Jump to content
Tuts 4 You

Leaderboard

  1. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      47

    • Content Count

      8,993


  2. whoknows

    whoknows

    Full Member


    • Points

      3

    • Content Count

      690


  3. Trong

    Trong

    Junior


    • Points

      2

    • Content Count

      3


  4. ferrit.rce

    ferrit.rce

    Full Member


    • Points

      1

    • Content Count

      48


Popular Content

Showing content with the highest reputation since 11/30/2019 in Files

  1. 13,914 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configurati
    6 points
  2. 471 downloads

    I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. S
    4 points
  3. 420 downloads

    Try to unpack or alternatively provide a serial. Protections used: Necrobit Antitampering Antidebug Obfuscation Code Virtualization + Shield with SNK
    2 points
  4. 329 downloads

    A premier collection of articles compiled by Fly from the now defunct UnPack China forum dated in 2007. Note that most of the content contained in this compilation is in Chinese, you may need to use a translator to fully understand some of the information it contains.
    2 points
  5. Version v1.1 & v2.0 & Sh

    3,255 downloads

    OllyDbg with Plugin + OllyDBG v1.1 + OllyDBG v2.0.1 + OllyDBG Shadow GUI with Vic Plug-In Enjoy !
    2 points
  6. Version 1.1

    43 downloads

    Tracing ASProtect 2 SKE stolen and poly code is very difficult because of lots of short obfuscation jumps. This script written by me makes this code much easier to read and trace. There is some more to be done but i switching to immunity so i can make a better script and remove more code. To use it you should run it at the start of obfuscated code because it will deobfuscate an entire section.
    1 point
  7. Version 1.7

    3,545 downloads

    REPT KeyGen Maker is an utility to make keygens easily without having a programming knowledges. Please report any bug/improve to make it better This is currently done in .NET so will need .NET Framework 3.5 or higher. Thanks for download it!
    1 point
  8. Version 11.10.2017

    69 downloads

    When using OllyDbg as a portable version (e.g. on an USB stick) there are always problems with the UDD/Plugin path not being set correctly. The features: DLL, which sets Plugins, UDD and win32.hlp paths automatically Dummy export so it's easy to add the DLL to your olly mod Open source Attached is DLL + Source, I hope it's useful for somebody. Feel free to modify to your needs, just credit where you think it's needed. P.S. To add the DLL to your mod: Use CFF explorer to add the import "dummy" (which does nothing) to ollydbg.exe, this will execute the DllMain fu
    1 point
  9. 904 downloads

    This is a complete archive (site rip) of all files on Tuts 4 You as of July 2011 except for the malware samples - you will need to download these directly from Tuts 4 You. I have created the torrent as directories and files rather than one archive which gives you the option to download files individually or in categories. The entire collection is 3.69 GB of which some sections may be of little interest to some but you have the option of downloading what you want. This collection will be updated annually so please check at the following link for the official and up-to-date torrent fil
    1 point
  10. 145 downloads

    Today I release - finally - the series of unpacking tutorials about manually unpacking The Enigma Protector. I will discuss all protections of Enigma which are fully detailed as possible. I have to say thanks to LCF-AT, she helped me a lot with this. Introduction ~ 9:28 Unpacking with patterns ~ 33:03 Finding patch-places without patterns ~ 19:56 Dealing with SDK API's & Custom Emulated API's ~ 28:23 Internal & External VM's (Using Plugin) ~ 5:40 Enigma's Registration Scheme ~ 15:37 EN-DE-Cryption ~ 33:21 Inline patching + Final Wo
    1 point
  11. Version 1.8

    2,976 downloads

    OllyExt is a plugin for Olly 2.xx debugger. The main intention of this plugin is to provide the biggest anti-anti debugging features and bug fixes for Olly 2.xx. VMProtect support! The currently available commands are the following: Code Rip to Clipboard Code Rip to Clipboard Recursive Data Rip to Clipboard Signature Rip to Clipboard The currently supported protections are the following: IsDebuggerPresent NtGlobalFlag HeapFlag ForceFlag CheckRemoteDebuggerPresent OutputDebugString NtClose SeDebugPrivilege
    1 point
  12. Version 1.1

    63 downloads

    Improved LoadDLL for use with OllyDbg. It uses LoadLibraryEx with DONT_RESOLVE_DLL_REFERENCES to load the dll without calling DllMain.
    1 point
  13. 100 downloads

    A x86/Win32 reverse engineering cheat-sheet.
    1 point
  14. 81 downloads

    This tutorial will explain how to use the Execute Till User Code function to trace MessageBoxes in Delphi, which is a little different than other programming languages. I try to explain it in a way beginners can understand it! I hope you will enjoy this tutorial, and that will come in handy once!
    1 point
  15. 43 downloads

