Jump to content
Tuts 4 You

Leaderboard


Popular Content

Showing content with the highest reputation since 01/22/2019 in all areas

  1. 5 points
    Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
  2. 5 points
    For unpacking 1) cawk unpacker 2) dump after decryption 3) fix EP 4) Proxy call fixer by Davicore 5) Strings decryptor by CC 6) Switch killer by CC 7) Dump resources (empty) 😎 Clean cctor and <module>methods (maybe 4, 5 and 6 can be replaced by cawk unpacker again) I will check the key algo tomorrow, don't have time now. a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe -------------------------------------------------------- Username = "Usuario" Code = "161308" int length = username.length(); int num2 = length + 2 - 4 + 40 + 10; return Convert.ToString(419 * num2 * length - length); --------------------------------------------------- EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully.
  3. 2 points
  4. 2 points
    C generate all possible combination of strings - for brute force: char* ValidChars = "0123456789ABCDEF"; int MinimLen = 1; int MaximLen = 2; char SpecialChars[255] = {0}; char GeneratedString[50] = {0}; int Valid_Chars_len = strlen(ValidChars); SpecialChars[0] = ValidChars[0]; // the first char will be first allowed char // SpecialChars[i] will point to next char like this: // SpecialChars['a'] = 'b'; // SpecialChars['b'] = 'c'; // SpecialChars['c'] = 00; // the end of a loop for (int i=0;i<Valid_Chars_len-1;i++) SpecialChars[ValidChars[i]] = ValidChars[i+1]; memset(GeneratedString, ValidChars[0], MinimLen); // we start with 'aaa' string char NextChar; int Pos = 0; while (1) { Pos = 0; printf("gen = %s\r\n", GeneratedString); LoopStart: NextChar = SpecialChars[GeneratedString[Pos]]; if (NextChar!=0) { GeneratedString[Pos] = NextChar; } else { GeneratedString[Pos] = SpecialChars[0]; // we start again Pos++; if (Pos>=MaximLen) break; goto LoopStart; } } The code works 100% ok but it is a bit ugly especially the "goto LoopStart;" Any other optimizations I could make to the above code or other generation of all combinations possibility? Obviously should be optimized to the maximum!
  5. 1 point
    Hi guys, I am a fan of FFmpeg CLI tool but its always hard to remember all commandline arguments if I didnt used it for a longer while and I can't find my notes about it (as always).Now I thought it would be a good idea to code a GUI tool where I can use FFmpeg with and store all commandline argument combinations I want into it to call and execute them quickly.I know there are already a few GUI tools out there for FFmpeg but they have some limitations and or are not my taste.So you know I have always a special taste and wanna combine all together in the best case.Now after few months I am done with a first version and wanna also share it with you guys. First Steps -------------------------------------------- Start the app and enter your FFmpeg path.If you dont have it then download a static build from FFmpeg.org or ffmpeg.zeranoe.com/builds/ Next should have installed the VLC player (2.2.6 in my case) How it works? -------------------------------------------- So the app has 2 diffrent GUIs.The main GUI you can use for media editing,converting etc all what you can do with FFmpeg commandline arguments.The seconds GUI I made specially for quick handling of streams to play download them plus more features which could be important. Features: Main GUI -------------------------------------------- -Quick analysis of files after drag & drop into the app and showing the info into it -Full analysis of file by MediaInfo or FFmpeg itself -Preview image of video files & quick playing by your video player -Three diffrent commandline edit controls in main GUI to execute with FFmpeg -Quick Mux / DeMux function to extract / add / change streams without re-encoding in Concat or Input mode -Window to see whole FFmpeg traffic -Storage listview to (add / delete / send / play / record / search) manage your commandlines and infos -NoFile (you can use FFmpeg like in a normal CMD window) Features: Quicky GUI -------------------------------------------- -Store and choose diffrent URLs by menu -Store and choose diffrent commandline args by menu -Store and choose diffrent pre commandline args by menu -Store and choose diffrent names by menu (Will used to save into file and showing in VLC) -Play,Download,Edit,Search functions etc -Store names and URLs into extra listview -Store and call till three custom request headers -Diffrent choosable request methods,user agents and optinal headers -Url checking (with or without SSL) -Reading pagesources -Finding URL extensions -Response Header -Switch View (CRLF) -JSON Viewer -URL Decoder -OnTop On/Off I also created a video with some examples how to use my app but the video was getting a little big with 50 MB so I am sorry for that.Inside you can also find some text files with infos.If something not works or if I forgot to explain some feature or anything else than just post a reply in this topic.Have fun and till later. PS: I also wanna send some extra special thanks to our member fearless who always helped me a lot (without getting crazy - I think so..) with all my coding questions I had.Thank you. Merry Christmas and greetz FFmpeg Quicky 1.0.rar
  6. 1 point
    Or the classic: http://pferrie.host22.com/papers/antidebug.pdf
  7. 1 point
    this has some more techniques: https://studylib.net/doc/14916230/anti-debugging-techniques-malware-analysis-seminar-meetin...
