Jump to content
Tuts 4 You

Leaderboard

  1. Xyl2k

    Xyl2k

    Full Member


    • Points

      21

    • Content Count

      127


  2. SychicBoy

    SychicBoy

    Junior+


    • Points

      21

    • Content Count

      11


  3. Kurapica

    Kurapica

    Full Member


    • Points

      20

    • Content Count

      894


  4. Progman

    Progman

    Full Member


    • Points

      10

    • Content Count

      225


Popular Content

Showing content with the highest reputation since 10/27/2020 in Posts

  1. Tango down for 109.201.133.80 (keygens.pro, serials.be, crack.ms) Meanwhile, 54.36.184.139 (crackinns.com, torrentheap.com, crackheaps.com, cracknets.net, cracksnet.net, cracknet.net, keygenit.net, keygenom.net, cracksgurus.com, keygenninja.com, serialms.com, mackeygens.com, mediagetsite.com, get.ziplink.xyz, get.ziplink.stream) are still spreading malware. Abuse sent too, but nothing followed for the moment, so here is some insight about their infra in the meantime (when all else fails, crowbar the fornicationer) Embedded mini-admin panel to administrate the fake sites, allow t
    9 points
  2. I just published my own write-ups on my GitHub, if anyone is interested https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020
    6 points
  3. 5 points
  4. Take my advice... A hard drive is definitely not something to try to save your money upon. You can see how much time you wasted trying to recover the last one? Just not worth it, in my opinion. Avoid seagate drives. They are well known to fail suddenly. Western Digital ones are a lot more reliable. Go for the SERVER versions of the drives if possible (I know, some say that they should not be used for home purposes) but in my experience they last far longer and are more reliable than the usual consumer grade ones. Check out the color codes of Western Digital drives here: htt
    3 points
  5. Those guys must be politicians, the way they justified their dictatorship in removing, it is funny I'm happy it's back, kinda gives a tiny hope that people can still make a change.
    3 points
  6. So you want to download some releases from snd? alright let's see at snd.webscene.ir, the distribution section menu contain a link pointing at hxtps://keygens.pro/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So let's pick something, i don't know, maybe 7-Data.Card.Recovery.1.1.keygen-SND hxtps://keygens.pro/crack/729775/ lol @ description on the page, didn't know reagan was from snd and born in russia Anyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree
    3 points
  7. awesome.vmp35_cracked.exe Every other portion of VMP is removed including CRC etc check. But still it will not run until we fix Delegates. It is still left
    3 points
  8. Hi, thanks for the info.I found this info about some drives.... ....about failures and Seagate are badest and HGST is best. Anyway, I think I will try first another other extern drive and hope that this will work correctly. greetz
    2 points
  9. @GautamGreat: These days I have very limited free time, so I have no plans to write full solutions myself. Maybe I'll make an overview of other solutions and comment on how I approached that specific problem. No promises though.
    2 points
  10. I've never played CTFs before but I was curios when kao posted about it few weeks ago. I'm not a pro reverser like kao or those who do it as a job or as a source of income so my experience was mostly with real life applications and protections, I expected something similar to this field, I mean in how the challenges should be approached, problem with CTFs is that after you solve several ones, you start to develop a pattern on how you should work with next challenges, like those "IQ" patterns questions which are imposed by some recruiters to test your "IQ" ! , solving t
    2 points
  11. Well i haven't looked a lot on keygens.pro as remcos don't really interest me at all, but funny that "if crack not found then get a trojan" i looked a bit more on cracknet.net, and when i was saying "I thinks it's a false positive for 'azorult' malware familly" yep. it appear to be Elysium Stealer/Zeromax Stealer/yahooylo. some log from the vm, that was tried to be exfiltrated to the cnc: related, datas from cnc or just "you got owned bro": 1280×720 jpeg 87,8 kB some stolen logs from a pc, where you can see browser history and also running process with "ke
    2 points
  12. Sure, i gonna release a unpacker for net reactor 6x soon.
    2 points
  13. awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
    2 points
