Jump to content
Tuts 4 You

Leaderboard

  1. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      16

    • Content Count

      8,960


  2. newhak

    newhak

    Full Member


    • Points

      13

    • Content Count

      63


  3. LCF-AT

    LCF-AT

    Full Member+


    • Points

      11

    • Content Count

      4,956


  4. CodeExplorer

    CodeExplorer

    Moderator


    • Points

      8

    • Content Count

      3,113


Popular Content

Showing content with the highest reputation since 08/23/2020 in all areas

  1. Fun challenge. I went for finding just the key algorithm rather than fully devirtualizing, but the code is pretty clear. Here some sample keys: Approach: Keygen.7z
    5 points
  2. Here are some of my keygen/crack GFX's / templates i've made on photoshop + WinASM studio these days : (1) https://imgur.com/vS71RaO (2) https://imgur.com/3fWUf30 (3) https://imgur.com/5YfB8Xg (4) https://imgur.com/2Bt54Ne (5) https://imgur.com/fDC4FfK (6) https://imgur.com/p4TBQ4J (7) https://imgur.com/gNOgPnR (8) https://imgur.com/vkwSQ01 Please note that PERYFERiAH team is not a warez group. It is actually a vlogging team since i was making vlogs in high school in the past. And the people of the PERYFERiAH (PRF for short) were actually my
    4 points
  3. Sure, i gonna release a unpacker for net reactor 6x soon.
    4 points
  4. I never expected Tuts 4 You to keep going for nearly twenty years and here it is, not far off twenty. If I, and the site, are still around in another 50 years it will be an achievement worth celebrating... Ted.
    2 points
  5. First of all, this crackme is version dependent, it only works with Python 3.8 x86. I don't have it installed, so I had to replace _pytransform.dll with the x64 equivalent downloaded from here to be able to run it with my x64 version of Python 3.8. By looking in the memory of python.exe and placing hardware breakpoints on write on an encrypted code of PyArmor (that starts with \x50\x59\x41\x52\x4d...) we can find a place in _pytransform.dll where it decrypts it to the actual marshalled code object of Python. It is a function at RVA 0x254D0. Then we have to deal with the second layer of Py
    2 points
  6. Yes exactly you should always have a good efficient organization system for your files. Documents and source code should even be backed up in a repo or the cloud. Downloads which are not personal and can be regotten should be put in a location you can curate from time to time. Of course certain items which might not be redownload able might need a more permanent backed up place. Apps or libraries can go somewhere easily disposable. Organization is key. It will save you from data loss and from difficulty with migrations. Usually you can delete all the files in the root folder
    2 points
  7. Why not reverse the scenario and ask yourself what it is you want to keep. Then back that up that data somewhere and format the drive. Ted.
    2 points
  8. Whoops you are completely right, I posted my reply to the wrong vmp crackme/unpackme challenge thread. @whoknows has made two threads This one is actually easier, since code is pretty much readable (after you dumped it from memory that is). And yea, the password for this one is indeed "duck" rather than tetris.
    2 points
  9. Its a unpack me file not a crack me, and i don't think you know anything about virtualization.
    2 points
  10. Regexps are not particularly efficient here and simple string operations work much better. Anyways, I made a writeup on my blog (https://lifeinhex.com/deobfuscating-autoit-scripts-part-2/) and made a copy-paste below. Unfortunately, all the hyperlinks are gone and I just can't be bothered to go through each and every one of them. Also - it refers a lot to my old solution of another AutoIt crackme, so I really suggest to check that writeup as well: --------- Almost 4 years ago, I wrote a blogpost about deobfuscating a simple AutoIt obfuscator.
    2 points
  11. awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
    2 points
  12. 11,030 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    2 points
  13. What language is your game written in? There are anti cheat libraries which you can include for your game, such as: AntiCheatToolkit for C# / Unity There are also many areas for cheaters such as loaders, injectors, time adjustors, memory searches / patchers from programs like Cheat Engine, what do you want to target? If everything then I suggest using a library like I suggested or download an open source one and learn from its code 😁
    1 point
  14. romainthomas.fr/post/20-09-r2con-obfuscated-whitebox-part1/ bonus Really Atari ST? - os2museum.com/wp/really-atari-st/ - troll @ sqlite.org/copyright.html -> Buy button -> hwaci.com/cgi-bin/license-step1
    1 point
  15. Yes, this is likely coded in PureBasic... 👍 Ted.
    1 point
  16. PATCH BUTTON IS DEACTIVATED ! exe file is not crunched hi folks, last days i made 2 patches. This one use directX9c. CODE & GFX: inc SOUND: dalezy to run it properly, make sure you have installed DirectX9c latest on your PC Runtime Software RAID Reconstructor v4.40.rar
    1 point
  17. 70 downloads

