Leaderboard
Popular Content
Showing content with the highest reputation since 03/13/2021 in Posts
-
No, it really isn't. It stops 10-year olds from running ready made tools, and that's about it. Password is: There are 3 ways to solve it: Easy way (1/10) : open file in hex editor, check the strings and find solution there. Slightly harder (2/10): run crackme under any tracer/profiler, see what functions it calls, see correct string as one of the parameters. "Extremely hard" (3/10): open DnSpy and Visual Studio and fix OldRod source code. You'll need like 5 minutes for that. 1) Compare original KoiVM method handlers with DiamondVM method handlers:8 points
-
Hello, I unpacked the file completely (including VM). Here is how I did it (simplified a bit): 1. After a bit of analysis we can notice that Agile.NET hooks into the Just In Time compiler in order to restore the method code. This can be undone by hooking into the JIT before Agile.NET. 2. Update de4dot to be able to remove simple protections like string encryption, control flow, and reference proxy. This just requires you to update some detections. 3. Spend some time analyzing Agile.NET VM, we find out that it's VM is somewhat different to others as it creates "combined" handlers7 points
-
Very simple example, just to show the idea.. static void Main(string[] args) { using (var module = ModuleDefMD.Load(args[0])) { foreach (var type in module.GetTypes()) { foreach (FieldDef field in type.Fields) { // this will change all string constant values to "kao". Make sure to fix the `if`!!! if (field.HasConstant && field.ElementType == ElementType.String) { field.Cons4 points
-
There's the WinDivert library which allows you do all of this. WinDivert is in C but there are bindings for bindings for Python & C#. You can check the source code of Clumsy which uses utilizes WinDivert to selectively modify the packets. It's in C. There's also the now discontinued flare-fakenet-ng which uses the Python bindings - pydivert. https://reqrypt.org/windivert.html http://jagt.github.io/clumsy/ https://github.com/fireeye/flare-fakenet-ng3 points
-
This code and accompanying article is worse than most ConfuserEx mods written by script kiddies... Where do I start? Holy f*ck, have you ever heard of things you should never ever do inside DllMain? Loading another DLL from DllMain is one of the basic ones - it virtually guarantees a deadlock. "DLL hook"... You mean DLL name? Like, I don't know... a string? Not since year 2018... And it's called "Detours" And the cherry on the top! Just 4 problems in 9 lines of code! Must be a world record or something! 1) if CreateRemoteThread fails, ch3 points
-
Example code just to get you started: using (var module = ModuleDefMD.Load(args[0])) { foreach (var type in module.GetTypes()) { foreach (FieldDef field in type.Fields) { // this will change all byte[] field values to my own. Make sure to fix the `if`!!! if (field.HasFieldRVA && field.InitialValue != null) { byte[] fake = new byte[] { 0x6B, 0x61, 0x6F }; // it'2 points
-
you can still install latest flash version and patch Flash32_32_0_0_465.ocx, NPSFW32_32_0_0_465.dll/NPSFW64_32_0_0_465.dll 0FC4F07E DC1D D0018B10 FCOMP QWORD PTR DS:[108B01D0] 0FC4F084 DFE0 FSTSW AX 0FC4F086 59 POP ECX 0FC4F087 59 POP ECX 0FC4F088 F6C4 01 TEST AH,1 0FC4F08B 75 05 JNZ SHORT Flash32_.0FC4F092 0FC4F08D 33C0 XOR EAX,EAX 0FC4F08F 40 INC EAX 0FC4F090 EB 02 JMP SHORT Flash322 points
-
Hi, I tried Vpn and switched to Germany, it appeared a window like this. My solution is 1.https://chrome.google.com/webstore/detail/tampermonkey-beta/gcalenpjmijncebpfijmoaglllgpjagf?hl=en 2.https://greasyfork.org/de/scripts/412178-youtube-dismiss-sign-in Installing both of these will windows popping up no longer interfering. I've tested it myself, so I'm telling you.2 points
-
1. If you want to try the library capstone is not essential (used for tests with opaque predicates), the library is still available here https://github.com/Pigrecos/Capstone4Delphi 2.I have not tried but with small adjustments (which unfortunately I do not have the time to do ...) it is certainly possible and quite simple (it is always pascal)2 points
-
alright, here is some remix of my favourite chiptune so i can use it on the next keygen/patch templates. the original song is called "next 2 me" by crome , thanks to LHS for some samples (the leads , the bass and the c64 drum) . plus, it's also dedicated to all my high school friends that i miss them so much ever since i left Romania . UPDATE: sorry guys , i found out actually that the bass lead was actually too loud and i can barely hear the sample no.4 so i had to amplify it with 75-80% to sound a little better so here is the newer version . prfkeygens.xm2 points
-