  14. I would be wary of Western Digital drives, in recent times they have not been truthful: https://arstechnica.com/gadgets/2020/04/caveat-emptor-smr-disks-are-being-submarined-into-unexpected-channels/ https://arstechnica.com/gadgets/2020/05/western-digital-gets-sued-for-sneaking-smr-disks-into-its-nas-channel/ https://arstechnica.com/gadgets/2020/09/western-digital-is-trying-to-redefine-the-word-rpm/
    1 point
  15. I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header an
    1 point
  16. I advise you to buy an SSD now, Go for Samsung, I find them reliable and they tend to last for years before you need to replace them. When you get a new SSD, make sure to do a test using the supplied software to ensure all blocks can read and write correctly. SSD are getting cheaper these days and you will like the speed difference when you try it.
    1 point
  17. I meant you can take a snapshot of that drive in case you have important files that you can no longer access. Avoid cheap USB drives at all costs, always go with well known brands even if slightly more expensive.
    1 point
  18. Did you tried h2testw tool: https://www.heise.de/download/product/h2testw-5053 And what is the result?
    1 point
  19. Have a look at this: https://class.malware.re/ - there's a lot of stuff, some really good, some average. But I'm sure you'll be able to learn a lot. Perhaps MalwareUnicorn's trainings are a good place to start. It's a huge investment of time, so I wouldn't expect someone to be available on chat 24/7 just for you. But as Kurapica said, you could ask your questions here, provide as much info as possible, and someone will (eventually) look at it. Cheers, kao. P.S. Don't worry about the grammar.
    1 point
  20. @whoknows @atom0s @notkult The saga continues: https://www.zdnet.com/article/github-reinstates-youtube-dl-library-after-eff-intervention/ "But in a blog post today, GitHub said the library did not actually break Section 1201 of the DMCA, citing a letter it received from Electronic Frontier Foundation lawyers, who to take up the youtube-dl project's case. In the letter, the EFF team explained that Google does not have any technical measures in place to prevent the download of its videos — all of which need to be made freely available to all kinds of apps, browsers, smart TVs, and
    1 point
  21. Again so it is happening with multiple HDDs so its even less and less likely its a hardware error. Some software is a culprit here. I already mentioned a virus infection. Perhaps you have some tool you downloaded that is corrupting things because it is old and incompatible, etc. It will be interesting to know eventually when you do figure out what is trashing your drives. But magnetic drives simple do not write 0s to entire blocks without a software instruction telling them to do just that. Maybe take a look at SysInternals autoruns, run it as administrator and check all the non-Microsof
    1 point
  22. I would use latest tools now Hirens or what have you. E.g. Sergei Strelec Win10PE latest. Some changes to things in the boot partition with later Windows versions might cause MFT damage for example. Your issue requires diagnostics now as you have to prove if software or a defective drive is the issue. Based on your posts it is hard to know. The HDDRegen delay might be normal on sector 0 but in your case sector 0 seems to be the whole issue. That tool has a special repair mode not the one you used but that forces regeneration for a range but probably in the paid version which is not h
    1 point
  23. There are bad sectors in your usb hdd. In my humble experience the only way to use drive with bad sectors is to isolate the bad sectors block with new partition and leave it raw and hidden but if there are too many bad blocks better throw it to the bin.
    1 point
  24. It just means the read took too long on one sector. HDDRegenerator is a great tool for magnetic disks and it can repair bad clusters that occur due to magnetic issues on the surface. Rescan the first sector. That takes a few seconds and you can cancel. The res can it a few more times. If there is something wrong with the first sector of the disk that would explain why you MBR gets messed up. HDDRegen has a mode to repair even if not bad. I suggest you repair the first sector and make sure it shows no delays. You can try Active Partition Recovery now too. It will recover your p
    1 point
  25. Hi, Unmounts the usb drive ( https://www.youtube.com/watch?v=xMqDVeuaujQ) and attach the hdd as an internal sata drive in your computer. Try to put data on it, if you still experience problems with it then the drive is failing, if all ok then the usb external support is the only problem. Good luck.
    1 point
