Jump to content
Tuts 4 You

Leaderboard

  1. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      16

    • Content Count

      8,960


  2. newhak

    newhak

    Full Member


    • Points

      13

    • Content Count

      63


  3. LCF-AT

    LCF-AT

    Full Member+


    • Points

      12

    • Content Count

      4,958


  4. Washi

    Washi

    Junior+


    • Points

      8

    • Content Count

      28


Popular Content

Showing content with the highest reputation since 08/24/2020 in all areas

  1. Fun challenge. I went for finding just the key algorithm rather than fully devirtualizing, but the code is pretty clear. Here some sample keys: Approach: Keygen.7z
    5 points
  2. Here are some of my keygen/crack GFX's / templates i've made on photoshop + WinASM studio these days : (1) https://imgur.com/vS71RaO (2) https://imgur.com/3fWUf30 (3) https://imgur.com/5YfB8Xg (4) https://imgur.com/2Bt54Ne (5) https://imgur.com/fDC4FfK (6) https://imgur.com/p4TBQ4J (7) https://imgur.com/gNOgPnR (8) https://imgur.com/vkwSQ01 Please note that PERYFERiAH team is not a warez group. It is actually a vlogging team since i was making vlogs in high school in the past. And the people of the PERYFERiAH (PRF for short) were actually my
    4 points
  3. Sure, i gonna release a unpacker for net reactor 6x soon.
    4 points
  4. I never expected Tuts 4 You to keep going for nearly twenty years and here it is, not far off twenty. If I, and the site, are still around in another 50 years it will be an achievement worth celebrating... Ted.
    2 points
  5. First of all, this crackme is version dependent, it only works with Python 3.8 x86. I don't have it installed, so I had to replace _pytransform.dll with the x64 equivalent downloaded from here to be able to run it with my x64 version of Python 3.8. By looking in the memory of python.exe and placing hardware breakpoints on write on an encrypted code of PyArmor (that starts with \x50\x59\x41\x52\x4d...) we can find a place in _pytransform.dll where it decrypts it to the actual marshalled code object of Python. It is a function at RVA 0x254D0. Then we have to deal with the second layer of Py
    2 points
  6. Yes exactly you should always have a good efficient organization system for your files. Documents and source code should even be backed up in a repo or the cloud. Downloads which are not personal and can be regotten should be put in a location you can curate from time to time. Of course certain items which might not be redownload able might need a more permanent backed up place. Apps or libraries can go somewhere easily disposable. Organization is key. It will save you from data loss and from difficulty with migrations. Usually you can delete all the files in the root folder
    2 points
  7. Why not reverse the scenario and ask yourself what it is you want to keep. Then back that up that data somewhere and format the drive. Ted.
    2 points
  8. Whoops you are completely right, I posted my reply to the wrong vmp crackme/unpackme challenge thread. @whoknows has made two threads This one is actually easier, since code is pretty much readable (after you dumped it from memory that is). And yea, the password for this one is indeed "duck" rather than tetris.
    2 points
  9. Its a unpack me file not a crack me, and i don't think you know anything about virtualization.
    2 points
  10. Regexps are not particularly efficient here and simple string operations work much better. Anyways, I made a writeup on my blog (https://lifeinhex.com/deobfuscating-autoit-scripts-part-2/) and made a copy-paste below. Unfortunately, all the hyperlinks are gone and I just can't be bothered to go through each and every one of them. Also - it refers a lot to my old solution of another AutoIt crackme, so I really suggest to check that writeup as well: --------- Almost 4 years ago, I wrote a blogpost about deobfuscating a simple AutoIt obfuscator.
    2 points
  11. awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
    2 points
  12. 11,043 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    2 points
  13. What language is your game written in? There are anti cheat libraries which you can include for your game, such as: AntiCheatToolkit for C# / Unity There are also many areas for cheaters such as loaders, injectors, time adjustors, memory searches / patchers from programs like Cheat Engine, what do you want to target? If everything then I suggest using a library like I suggested or download an open source one and learn from its code 😁
    1 point
  14. romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part1/ bonus Really Atari ST? - os2museum.com/wp/really-atari-st/ - troll @ sqlite.org/copyright.html -> Buy button -> hwaci.com/cgi-bin/license-step1 Bringing Edge to Linux - venturebeat.com/2020/09/22/microsoft-edge-linux-developers-october-2020/
    1 point
  15. Like once every 10 years?
    1 point
  16. Yes, this is likely coded in PureBasic... 👍 Ted.
    1 point
  17. PATCH BUTTON IS DEACTIVATED ! exe file is not crunched hi folks, last days i made 2 patches. This one use directX9c. CODE & GFX: inc SOUND: dalezy to run it properly, make sure you have installed DirectX9c latest on your PC Runtime Software RAID Reconstructor v4.40.rar
    1 point
  18. 73 downloads