    This tutorial aim is show some simple techniques that can be used to reverse and patching Java target, a first classical approach will be about the class decompilation with JAD and JODE decompiler, then we can move into the JVM (Java virtual machine) analysis and deeper into the bytecode analysis and patching. In order to fix some concepts a simple Java CrackMe will be explored trough decompilation with the presented tool and bytecode patching by using IDA and Hex Editor. Of course this topic isn't new and was also covered into the past by other, but this essay will just point some well k
    1 point
  16. 89 downloads

    This is my 2nd tutorial for BiW-Reversing that will discuss about MUP with ollydbg + ollydump. BTW, my 2nd tute should be about the truth lies behind a keygen. But i need more time to get as much as ideas to discuss about it deeply. For this tute, i just want to unpack UPXed file and as a bonus, FSG 1.33 packed one. I assume the reader has a little knowledge about PE like Entry Point (EP), Original Entry Point (OEP) in packed PE executables. BTW, I want to recommend you to read 'Peering Inside the PE: A Tour of the Win32 Portable Executable File Format' by Matt Pietrek, but other manual/docs a
    1 point
  17. 31 downloads

    This project I made by myself, because I needed to constantly consult the opcodes to several of the assembly codes at the same time, wasting my attention from what I really needed to accomplish. Now with only one opened window I have access to all opcodes that I use when I am working in reversing engineering or developing, I hope it is useful for you. If you have some opcode that you want that I place in this help file, please send the text file. Intel 8086 Family Microsoft .NET Java SQLite
    1 point
  18. 29 downloads

    The default windows API functions to load external libraries into a program (LoadLibrary, LoadLibraryEx) only work with files on the filesystem. It's therefore impossible to load a DLL from memory. But sometimes, you need exactly this functionality (e.g. you don't want to distribute a lot of files or want to make disassembling harder). Common workarounds for this problems are to write the DLL into a temporary file first and import it from there. When the program terminates, the temporary file gets deleted. In this tutorial, I will describe first, how DLL files are structured and will pres
    1 point
  19. 29 downloads

    Serial fishing CloneTrone KeygenMe #1. Level for beginners.
    1 point
  20. 195 downloads

    I created a video tutorial where you can see how to use my script. I also added some UnpackMe's which you can also test. If something not works then post a reply in my topic.
    1 point
  21. 19 downloads

    A quick video tutorial on keygenning TccT KeygenMe #2 by Tarequl.
    1 point
  22. 17 downloads

    Video tutorial on keygenning Kurapica KeygenMe 2011.
    1 point
  23. 23 downloads

    A Shockwave Flash movie tutorial showing a method of keygenning Kurapica's CrackMe #15. It includes the source code for the keygen.
    1 point
  24. 21 downloads

    I made a video presenting an interesting keygenme. In this video you can see what is done and how is done to reverse a keygenme. If is too fast please press pause. Steps: 1. Running for the first time the keygenme 2. Detecting protection 3. Unprotecting 4. Analyse of the algo 5. Creating the keygen in VB. NET Express 2010 6. Bug testing 7. Finalising keygen 8. Testing keygen Hope someone will find this useful.
    1 point
  25. 18 downloads

    A video tutorial on keygenning BadSector CrackMe #1.
    1 point
  26. 20 downloads

    A video tutorial on keygenning CloneTrone KeygenMe #1.
    1 point
  27. 44 downloads

    RSA Tutorial 01 - Keygenning RSA RSA Tutorial 02 - Serial Fishing RSA RSA Tutorial 03 - How to Find RSA Primes
    1 point
  28. 25 downloads

    A Shockwave Flash movie tutorial showing a method of keygenning a simple KeygenMe. Example code is in Delphi.
    1 point
  29. 27 downloads

    MD5 Keygenning (Part 1) MD5 Keygenning (Part 2)
    1 point
  30. 162 downloads

    Again I have written a new script called "TM - WL HWID & BASIC Inline Patcher 1.0" So maybe you have sometime trouble to unpack a TM / WL app and for this case I have written this new script. It writes the Inline automatically {+ addresses adjustment} & HWID Inline too if needed.For a HWID app you have just to find the jump address to attack for this you can use my older Unpacker script to get the data which you have to fill in the inline.So I don´t want to explain now all here on this post so watch the 3 movies and do it too.If something not works or you have some trouble with s
    1 point
  31. 189 downloads

    The goal of this project is to create a .NET decompiler. Decompiler is a tool that translates machine code back to source code. That is, it does the opposite of a compiler – it takes the executable file and it tries to recreate the original source code. In general, decompilation can be extremely difficult or even impossible. Therefore this project focuses on something slightly simpler – decompilation of .NET executables. The advantage of .NET executables is that they consist of processor independent bytecode which is easier to decompile then the traditional machine code because t
    1 point
  32. 95 downloads

    This article is the obvious culmination of the previous effort of writing the Rebel.NET application and the first of a two series of articles about the .NET framework internals and the protections available for .NET assemblies. The next article will be about .NET native compiling. As the JIT inner workings haven't been analyzed yet, .NET protections are quite naïf nowadays. This situation will rapidly change as soon as the reverse engineering community will focus its attention on this technology. These two articles are aimed to raise the consiousness about the current state of .NET protection
    1 point
  33. 116 downloads

