Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      207

    • Content Count

      2,380


  2. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      155

    • Content Count

      8,991


  3. CodeExplorer

    CodeExplorer

    Moderator


    • Points

      141

    • Content Count

      3,116


  4. Kurapica

    Kurapica

    Full Member


    • Points

      140

    • Content Count

      894


Popular Content

Showing content with the highest reputation since 11/25/2019 in Posts

  1. awesome_msil_Out.exe Approach: 1. Necrobit is a jit protection, so we use Simple MSIL Decryptor by CodeCracker , and it shall be ran on NetBox 2. Code virtualization is a relatively new feature of .net reactor, added in version 6.2.0.0. Here is the approach i took (i did this about 6 months ago so my memory is kinda rusty ) : (Click spoiler to see hidden contents)
    17 points
  2. .NET Reactor v6.2.0.0 changed a few things. First, they added code virtualization which is not that hard because it's more straightforward than rest of code virtualization implementations that are in the market. You forgot to protect your code with this feature. Secondly, you can now hide your external and internal calls with their new "Hide calling" feature. You can use de4dot standard ProxyCallFixer1 to fix those delegates. Of course firstly you need to read them from initialization method but reading method is already implemented in the base version of de4dot (which is used for resources, s
    12 points
  3. So you want to download some releases from snd? alright let's see at snd.webscene.ir, the distribution section menu contain a link pointing at hxtps://keygens.pro/ Super, looks like there a lot of cracks over here! and the site is virus free, right? So let's pick something, i don't know, maybe 7-Data.Card.Recovery.1.1.keygen-SND hxtps://keygens.pro/crack/729775/ lol @ description on the page, didn't know reagan was from snd and born in russia Anyway we got redirected on a download page after clicking 'Download only Keygen' button, we have to fill a captcha and agree
    10 points
  4. Tango down for 109.201.133.80 (keygens.pro, serials.be, crack.ms) Meanwhile, 54.36.184.139 (crackinns.com, torrentheap.com, crackheaps.com, cracknets.net, cracksnet.net, cracknet.net, keygenit.net, keygenom.net, cracksgurus.com, keygenninja.com, serialms.com, mackeygens.com, mediagetsite.com, get.ziplink.xyz, get.ziplink.stream) are still spreading malware. Abuse sent too, but nothing followed for the moment, so here is some insight about their infra in the meantime (when all else fails, crowbar the fornicationer) Embedded mini-admin panel to administrate the fake sites, allow t
    9 points
  5. 9 points
  6. 8 points
  7. What makes you question either of these? Private: There are occasionally some techniques, practices (and tools) kept private to stay ahead of the game. Nothing has changed much over the years in this regard as far as I can tell. Knowledge: As @kao already mentioned most of the core techniques and information is out there to be discovered (in these forums for example). It only needs a willing and proactive individual to expand and develop on this information. As everyone seems to have their own blog (or YouTube channel) these days these generally seem to be the new format for tutorial
    8 points
  8. Here are some of my keygen/crack GFX's / templates i've made on photoshop + WinASM studio these days : (1) https://imgur.com/vS71RaO (2) https://imgur.com/3fWUf30 (3) https://imgur.com/5YfB8Xg (4) https://imgur.com/2Bt54Ne (5) https://imgur.com/fDC4FfK (6) https://imgur.com/p4TBQ4J (7) https://imgur.com/gNOgPnR (8) https://imgur.com/vkwSQ01 Please note that PERYFERiAH team is not a warez group. It is actually a vlogging team since i was making vlogs in high school in the past. And the people of the PERYFERiAH (PRF for short) were actually my
    7 points
  9. Fun challenge. I went for finding just the key algorithm rather than fully devirtualizing, but the code is pretty clear. Here some sample keys: Approach: Keygen.7z
    7 points
  10. Sure, i gonna release a unpacker for net reactor 6x soon.
    7 points
  11. I just published my own write-ups on my GitHub, if anyone is interested https://github.com/Washi1337/ctf-writeups/tree/master/FlareOn/2020
    6 points
  12. @XenocodeRCE: I have a huge respect for you as a RE guy but now you're just being a d*ck. If you have some personal issues with mamo/localhost0/whatever he calls himself this week, please resolve them privately and don't make a huge public drama out of it. No matter how I count, it's 3 months and 2 days max. If you're gonna whine, at least get your facts right. Umm, no. The requirement from law is to react on any reported copyright infringements, not to actively run around and search for any possible issues. See DMCA 512(c). So, if admins ignored a properly re
    6 points
  13. https://mega.nz/file/xgonHADA#6-giBWOZXfODm7sLFAMzuCH9L2uQz4sL_9NNBlDkLTM - for those who don't want to fill in the stupid questionnaire with company email address, job position and what not. https://mega.nz/file/Nt4xSaoK#jRcuuuM2vS77DM9Y-KuT4UQUKiYIEl0KkKd6Cp9t7hE - code samples that TheHackersNews forgot to include. Book tries to cover very wide area of topics - from Windows to .NET to Linux, IoT, iOS, Android and shellcodes. By doing so, it fails to cover any of the topics in sufficient details. So, it's a "Jack of all trades, master of none".
    6 points
  14. https://github.com/ribthegreat99OrN0P/Agile.NET-Deobfuscator @GameHackerPM @BlackHat To fix delegates, controlflow, and strings here yous go ive made a tool with many comments to help you understand!
    6 points