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. S
    1 point
  19. 'thepiratebay.org' wasn't what was sold, just 'piratebay.org'. It's now up with an actual page stating they are looking to make a movie and the domain is purchasable for an affordable $1.9mil lol. https://piratebay.org/en
    1 point
  20. You have to place license data and transform key inside _pytransform.dll to be able to use dll that was downloaded from server. Check this source code file, specifically _patch_extension method. To decompile pyc file, you have to deal with some anti-decompiling features that PyArmor has. For example, uncompyle6 does not work on the piece of code with several "NOP" in a row. Check this opcodes reference, you can easily edit pyc file using your favourite hex editor.
    1 point
  21. Registration is open
    1 point
  22. I would just like to point out that this is DNGuard Enterprise HVM 3.9.5.1 not 3.9.5.3
    1 point
  23. Just like SSDT can be checked and the 10 anti-DKOM API can be called. By the way it's funny that there are Denuvo discussions here and there are like a couple dozen Tut4you and SnD people working at Denuvo
    1 point
  24. Since the challenge description allows it, I'm going for the quick serial fish for now Approach:
    1 point
  25. View File DNGuard HVM Try to unpack or alternatively provide the secret key, URL, Name and Address Protections used: DNGuard Enterprice HVM 3.953 Good luck. Submitter Mohd Submitted 09/08/2020 Category UnPackMe (.NET)  
    1 point
  26. just packer, mutation and refh proxy.
    1 point
  27. reddit.com/r/ReverseEngineering/comments/inet9o/semiautomatic_code_deobfuscation_r2con2020/
    1 point
  28. If the HDD is on a different PC you can try with Hirens boot and if is Win7 i remember i wiped manual system files with the own cd of Win7 which has a utility to manage file explorer without running windows and able to delete anything you want.
    1 point
  29. If it is a slave drive you are going to use for storage then you do not need to keep any files Either select all & delete or format, as long as you leave the partitions intact then it will be accessible as is, however it might be worth checking your partitions to see if there is a Windows recovery partition which you could re-allocate for storage 😀
    1 point
  30. View File VMProtect v3.5.0.1213 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Submitter whoknows Submitted 08/07/2020 Category UnPackMe (.NET)
    1 point
  31. clean mutations to fully complete
    1 point
  32. Create Instance without calling constructor FormatterServices.GetUninitializedObject() will create an instance without calling a constructor. I found this class by using Reflector and digging through some of the core .Net serialization classes. using System; using System.Reflection; using System.Runtime.Serialization; namespace NoConstructorThingy { class Program { static void Main() { // does not call ctor var myClass = (MyClass)FormatterServices.GetUninitializedObject(typeof(MyClass)); Console.WriteLine(myClass.One
    1 point
  33. 1 point
  34. Unpackers tools - source code C# My source code: https://gitlab.com/CodeCracker https://github.com/CodeCrackerSND https://bitbucket.org/CodeCrackerSND/ I will NOT share (anymore) the rest of my tools!
    1 point
  35. @XenocodeRCE: I have a huge respect for you as a RE guy but now you're just being a d*ck. If you have some personal issues with mamo/localhost0/whatever he calls himself this week, please resolve them privately and don't make a huge public drama out of it. No matter how I count, it's 3 months and 2 days max. If you're gonna whine, at least get your facts right. Umm, no. The requirement from law is to react on any reported copyright infringements, not to actively run around and search for any possible issues. See DMCA 512(c). So, if admins ignored a properly re
    1 point
  36. Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me).
    1 point
  37. You'll probably need to use the "/nodefaultlib" switch. Assuming you used the ZIP file from here: check the make.bat for example command-line.
    1 point
  38. In my opinion that solution will be acceptable only if the tool used is public.
    1 point
  39. It's a really good question. The answer really depends. Let me give you few recent examples. Example #1: Extreme Coders names the tools and explains HOW to solve the crackme. A lot of effort is required but all the tools can be found via Google. So I have zero issues with the solution. Example #2: Prab names the tools but no explanation is given. "x86 retranslater" definitely cannot be found not on Google. "Clean control flow" tells the obvious thing but it doesn't explain HOW to do that. What's the point of such solution? The only thing reader wi
    1 point
  40. a key: i fixed de4dot for new reactor including method decryption, cflow etc... and finally devirt it. there are tutorials about fixing de4dot/devirt in this forum including this topic as well.
    1 point
  41. Steps: 1. Simple MSIL Decryptor by CodeCracker 2. Devirtualization tool i have been working on. .Net Reactor imo has a **basic** to intermediate VM. i suggest you give this a try! Tips on how to start: 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))
    1 point
  42. Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.
    1 point
  43. https://github.com/GautamGreat/Scylla_Delphi_Plugin
    1 point
  44. 75 downloads