  8. 1 point
    In Fiddler, you can manually set the upstream proxy by clicking Tools->Options->Gateway Proxy goes in there and set your browser to fiddler proxy as normal
  9. 1 point
    Language : C# Platform : Windows OS Version : Windows 7 Above Packer / Protector : ConfuserEx Plus Extra Description : Provide key, how? UnPackMe.7z
  10. 1 point
    will just take the key for now i might work on an unpacker tomorrow if i have some time but to get the key simply just put a breakpoint on string compare methods
  11. 1 point
    As mentioned in a prior thread, Kernighan and Ritchie is the de-facto standard in this case. You can get it for free here: http://www.dipmat.univpm.it/~demeio/public/the_c_programming_language_2.pdf
  12. 1 point
    Confuser + Ilprotector + Enigma
  13. 1 point
    Native layer seems to be protected by Enigma. .NET looks like ILProtector!
  14. 1 point
    Find it funny how the agitator creates the topic to try and bring attention to what he had to post later on Puny schemes. People just have lives; RE isn't going anywhere. Same as there's been one generation of smart, skilled and enthused people, others will follow. Circle of life. What I do find funny is how this "high-level programming" works even with big companies, such as Denuvo. I put quotes because same as Java relies on a ton of shit OTHER people wrote across time, which they now just import, similarly Denuvo relies on VMProtect to shield whatever crap they've got going on. Were it not for it, we'd have gotten ourselves the ol' time SecuROM/SafeDisc fiascos. I digress.. Congrats, ExoD And keep it up, love your work.
  15. 1 point
    Good Luck @mrexodia but we are patiently waiting for the source leaks << Just kidding and check that private message I sent you long ago if you have a minute
  16. 1 point
    Result: How To Do: 1. Dump program while running using something like MegaDumper to see a basic jist of what is done. 2. See that GUI_Modelx86.dll holds all the important information. 3. Unpack GUI_Modelx86.dll. 4. Check out the file in IDA, see how DENCLR_1998 function works. Important information being: dword_10034D84 and dword_100408B8 5. Set breakpoint on the DENCLR_1998 compare against the two dwords above. View values of each. 100408B8 holds the expected key. 6. Set key in program, click button and get results above. To unpack GUI_Modelx86.dll: 1. Load in OllyDbg. 2. Step until ESP changes. 3. Follow ESP in memory, set hardware breakpoint on access. 4. Keep running until you hit a JMP EAX instruction, step into. 5. Dump, fix imports, and you have the dll unpacked now. Wouldn't really consider this 8/10, it was pretty easy.
  17. 1 point
    im cracked with olly dbg movie attached confu.rar
  18. 1 point
    @CodeExplorer: Yes, there is. Start using a browser like any normal person would. You do stupid things and stupid things will happen to you. Why exactly do you think this entire forum should adjust to suit one person, who is using a very outdated browser with an extremely rare combination of settings?
  19. 1 point
    thought I would post this since it's extremely useful for working on some embedded targets. the basic principle is you use a cheap logic analyzer to intercept read requests to the chip ( usually from the microprocessor of your target ) since some designs they store special information in small chips on PCB, like serial number, password, settings, etc. after the CPU reads all the addresses its interested in over the SPI or I2C bus your logic analyzer sees the waveforms and captures the data. then this utility will convert the logic analyzer file to a binary dump of the chip by reconstructing the flash memory contents so you can see what's inside and load into IDA. very useful source code and intro https://github.com/alainiamburg/sniffROM/wiki/Getting-Started https://github.com/alainiamburg/sniffROM
  20. 1 point
    Here are 2 more unpackmes with Enigma 5.4. OEP is not virtualized so for you it must be easy to get the point. Original.rar
  21. 1 point
    hook compileMethod like this HMODULE hJitMod = LoadLibrary(_T("mscorjit.dll")); if (!hJitMod) return; p_getJit = (ULONG_PTR *(__stdcall *)()) GetProcAddress(hJitMod, "getJit"); if (p_getJit) { JIT *pJit = (JIT *)*((ULONG_PTR *)p_getJit()); if (pJit) { DWORD OldProtect; VirtualProtect(pJit, sizeof(ULONG_PTR), PAGE_READWRITE, &OldProtect); compileMethod = pJit->compileMethod; pJit->compileMethod = &my_compileMethod; VirtualProtect(pJit, sizeof(ULONG_PTR), OldProtect, &OldProtect); bHooked = TRUE; } } .but how to hook the jitNativeCode and Compiler::compCompile method....