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. S
    1 point
  18. View File Crypto obfuscator + IntelliLock (Hard) 1- Crypto obfuscator Fake Name Method Hide Calls Encrypt Strings Code Masking 2- IntelliLock Max Settings If you unpack this tell us how you did it and what programs you used. Submitter 2Face Submitted 09/11/2020 Category UnPackMe (.NET)  
    1 point
  19. International Day of The Programmer Free Bundle (Was $143.81) Learn Java 12 Programming Expert Python Programming - Third Edition Beginning C++ Game Programming - Second Edition https://www.fanatical.com/en/bundle/international-day-of-the-programmer-free-bundle Ted.
    1 point
  20. Registration is open
    1 point
  21. I would just like to point out that this is DNGuard Enterprise HVM 3.9.5.1 not 3.9.5.3
    1 point
  22. Since the challenge description allows it, I'm going for the quick serial fish for now Approach:
    1 point
  23. View File DNGuard HVM Try to unpack or alternatively provide the secret key, URL, Name and Address Protections used: DNGuard Enterprice HVM 3.953 Good luck. Submitter Mohd Submitted 09/08/2020 Category UnPackMe (.NET)  
    1 point
  24. github.com/MantechUser/aes-finder bonus businessinsider.com/delete-social-media-phone-parasite-mental-health-instagram-twitter-facebook-2020-9
    1 point
  25. just packer, mutation and refh proxy.
    1 point
  26. reddit.com/r/ReverseEngineering/comments/inet9o/semiautomatic_code_deobfuscation_r2con2020/
    1 point
  27. If the HDD is on a different PC you can try with Hirens boot and if is Win7 i remember i wiped manual system files with the own cd of Win7 which has a utility to manage file explorer without running windows and able to delete anything you want.
    1 point
  28. If it is a slave drive you are going to use for storage then you do not need to keep any files Either select all & delete or format, as long as you leave the partitions intact then it will be accessible as is, however it might be worth checking your partitions to see if there is a Windows recovery partition which you could re-allocate for storage 😀
    1 point
  29. View File VMProtect v3.5.0.1213 Try to unpack or alternatively provide a serial. If there is no solution provided by Saturday 11am (GMT+0) I will attach the same without debugger detection. Protections used: Debugger detection (User-mode + Kernel-mode) Ultra (Mutation + Virtualization) Submitter whoknows Submitted 08/07/2020 Category UnPackMe (.NET)
    1 point
  30. clean mutations to fully complete
    1 point
  31. privacy-watchdog.io/protonmails-creation-with-cia-nsa/ + privacy-watchdog.io/ bonus krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accounts/
    1 point
  32. Create Instance without calling constructor FormatterServices.GetUninitializedObject() will create an instance without calling a constructor. I found this class by using Reflector and digging through some of the core .Net serialization classes. using System; using System.Reflection; using System.Runtime.Serialization; namespace NoConstructorThingy { class Program { static void Main() { // does not call ctor var myClass = (MyClass)FormatterServices.GetUninitializedObject(typeof(MyClass)); Console.WriteLine(myClass.One
    1 point
  33. 1 point
  34. https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator @GameHackerPM @BlackHat To fix delegates, controlflow, and strings here yous go ive made a tool with many comments to help you understand!
    1 point
  35. _PyEval_EvalFrameDefault executes a code object on the Python frame. To dump the code object to a file you need to use PyMarshal_WriteObjectToFile / PyMarshal_WriteObjectToString at an appropriate place within the function. DnSpy has nothing to do with Python. It's just a piece of string inserted there on purpose.