    You may wonder why I have chosen this topic, why write a tutor on .net components? Technically a .NET component is not different from an executable assembly, I mean that both are compiled to MSIL and you can usually view the source in Reflector and other tools, but when it comes to commercial components you have to understand that more and more complicated protection schemes are being implemented to protect them, and after analyzing many products I found so many points that all these components share to protect themselves. The second reason that pushed me to write this tutor is that
    1 point
  45. Ok, I have deobfuscated the file. Enjoy i guess. Btw some parts of the file uses "dynamic" so it wouldn't look like just "dynamic" it dnspy. There will be something like callsite stuff cuz that's how the compiler interprets the dynamic data type. sample(2)-SysMathCallFixed-DelegatesFixed-FieldToLocalFix-VarsUnmelted-StringDec_deobfuscated.exe
    1 point
  46. Hi New Update with more features : https://github.com/Ahmadmansoor/AdvancedScript AdvancedScript version 4.3 https://github.com/Ahmadmansoor/AdvancedScript/releases * Add new commands and fix some bugs * fix error load of the Auto Commands when there is no ; * Fix AutoRun and stepson ( wait command to finish). * Fix color variable name. * Add ReadFile , Write2Mem , ReadMem * Add GoToByBase Form ( https://www.youtube.com/watch?v=gQxlbC8RnRg ) * Assigne variable directly no need to Setx Command. Sample : Varx str,memory // var will hold the hex
    1 point
  47. AdvancedScript_3.1 - fix CheckHexIsValid ( fix length ). - add menu to (copy - follow - delete) variables . - add more check for StrAnalyze. - add MsgBox for if command in a case does not resolve arguments. note : copy can copy one value or all values in case Array variables AdvancedScript_3.1.zip Script.zip
    1 point
  48. everything moved to vimeo, download are enabled also. https://vimeo.com/album/5427366
    1 point
  49. Please friends, post your knowledge regarding themida x64 unpacking for x64dbg. please post your scripts also.
    1 point
  50. PATCH BUTTON IS DEACTIVATED ! exe file is not crunched hi folks, last days i made 2 patches. This one use OGL. CODE & GFX: inc SOUND: dalezy Runtime Software DiskExplorer For Linux v4.36.rar
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...