  15. I am referring to threads and posts like these: If a solution is selectively provided only to the OP by PM then it defeats the whole purpose of the Crackme/Unpackme section. In such cases, the solution provider should not even be acknowledged unless they provide working steps for everyone to learn from. This forum is a learning platform and if solution providers are expected to share the methodologies that they used for the solution. Here is yet another thread where the posts from the solution providers who gave vague steps was approved: Basically another thread containin
    6 points
  16. Is this a hidden feature of the protection or does the app just not work?
    6 points
  17. It might have a few weird instructions since i'm new to this Crackme-cleaned-Devirtualized2.zip Info: This is the first version of eaz that i analyze so i can't say how 2019.x is different from 2020.1 but its definitely not uncrackable Steps i took (as i should have included since the beginning): 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original
    6 points
  18. here is my production of face shields, already 200 dispatched around my town to local hospital, liberal nurses, etc...
    6 points
  19. https://github.com/GautamGreat/Scylla_Delphi_Plugin
    6 points
  20. 5 points
  21. Info: https://www.reddit.com/r/windowsxp/comments/iz46du/the_windows_xp_source_code_has_been_leaked_on/ Most of the torrent includes previous leaked data/files. But now claims to include the full source to Windows XP (looks like SP1 based on pics people have posted). If you plan to download this (42gig torrent) I'd seriously recommend a VPN.
    5 points
  22. Regexps are not particularly efficient here and simple string operations work much better. Anyways, I made a writeup on my blog (https://lifeinhex.com/deobfuscating-autoit-scripts-part-2/) and made a copy-paste below. Unfortunately, all the hyperlinks are gone and I just can't be bothered to go through each and every one of them. Also - it refers a lot to my old solution of another AutoIt crackme, so I really suggest to check that writeup as well: --------- Almost 4 years ago, I wrote a blogpost about deobfuscating a simple AutoIt obfuscator.
    5 points
  23. In my opinion that solution will be acceptable only if the tool used is public.
    5 points
  24. This is really the key point that probably should be the requirement for a post to be accepted. A solution should be reproducible, not a list of private tools that are used. Private tools are, as their name implies, private, and by definition that means it is everything but reproducible (unless this tool is shared with the reader of the solution). The only person benefiting from such a reply is the respondent themselves in the form of an ego boost. Not very productive if you'd ask me.
    5 points
  25. It's a really good question. The answer really depends. Let me give you few recent examples. Example #1: Extreme Coders names the tools and explains HOW to solve the crackme. A lot of effort is required but all the tools can be found via Google. So I have zero issues with the solution. Example #2: Prab names the tools but no explanation is given. "x86 retranslater" definitely cannot be found not on Google. "Clean control flow" tells the obvious thing but it doesn't explain HOW to do that. What's the point of such solution? The only thing reader wi
    5 points
  26. a key: i fixed de4dot for new reactor including method decryption, cflow etc... and finally devirt it. there are tutorials about fixing de4dot/devirt in this forum including this topic as well.
    5 points
  27. Steps: 1. Simple MSIL Decryptor by CodeCracker 2. Devirtualization tool i have been working on. .Net Reactor imo has a **basic** to intermediate VM. i suggest you give this a try! Tips on how to start: 1 Learn how CIL works / CIL fundamentals (there are some nice ebooks that i can't link here ) 2 Learn how the assembly reader/writer of your choice works (dnlib for example) 3 Learn how a simple VM works ( https://github.com/TobitoFatitoNulled/MemeVM (the original creator of this vm left so this is a fork to keep the project alive))
    5 points
  28. What's the point of this? You ran my file under de4dot and repost it? i can recognise my file ya know, i intentionally left this out (i haven't finished local types yet but i manually set the third local to int32) + i added 9 locals when only 3 get used
    5 points
  29. Almost unpacked! I was only not able to remove the Delegates and the Control flow. What I removed is: - Anti Tamper (manually; the easiest way consists in finding the call to the anti tamper method (which can be identified by looking at ConfuserEx's source code), setting a breakpoint just after (so that the anti tamper method decrypts the CIL code) and getting the decrypted module in the "Module" section of the dnSpy debugger) - Hide Methods (https://github.com/illuZion9999/Rzy-Protector-V2-unpacker/blob/master/Rzy Protector V2 Unpacker/Protections/Hide Methods.cs (not really re
    5 points
  30. Console example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript https://github.com/horsicq/x64dbg-Plugin-Manager
    5 points
  31. Not necessary to unpack to get the key. Key: Steps :
    5 points
  32. Hello guys, I'm proud to announce the beta release of AMED (an Advanced Machine Decoder). It's extremely fast, lightweight and supports the following architectures : - x86(with all its extensions including xeon instruction set). - aarch32(arm, thumb, neon, ARMv8+). - aarch64(with all its extensions including SVE). I also released the new version (v3) of opcodesDB. https://github.com/MahdiSafsafi/AMED https://github.com/MahdiSafsafi/opcodesDB What do you think guys ?
    5 points