    1 point
  36. Bed_ControlFlow_Remover.rar x86_Retranslater.rar I can't give you the rest of em ( i don't have permission to share them, hope you understand me).
    1 point
  37. You'll probably need to use the "/nodefaultlib" switch. Assuming you used the ZIP file from here: check the make.bat for example command-line.
    1 point
  38. In my opinion that solution will be acceptable only if the tool used is public.
    1 point
  39. It's a really good question. The answer really depends. Let me give you few recent examples. Example #1: Extreme Coders names the tools and explains HOW to solve the crackme. A lot of effort is required but all the tools can be found via Google. So I have zero issues with the solution. Example #2: Prab names the tools but no explanation is given. "x86 retranslater" definitely cannot be found not on Google. "Clean control flow" tells the obvious thing but it doesn't explain HOW to do that. What's the point of such solution? The only thing reader wi
    1 point
  40. a key: i fixed de4dot for new reactor including method decryption, cflow etc... and finally devirt it. there are tutorials about fixing de4dot/devirt in this forum including this topic as well.
    1 point
  41. Steps: 1. Simple MSIL Decryptor by CodeCracker 2. Devirtualization tool i have been working on. .Net Reactor imo has a **basic** to intermediate VM. i suggest you give this a try! Tips on how to start: 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))
    1 point
  42. Who are you to say that it's shit? Have you made an unpacker for it? If you do, you are free to correct me but if you don't you shouldn't make these silly comments, in my opinion.
    1 point
  43. https://github.com/GautamGreat/Scylla_Delphi_Plugin
    1 point
  44. Ok, I have deobfuscated the file. Enjoy i guess. Btw some parts of the file uses "dynamic" so it wouldn't look like just "dynamic" it dnspy. There will be something like callsite stuff cuz that's how the compiler interprets the dynamic data type. sample(2)-SysMathCallFixed-DelegatesFixed-FieldToLocalFix-VarsUnmelted-StringDec_deobfuscated.exe
    1 point
  45. I created this experimental project. I hope someone can be useful. any collaboration and improvement is welcome thank you https://github.com/Pigrecos/Triton4Delphi
    1 point
  46. Hi New Update with more features : https://github.com/Ahmadmansoor/AdvancedScript AdvancedScript version 4.3 https://github.com/Ahmadmansoor/AdvancedScript/releases * Add new commands and fix some bugs * fix error load of the Auto Commands when there is no ; * Fix AutoRun and stepson ( wait command to finish). * Fix color variable name. * Add ReadFile , Write2Mem , ReadMem * Add GoToByBase Form ( https://www.youtube.com/watch?v=gQxlbC8RnRg ) * Assigne variable directly no need to Setx Command. Sample : Varx str,memory // var will hold the hex
    1 point
  47. Please friends, post your knowledge regarding themida x64 unpacking for x64dbg. please post your scripts also.
    1 point
  48. v1.1 Plugin menu not appear. after applied folder seting from also not working after restart. it resets the path OllyDBG.ini.
    1 point
  49. PATCH BUTTON IS DEACTIVATED ! exe file is not crunched hi folks, last days i made 2 patches. This one use OGL. CODE & GFX: inc SOUND: dalezy Runtime Software DiskExplorer For Linux v4.36.rar
    1 point
  50. Herein attached is a modded version of KB/farbrausch's V2M player. Supports win98-me-2k-xp-2k3-vista Has static and dynamic libs for Delphi/VB/VC++/MASM32 Includes library support for PowerBASIC/many others.... Enjoy! V2mPlayer_VB_Delphi.zip
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...