  26. SATA is possibly more reliable because it has a dedicated bus while USB can share on some ports. But ideally it should not matter. Definetly turn off write caching if you are worried or hot unplugging it a lot. Ah I thought you used a partition recovery utility otherwise chkdsk could not do anything with RAW disk. Test disk could have blown the MFT. However you went from RAW to partition is the culprit probably. Again this is just a guess as a single failure of the partition table being corrupt is more likely than a double failure. You can do it again. Just open sector 0 of you
    1 point
  27. You can turn off drive write caching in device manager to make hot unplugging less likely to cause an error. But the partition table/mbr does not get written except when you do special actions. Only a virus might continually try to write such an area of the drive. So the RAW disk you saw is suspicious. The MFT was destroyed by bad partition recovery. Then chkdsk finished the destruction even without running it the game is already lost. Chkdsk just makes painfully clear of that. Too late for Active at that point. Active would have saved your disk in 5 minutes had you started wit
    1 point
  28. saying, backup asap the HDD.. once recognized, run this app to see the health status - carifred.com/cleardiskinfo/
    1 point
  29. This was done using/abusing a known issue on GitHub by being able to submit to any repo if you know a valid members name/email. https://github.com/jayphelps/git-blame-someone-else This was the same exploit used to post the youtube-dl source to the DMCA repo as well. GitHub is aware of the issue and has refused to fix it according to several people already. Guess they may take it a bit more serious now that its consistently being abused against their own repos lol.
    1 point
  30. I have had the EXACT same thing happen with chkdsk trashing my data. This is not due to a bad partition but a bad master file table MFT. If you have a bad MFT, you should recover all data possible with recovery tools before letting chkdsk trash the drive. Some bad partition recovery tools will trash some of the MFT which basically makes it hopeless to ever fix it. Boot sectors and Partitions are very easy to reconstruct by a good tool. But the MFT is life or death. Big lesson about daring to use chkdsk when you suspect a corrupted MFT. Corrupt MFT = big emergency, recover before
    1 point
  31. That is unfortunate. There is no guarantee. It is totally possible that the files were already trashed before chdsk (I'm not really familiar with how it exactly works). Filesystems reserve a portion of the drive (i.e. the superblock) which tracks the files information (name, size, its mapping on the drive, and some other information), so it could the the case that the superblock is still intact, while some other blocks (which contain the files contents) got corrupted/overwritten. Before you use the original HDD anymore, try using some recovery program (may be "recover
    1 point
  32. If you recover with the wrong tool you could end up with big problems e.g. permanent data loss. Active Partition Recovery has been the only one which could recover my data in several instances. https://www.partition-recovery.com/index.html It could be you unsafely unplugged the drive while it was writing these early sectors possibly from having a virus on the system. Boot kit virus can write those sectors often. I doubt it's a SATA or USB issue. You would have to open the case and remount it but what you describe is a HDD level issue. Checking the surface of the disk for errors
    1 point
  33. Hi LCF-AT, I advise you not to focus only on the usb drive, you may recover deleted data from the original disk using some recovery tool (Many videos exist in youtube). Good luck.
    1 point
  34. Would format and test for bad sectors to see if you can rely on it. H2testw is good tool to test first and then scandisk if found bad sectors.
    1 point
  35. Is it a magnetic drive or flash memory or SSD? USB can be any of those. In fact though SSD uses flash it's much higher quality than the cheap flash HDDs. Magnetic drives dont just randomly die one day due to write cycles causing it to become read only and often left in a corrupt state. If course you said a fresh new drive so shouldn't apply. Remounting like Ted suggested is a good idea to narrow down from a USB adapter failure to a drive failure. But partition recovery software might also help. Could be unplugging trashed the partition sectors. Active Recovery software has saved me whe
    1 point
  36. Possibly the adaptor has failed. If it is important data you could open the case to pull out the hard drive. If you have a docking station drop it in there to see if it works. Alternatively try a SATA to USB connector... Ted.
    1 point