another crack template i've made today. it was initially for Speed Video Converter 4.4.9, but i couldn't find any setup for this because all the download links i've found on different arabic and iranian shareware sites are totally dead. so the patch engine is not included. i did wrote the offset patch engine for it tho. xm by zalza (modified by me with same semitones as the original song from Europe) btw on KeygenTemp17 , i’ve noticed again that i forgot to wrote that it was used bassmod not MagicV2mEngine , on “10x go 2” section (good grief why am i supposed to forget to2 points
-
https://blog.malwarebytes.com/careers/2021/03/careers-in-cybersecurity-malwarebytes-talks-to-teachers-and-students/ Ted.2 points
-
Hell, no! That description was horrible. To be able to help you, one needs to see the code that's not working and know exactly what you're doing and what you're trying to achieve. As always, I shall refer to the classics: https://www.chiark.greenend.org.uk/~sgtatham/bugs.html#showmehow Given the description, I can only try to *guess* what you meant, what you did and what you need. So, I guess that this might solve your problem: 1) LVN_MARQUEEBEGIN will notify you that listview selection is starting. When you get this notification, you set some global flag; 2) Now when you get1 point
-
Hi guys, so I noticed few days ago that YT has changed again something to ask about cookies and does now redirect the YT link to this... https://consent.youtube.com/m?continue=https://www.youtube.com ...each time / everyday to ask about cookie stuff etc.So this is really uhhmmmm!!!You know, I could puke around.I don't wanna see & get that shit NAG each time / browser call (cookie clean) and choose and accept or turn On/Off that options.So before I didnt got that too so why now?My question now is whether anyone found already a way / method to bypass this redirection cookie NA1 point
-
This is working for me to block the YT signin using GreaseMonkey // ==UserScript== // @name Youtube Signin Block Script 512826 // @version 1 // @grant none // ==/UserScript== // SentinelJS is a JavaScript library that lets you detect new DOM nodes const sentinel = function(){var e,n,t,i=Array.isArray,r={},o={};return{on:function(a,s){if(s){if(!e){var f=document,l=f.head;f.addEventListener("animationstart",function(e,n,t,i){if(n=o[e.animationName])for(e.stopImmediatePropagation(),t=n.length,i=0;i<t;i++)n[i](e.target)},!0),e=f.createElement("style"),l.insertBefore(e,l.firstChild),1 point
-
https://torrentfreak.com/denuvo-we-are-passionate-gamers-and-guarantee-we-dont-slow-games-down-210404/ 🙄1 point
-
same kind of shit happened to me, on TC with their kind of nag announcement who wont go away till you have the good cookie, so i made a script to fix the problem ith greasemonkey, shared it, and and got a warning on their forum for 'hacking with script' lmao.1 point
-
Yes I would expect a lot more of this. GDPR caused a bit of chaos on a lot of websites for EU users but it motivates perhaps more general changes in anticipation of laws changing elsewhere. I still cant access some news websites in the US on an EU IP. Clearing cookies is no longer really a great idea anyway for all sites. Really you should whitelist the sites you want to preserve state with and clear the rest. Most of us don't use so many sites and practically speaking everyone is limited by time and energy of maintaining account registrations, etc so it's not a lot to whitelist some doma1 point
-
Its the EU user consent policy that Google has to comply with. You may see this type of thing popping up more often because you live in the EU. Some options, use a VPN to make it appear you are outside of the EU. Alternatively use one of the annoyance filters that come with adblock; Fanboy, AdGuard, etc. Ted.1 point
-
@LCF-ATgive a try @ ghacks.net/2020/09/27/how-to-deal-with-googles-and-youtubes-aggressive-popups-before-you-continue-sign-in/ -- youtube.com/watch?v=msoOdQID60I can be @ yt.dorper.me/watch.php?v=msoOdQID60I invidious.snopyta.org/watch?v=msoOdQID60I ;)1 point
-
"...each time / everyday to ask about cookie stuff etc.So this is really uhhmmmm!!!You know, I could puke around. I don't wanna see & get that shit NAG each time / browser call (cookie clean) and choose and accept or turn On/Off that options..." ========== I totally agree! I was also looking for something like the "no redirects" add-on, but so far I'm just ignoring Google , or at least trying to ... :-)1 point
-
Using an extension for modern browsers like StyleBot, you can fix it yourself with some basic edits. The syntax parser the forum uses is fairly bad/basic, so a very basic CSS edit/override works fine. Here's mine: @media screen { .str { color: #CC7645 } .kwd { color: #569CD6 } .com { color: #57A64A } .typ { color: #79D8FE } .lit { color: rgb(179, 201, 101) } .pln { color: #9A9A9A; } .pun,.opn,.clo { color: #A2B3AE } } I only targeted C/C++ language type tags that were t1 point
-
