github.com/CodeCrackerSND https://bitbucket.org/CodeCrackerSND/ I will NOT share (anymore) the rest of my tools!
    1 point
  32. @XenocodeRCE: I have a huge respect for you as a RE guy but now you're just being a d*ck. If you have some personal issues with mamo/localhost0/whatever he calls himself this week, please resolve them privately and don't make a huge public drama out of it. No matter how I count, it's 3 months and 2 days max. If you're gonna whine, at least get your facts right. Umm, no. The requirement from law is to react on any reported copyright infringements, not to actively run around and search for any possible issues. See DMCA 512(c). So, if admins ignored a properly re
    1 point
  33. https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator @GameHackerPM @BlackHat To fix delegates, controlflow, and strings here yous go ive made a tool with many comments to help you understand!
    1 point
  34. _PyEval_EvalFrameDefault executes a code object on the Python frame. To dump the code object to a file you need to use PyMarshal_WriteObjectToFile / PyMarshal_WriteObjectToString at an appropriate place within the function. DnSpy has nothing to do with Python. It's just a piece of string inserted there on purpose.
    1 point
  35. Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me).
    1 point
  36. You'll probably need to use the "/nodefaultlib" switch. Assuming you used the ZIP file from here: check the make.bat for example command-line.
    1 point
  37. In my opinion that solution will be acceptable only if the tool used is public.
    1 point
  38. It's a really good question. The answer really depends. Let me give you few recent examples. Example #1: Extreme Coders names the tools and explains HOW to solve the crackme. A lot of effort is required but all the tools can be found via Google. So I have zero issues with the solution. Example #2: Prab names the tools but no explanation is given. "x86 retranslater" definitely cannot be found not on Google. "Clean control flow" tells the obvious thing but it doesn't explain HOW to do that. What's the point of such solution? The only thing reader wi
    1 point
  39. a key: i fixed de4dot for new reactor including method decryption, cflow etc... and finally devirt it. there are tutorials about fixing de4dot/devirt in this forum including this topic as well.
    1 point
  40. Steps: 1. Simple MSIL Decryptor by CodeCracker 2. Devirtualization tool i have been working on. .Net Reactor imo has a **basic** to intermediate VM. i suggest you give this a try! Tips on how to start: 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))
    1 point
  41. just a try to add more feature's to x64dbg script system History Section: - version 2.0: 1-all numbers are hex numbers. 2-more nested in arguments. 3-Build bridge to make plugin system Compatible with x64dbg script system. 4-create parallel Functions to x64dbg Functions, like ( cmp >> cmpx ). 5-rename new name (Varx Getx Setx) and fix array index entry. 6-add VarxClear ( clear all variable to help user in test's ) , memdump with print style. - version 1.6: 1- add Parser system to recognize arguments. 2- begin build Script system. 3- add more Helper Functions. -
    1 point
  42. If the only reason you want to learn RE is to have a unique skill for your resume/job application, you're very mistaken. Don't even try that. Anyone can learn to write (crappy) JavaScript/PHP/CSS in a few weeks and call himself/herself a "freelance web developer". Not everyone can become a reverse engineer - it requires a specific mindset and dedication. As for job positions, it really depends where you live and what your area of expertise would be. Analyzing malware requires a totally different skillset than finding bugs in hardware chips. Entry level positions usually are paid similar
    1 point
  43. It's been a while i haven't did a video of malware reverse engineering, so here something new: Having a look on HelloWorld (ATM Malware)
    1 point
  44. 75 downloads

    You may wonder why I have chosen this topic, why write a tutor on .net components? Technically a .NET component is not different from an executable assembly, I mean that both are compiled to MSIL and you can usually view the source in Reflector and other tools, but when it comes to commercial components you have to understand that more and more complicated protection schemes are being implemented to protect them, and after analyzing many products I found so many points that all these components share to protect themselves. The second reason that pushed me to write this tutor is that
    1 point
  45. .NET Reactor v6.2.0.0 changed a few things. First, they added code virtualization which is not that hard because it's more straightforward than rest of code virtualization implementations that are in the market. You forgot to protect your code with this feature. Secondly, you can now hide your external and internal calls with their new "Hide calling" feature. You can use de4dot standard ProxyCallFixer1 to fix those delegates. Of course firstly you need to read them from initialization method but reading method is already implemented in the base version of de4dot (which is used for resources, s
    1 point
  46. Hi New Update with more features : https://github.com/Ahmadmansoor/AdvancedScript AdvancedScript version 4.3 https://github.com/Ahmadmansoor/AdvancedScript/releases * Add new commands and fix some bugs * fix error load of the Auto Commands when there is no ; * Fix AutoRun and stepson ( wait command to finish). * Fix color variable name. * Add ReadFile , Write2Mem , ReadMem * Add GoToByBase Form ( https://www.youtube.com/watch?v=gQxlbC8RnRg ) * Assigne variable directly no need to Setx Command. Sample : Varx str,memory // var will hold the hex
    1 point
  47. AdvancedScript_3.1 - fix CheckHexIsValid ( fix length ). - add menu to (copy - follow - delete) variables . - add more check for StrAnalyze. - add MsgBox for if command in a case does not resolve arguments. note : copy can copy one value or all values in case Array variables AdvancedScript_3.1.zip Script.zip
    1 point
  48. everything moved to vimeo, download are enabled also. https://vimeo.com/album/5427366
    1 point
  49. v1.1 Plugin menu not appear. after applied folder seting from also not working after restart. it resets the path OllyDBG.ini.
    1 point
  50. Herein attached is a modded version of KB/farbrausch's V2M player. Supports win98-me-2k-xp-2k3-vista Has static and dynamic libs for Delphi/VB/VC++/MASM32 Includes library support for PowerBASIC/many others.... Enjoy! V2mPlayer_VB_Delphi.zip
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...