  37. Sometimes USB storage show as raw when it is not. Try re-plugging it in different ports. If that was not the case, it could be that the partition table is deleted/corrupted. For that, you might be able to rebuild the partition without losing the data using some tool like TestDisk
    1 point
  38. This is a basic approach example apply on almost all tool protected using vmprotect as suggested by wwh1004 Image 1 - Image 2 -
    1 point
  39. try this WindowsFormsApplication40.rar
    1 point
  40. Is an attempt to catalog, obtain, and make playable every game developed for the DOS and PC Booter platform. Striving to find original media rather than using scene rips. This collection uses a combination of Dosbox and ScummVM to play these older titles on modern systems. All required emulators are included and have been setup to run all included titles with no prior knowledge or experience required on the users part. This pack includes 7,000 DOS games. The focus is on games that were either released in English or are fairly easy to play without a knowledge of the native language. This i
    1 point
  41. the use is to win size, upx is fine and open source.
    1 point
  42. There is it full devirtualized file awsome_unpacked.exe
    1 point
  43. 1) There was nothing new, unlike the old versions, I did not replace the HWID, I just found the button in the NAG and patched the execution result, because the file did not have a constant, it worked. 2) One of the functions was under the virtual machine, not counting the EP. CISC vm is a simple virtual machine and the code was small. mfcapplication1_unpacked.rar
    1 point
  44. .NET Reactor v6.2.0.0 changed a few things. First, they added code virtualization which is not that hard because it's more straightforward than rest of code virtualization implementations that are in the market. You forgot to protect your code with this feature. Secondly, you can now hide your external and internal calls with their new "Hide calling" feature. You can use de4dot standard ProxyCallFixer1 to fix those delegates. Of course firstly you need to read them from initialization method but reading method is already implemented in the base version of de4dot (which is used for resources, s
    1 point
  45. Hi! This is my first post on tuts4 you I hope that this is the right section, if not, please delete this post! Ok so... Few months ago I have made public my internal project called REDasm on GitHub. Basically it's a cross platform disassembler with an interactive listing (but it's still far, if compared to IDA's one) and it can be extended with its API in order to support new formats, assemblers and analyzers. Currently it supports: Portable Executable VB5/6 decompilation . It can detect Delphi executables, a decompiler is WIP. .
    1 point
  46. That code failed for me too. Try step 1 in this tut it works on every .exe I tried. http://www.codeproject.com/Articles/12532/Inject-your-code-to-a-Portable-Executable-file#PEMakerDownloadLink1
    1 point
  47. Thats because there is no ret instruction in all cases inside kernel32. Its a forwarder, but not in all cases and its also different on windows xp. you should use kernel32, since this is the official dll, kernelbase is subject to changes.
    1 point
  48. @AndreiN: UE_APIEND just searches for the first RET instruction and puts a breakpoint there. Just go for UE_APISTART and use StepOut from there (StepOut will trace to the return value). Greetings
    1 point
  49. Hello everyone,Together with cypher I started working on an update for the famous TitanEngine. The main intention for the 'community edition' is bugfixing, but there are also several features added. We want to keep the original function names and arguments of TitanEngine v2, but in some cases the function arguments were for example incompatible with 64-bit systems. Various changes: Fixed hardware breakpoints (various problems in x32 and not working in x64);Fixed memory breakpoints (still needs some checks);Changed exception handling (now only non-debugger-handled exceptions are reported);Fix
    1 point
  50. @LCF-ATFirst, I have to admit I'm a big fan of you. Wonderful work!The test file is from other guy at UnPacKcN. I don't have WL2260, only WL2240 currently. I was a little disappointed that it can be bypassed easily in only two simple steps, even don't need a script. Step One Set a hardware breakpoint at 016058F6(if it loaded at the default imagebase 0x01000000), then F9, click 'OK' to dismiss the popup dialogbox "Name - Company". We will land at the BP where the code has been SMC decrypted: 016058F6 68 A4FD5F00 PUSH 5FFDA4 ; pPCODE(RVA)016058FB 68 97040000 PUSH
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...