  33. I think that to add to this, many apps worth reversing nowadays tend to use more sophisticated techniques in the past. In older times, things could be cracked often in mere minutes which was a motivating factor. Most people start with a target in mind, and their patience to learn is quite thin. Nowadays, you may have to learn to unpack, advanced cryptography, anti-debugger techniques, details of security permissions, etc. Windows itself has evolved into a much more complicated beast making the learning curve much steeper. I remember the days of SoftIce and what a wonderful tool th
    5 points
  34. This forum is overrun by lazy-ass noobs who don't really want to learn. They want to have a youtube video and automagic tool for everything. Ready-made tools are private for this exact reason. People who want to learn will find the necessary information to learn the basics. And once you show you've done your homework, knowledge and techniques are being shared freely. Maybe not 100% public but via PMs and chat.
    5 points
  35. Posted a write-up about solving the keygenme. https://0xec.blogspot.com/2020/02/finally-solving-weasel-keygenme.html
    5 points
  36. @Teddy Rogers: from what I was able to gather, this version was still being maintained and improved. Only original repo was taken down, forks are all up. For example, this one is fully up to date: https://github.com/Deteriorator/winrar-keygen.git
    5 points
  37. I once post it in a China forum, you can visit it in https://www.52pojie.cn/thread-762832-1-1.html by Google Translator I try my best to introduce it using English 1. download x64dbg and download the symbol file of clr.dll (mscorwks.dll if runtime is .net2.0~.net3.5) 2.set a breakpoint at "SystemDomain::ExecuteMainMethod" in clr.dll/mscorwks.dll and run 3.use MegaDumper (I use my ExtremeDumper based on codecracker's megadumper https://github.com/wwh1004/ExtremeDumper) to dump the main module when the program break at "SystemDomain::ExecuteMainMethod" 4.fix pe header an
    4 points
  38. View File Reactor v6.3 Try to unpack or alternatively provide a serial. Protections used: Necrobit Antitampering Antidebug Obfuscation Code Virtualization + Shield with SNK Submitter whoknows Submitted 06/10/2020 Category UnPackMe (.NET)
    4 points
  39. Is everything going PRIVATE or knowledge stopped being shared ? Unpacking => Private ... Tutorials(Patching , keygens) ==> Private ... New techniques ==> Private ... knowledge ==> Private .. So what we left for the others for this Scene ?? The only thing that left is nothing some old books and old school techniques and nothing else... Why ?
    4 points
  40. Very mature choice for username and password. 😑 Tutorial:
    4 points
  41. My personal belief is that the entire world around is fake - just a simulation. Our universe does have a creator and that creator may or may not be God. The pain & and struggles we face means nothing in the greater sense. We are nothing more than a programmed object. Even the pain or happiness is nothing but programmed feelings. For example, we design computer games with their own story-lines. In one such game there may be a person who is put under immense pain. There are many movies in which innocents die due to no fault of theirs. However we are not concerned since we know the pain
    4 points
  42. 1) There was nothing new, unlike the old versions, I did not replace the HWID, I just found the button in the NAG and patched the execution result, because the file did not have a constant, it worked. 2) One of the functions was under the virtual machine, not counting the EP. CISC vm is a simple virtual machine and the code was small. mfcapplication1_unpacked.rar
    4 points
  43. I think a lot of public knowledge sharing is going on, especially in the field of malware analysis with many good YouTube channels and blogs covering basics. It just looks like people move to social media (Twitter/Reddit/Discord) to discuss things and traditional forums start to show their age. There is also a very active CTF scene with many techniques and tools being shared (tools on GitHub) and it appears that the cheating scene is also still very active. If you look at more academic sources there are a lot of techniques published (frameworks like miasm/angr/triton or LLVM-based techniques)
    4 points
  44. I blame high speed internet and HD porn ! << just kidding The knowledge is out there, as my friends already said, you just need the motivation to learn and explore, it's time-consuming and the new generation wants everything ready and they want it quickly.
    4 points
  45. Phew! It has been close to 4 years and after a lot of wandering here and there I can proudly announce that I'm now able to calculate a valid serial for any name. Here are a couple. kao GCZ4B-QTD22 0xec FZNUL-THK22 Time taken to generate a key can vary from 2-5 minutes and takes about 12 GB of Physical RAM running on a Nvidia Tesla T4 GPU (2560 CUDA cores). Providing more RAM and CUDA cores may further reduce the time but I ran it on Google Colab and that's what they offer. I plan to do a write-up on my blog later but here it is in short. Initially, I felt the only way to
    4 points
  46. Actually Winrar was a kind of an earl adopter of ECDSA licensing, but they made a mistake in the implementation, much like level 10 armadillo. I still remember when I first came across this release - i thought, man, not another hardcoded-pseude-keygen ... then I saw "SeVeN/FFF". I was like "ahh shit here we go". Problem for Winrar is that their license is tied to archive signatures - if they change it they will break the signature mechanism.
    4 points
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...