  22. 1 point
    using C++ hook jit ! look here http://bbs.pediy.com/showthread.php?t=116218 sorry,my english just so so
  23. 1 point
    The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested. http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html Have fun! -------------------------------------------- Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Hacme Bank Android - Foundstone http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspxExploitMe Android - Security Compass http://securitycompass.github.io/AndroidLabs/InSecure Bank - Paladion http://www.paladion.net/downloadapp.htmlGoatDroid - OWASP and Nvisium Security https://github.com/jackMannino/OWASP-GoatDroid-ProjectIG Learner - Intrepidus Group https://play.google.com/store/apps/details?id=com.intrepidusgroup.learnerMoshZuk.apk Description - http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html File - https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apkCrackme.de’s and deurus's Android Crackmes 1-4 ++ http://crackmes.de/users/deurus/android_crackme01/ http://crackmes.de/users/deurus/android_crackme02/ http://crackmes.de/users/deurus/android_crackme03/ http://crackmes.de/users/deurus/android_crackme04/ http://crackmes.de/users/pnluck/android_signme/Hackplayers.com Crackmes (in Spanish so an extra challenge) http://www.hackplayers.com/2010/12/reto-android-crackme1.html http://www.hackplayers.com/2011/12/reto-14-android-crackme2.htmlNuit du Hack's 2k12 & 2k11 (pre-quals and finals) Android Crackme’s http://blog.w3challs.com/index.php?post/2012/07/02/NDH2k12-wargame-CrackMe-Android http://blog.spiderboy.fr/tag/crackme/Hack.Lu's CTF 2011 Reverse Engineering 300 http://shell-storm.org/repo/CTF/Hacklu-2011/Reversing/Space%20Station%200xB321054A%20(300)/Androidcracking.blogspot.com's Crackme’s http://androidcracking.blogspot.com/2012/01/way-of-android-cracker-0-rewrite.html http://androidcracking.blogspot.com/2010/10/way-of-android-cracker-1.htmlBlueBox Android Challenge http://bluebox.com/labs/android-security-challenge/InsomniDroid Description - http://www.strazzere.com/blog/2012/03/488/ Partial Walkthrough - http://www.fortiguard.com/files/insomnichallenge.pdf (File) http://www.strazzere.com/crackmes/insomnidroid.apkCSAW2011 CTF Android Challenges Android 1 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android1%20-%20200%20Points/CSAW2011CTF.apk Android 2 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android2%20-%20400%20Points/CSAW2011CTF.apkDefcon 19 Quals b300 dex challenge http://shell-storm.org/repo/CTF/Defcon-19-quals/Binary_L33tness/b300/b300_b258110ad2d6100c4b8GreHack 2012 Reverse Engineering 100 http://repo.shell-storm.org/CTF/GreHack-2012/reverse_engineering/100-GrehAndroidMe.apk/Nullcon HackIM 2012 RE 300 http://www.nullcon.net/challenge/data/Null%20Mobile.apkC0C0N 2011 RE level 100 http://www.nullcon.net/challenge/c0c0n/data/cocon_apk.zipAtast CTF 2012 Bin 300 http://andromedactf.wordpress.com/2013/01/02/atast-ctf-2012-bin300chall5/SecuInside 2011 CTF Level 7 (level 3 is also android but i am unable to find the bin) Witeup - http://codeengn.com/archive/Reverse%20Engineering/Solution%20-%20CTF/2011%20SECUINSIDE%20CTF%20Write-up%20%5BCMU%5D.pdf File - http://big-daddy.fr/repository/CTF2011/SecuInside-CTF/Q7/WonderfulWidget.apk
  24. 1 point
    Turn MethodInfo to DynamicMethod />http://blogs.msdn.com/b/haibo_luo/archive/2006/11/07/turn-methodinfo-to-dynamicmethod.aspx />http://blogs.msdn.com/b/zelmalki/archive/2009/03/29/msil-injection-rewrite-a-non-dynamic-method-at-runtime.aspx />http://www.lesuna.com/blog/net-21453-23556-33073-22771-26426-26680-24515-31243-24207-20195-30721/
  25. 0 points
    Unpacked Use any long key to pass checks. GetMe_unp.zip
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×