    In patching .Net, you could disassemble/decompile the executable with ildasm and when done patching you would assemble/compile it again with ilasm. In this tutorial I will show you how to patch the executable with hex editor.
    1 point
  34. 94 downloads

    .NET Reversing Tips - Chapter 1 .NET Reversing Tips - Chapter 2 .NET Reversing Tips - Chapter 3 .NET Reversing Tips - Chapter 4 .NET Reversing Tips - Chapter 5 .NET Reversing Tips - Chapter 6
    1 point
  35. 83 downloads

    You may wonder why I have chosen this topic, why write a tutor on .net components? Technically a .NET component is not different from an executable assembly, I mean that both are compiled to MSIL and you can usually view the source in Reflector and other tools, but when it comes to commercial components you have to understand that more and more complicated protection schemes are being implemented to protect them, and after analyzing many products I found so many points that all these components share to protect themselves. The second reason that pushed me to write this tutor is that
    1 point
  36. 49 downloads

    Decompilation is the process of converting executable binary code ready for execution on a physical or virtual machine into comprehensible high-level language code. Typically compilation has been to the instructions executed by the CPU of the target architecture, e.g. x86, ARM etc. Another possibility is to compile to an intermediate 'virtual machine', which then interprets each instruction one at a time or compiles it to the underlying machine code in a process known a Just In Time compilation (JIT). One of the earliest examples of this is the O-code machine, developed by Martin Richards
    1 point
  37. 91 downloads

    Sometimes after you manual unpack a .NET program when you run the program will complain that some dlls are missing, we simply get .NET dlls using a .NET Generic Unpacker (also we could dump the memory of them from Olly) while native dlls are still missing. This tutorial will teach you how to dump native dlls from any .NET packed program. The basic rule: we should stop when the dll is under memory and we should dump the dll before is executed the entry point of him; is not absolutely necessary to stop exactly at entry point of dll.
    1 point
  38. 150 downloads

    This easy tutorial will teach you how to unpack various DotNet packed files.
    1 point
  39. 98 downloads

    As you know, the main purpose of using packers was to decrease the size of executable files, but nowadays most of packers are protectors too! For 32bit packed executables, reversers usually use OllyDbg to unpack them, but OllyDbg is only able to debug 32bit PE files. So what we can do in case of .NET targets? In this short article you'll see how to unpack .NET EXEs in few steps using great OllyDbg. Believe me, it's piece a cake.
    1 point
  40. 74 downloads

    Anti-unpacking tricks can come in different forms, depending on what kind of unpacker they want to attack. The unpacker can be in the form of a memory-dumper, a debugger, an emulator, a code-buffer, or a W-X interceptor. It can be a tool in a virtual machine. There are corresponding tricks for each of these, and they will be discussed separately. - A memory-dumper dumps the process memory of the running process, without regard to the code inside it. - A debugger attaches to the process, allowing single-stepping, or the placing of breakpoints at key locations, in order to stop executi
    1 point
  41. 42 downloads

    Anti-debugging is the implementation of one or more techniques within computer code that hinders attempts at reverse engineering or debugging a target binary. Within this paper we will present a number of the known methods of anti-debugging in a fashion that is easy to implement for a developer of moderate expertise. We will include source code, whenever possible, with a line by line explanation of how the anti-debugging technique operates. The goal of the paper is to educate development teams on anti-debugging methods and to ease the burden of implementation.
    1 point
  42. 167 downloads

    The Immortal Descendants started out as members of an IRC group on irc.prodigy.net called "Deadmen.Society" way back in 1995. As we gained skills, we realized that there were better, and more productive ways to spend our time. We (TR0YB0Y, Volatility, Raven, Mortis, Yakuza) left the Deadmen.Society and formed a new group, with new principles and theologies under the name "Immortal Descendants". Our goal for this new group, was a collective for friends to learn, and showcase their talent together. Things were good for awhile, but people lost interest, and three of the founding members, Yak
    1 point
  43. Version 2.2

    589 downloads

    Bundle of .NET tools! Main reason is to defeat strong name validation, on the other hand third party tools merged! ACorns.Hawkeye Is the only .Net tool that allows you to view, edit, analyze and invoke (almost) any object from a .Net application. Whenever you try to debug, test, change or understand an application, Hawkeye can help. CFF Explorer-NTCore Designed to make PE editing as easy as possible, but without losing sight on the portable executable's internal structure. HwndSpy-dp0 Is an invaluable tool for developers doing maintenance on GUI applica
    1 point
  44. Version 1.0.0

    57 downloads

    Hello friends. I try to prepare a classic logo for the forum. -Feel free to use in your projects or documents. I hope you will like it. note:Source file only xcf format. for GIMP. sory for photoshop users. Detailed previw ( click to support button in forum page.)
    1 point
  45. 586 downloads

    Turntableized Skin...
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...