you can also try to play around with https://github.com/anatolikalysch/VMAttack1 point
-
Well I went back to white default mode because the code tag with purple and dark red in dark mode is not goo at all, i rather burn my eyes with white mode1 point
-
Here's a good tutorial about static devirtualization of a simple VM: https://www.msreverseengineering.com/blog/2018/1/23/a-walk-through-tutorial-with-code-on-statically-unpacking-the-finspy-vm-part-one-x86-deobfuscation http://www.msreverseengineering.com/blog/2018/1/31/finspy-vm-part-2-vm-analysis-and-bytecode-disassembly http://www.msreverseengineering.com/blog/2018/2/21/finspy-vm-unpacking-tutorial-part-3-devirtualization1 point
-
https://www.codeproject.com/articles/13368/multiple-consoles-for-a-single-application https://codereview.stackexchange.com/questions/195157/using-multiple-console-windows-for-output1 point
-
1 point
-
How COVID-19 affects the brain eurekalert.org/pub_releases/2021-03/jn-hca032521.php jamanetwork.com/journals/jamapsychiatry/fullarticle/27780901 point
-
This! You have defined 3 patches, all of them 1 byte in size. But you apply only 2 patches, each 2 bytes in size. Makes no sense.1 point
-
1 point
-
1 point
-
You should then take a look at Akamai's anti bot. They use machine learning principles and one of their biggest defense is mouse movement analysis.1 point
-
Then you could code your own, wireshark uses WinPcap library, you could code whatever you need using that library so you dont have to code a driver too1 point
-
this is the most creepiest and spookiest keygen template i've ever made. the keygen algo is removed tho. the image from the aboutbox is actually Gurgles' face (from "Gurgles and Bugman" creepypasta). v2m by Little bitchard (if this music is too loud for you because of the beeping then sorry) btw thanks to Xylitol for reminding me that this v2m library with replay-function still exists on this forum KeygenTemp21.zip1 point
-
1 point
-
another keygen template i've made today . this was actually a keychooser because translating some algos from delphi to assembly will take so much time and i'm kinda bit lazy to do that, maybe these days idk :E xm by Nemo . (lead samples edited by me for this keychooser) ( sorry for the double-post , my laptop is sometimes working a bit slow , but i am looking forward to get a powerful video-editing i7/i9 chassis ) KeygenTemp6.zip1 point
-
here's some keygen template i've made about 1 week and 5 days ago. the keygen algo is not included in the project. v2 music by darkman007. KeygenTemp5.zip1 point
-
here's the crack template i've made 3 days ago . patch engine is not included in the project of course . and there's a bug in the WEB field, when you click once on the app's link, it won't color blue when you hover it. xm by dubmood (modified a little by me for this crack) btw the R logo comes from a basketball team from NBA called Houston rockets (chose this because it perfectly fits with that keygen style i have) CrackTemp4.zip1 point
-
here's the keygen template from the first pic. the keygen algo is removed from the project. xm by zalza (low-pitched by me to sound better for the kg) KeygenTemp4.zip1 point
-
here's another crack template i've made, although i didn't include it in my topic above (actually made it today) no patch engine included in the project. xm by stalker (modified its finetune just to sound better for the crack) CrackTemp3.zip1 point
-
here's the keygen template from image no. 3. the keygen algo is removed from the project. music by Freefall (cover for Captain jack song) KeygenTemp3Updated.zip1 point
-
here are the keygen templates from images no. 2 and 4. the keygen algos are disabled and removed from the projects. v2m by Soft maniac . xm by LHS (modified finetune to sound better for the keygen) GRUiA neinfricatul means in romanian GRUiA the brave . KeygenTemp1.zip KeygenTemp2.zip1 point
-
here is also the crack template from image no. 7. no patch engine included in the project. xm by graff (modified by me just to sound better for this crack temp) CrackTemp2.zip1 point
-
alright, here's the crack template from image no.6 . no patch engine included (or added) in the ASM project. more coming up music by icefall . CrackTemp1.zip1 point
-
Why was SychicBoy's post accepted by moderators? * Code is not devirtualized at all, see Form01.method_2. That's not a properly unpacked file. * Correct serial is not provided either. There's just a simple patch which disables serial check - so, neither of unpackme's goals are achieved.1 point
-
1 point
-
this is my project for porting keras(Deep Learning for humans http://keras.io/) to delphi https://github.com/Pigrecos/Keras4Delphi Keras4Delphi is a high-level neural networks API, written in Pascal with Python Binding1 point
-
how to do Break at OEP of Enigma, and dump binary with Mega Dumper?1 point
-
1 point
-
Newsletter