Tuts 4 You

Team Retired

85

2,741

Full Member

10

55

10

7,808

Full Member

7

292

## Popular Content

Showing content with the highest reputation since 03/20/2019 in all areas

1. 4 points

## Obfuscating Operations using Linear Algebra

Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using numpy to solve the matrix equation created and using a hack-y method to circumvent not having a square matrix, but I thought that I could do a bit better... Enter two painstaking days of learning linear algebra and figuring out exactly what I needed to do. They start by computing the truth tables of some expressions, putting them into a matrix as columns, then solving for the vector that, when using the dot product on the vector and the matrix, returned zero. After that, they filtered out various "rewrite rules" from the matrix generated. You can read more about this in the paper, though there's not much to go off of. They use numpy's linalg.solve to do this, but that only works with square matrices and produced results with constants that were a tad small for my taste :^) After a bit of research I found a python module called cvxpy, designed to find values that satisfy an expression under certain constraints. Even cooler was that you could specify matrix equations and integer-only solutions, which is exactly what I needed. After tinkering with it for a bit, I was able to reliably create expressions like these (representing a xor b): -27540 * (~a & b) + 373574 * (~a ^ ~b) + -27541 * (a & ~b) + -27541 * (~a & b) + -11 * (a + b) + -30436 * (~a & ~b) + -30436 * (~a * ~b) + 137712 * (a * ~b) + -27544 * (~a) + 1 * (b) + 3 * (~a + ~b) + -221347 * (~a - ~b) + 13 * (a + b) + -2 * (a) + -30454 * (~a + ~b) + -30454 * (~a + ~b) + -3 * (b) + -30449 * (a | b) + -27546 * (~b) 3672455 * (~a * b) + -362611 * (a ^ b) + 78113 * (a) + -524636 * (~b) + -524636 * (a ^ ~b) + 78113 * (a) + -524636 * (~a | b) + -362611 * (a ^ b) + -959545 * (a | b) + -78113 * (a - b) + -959545 * (~a + ~b) + -524636 * (~a) + 142249 * (a + b) + -959544 * (~a + ~b) + 142249 * (a + b) + -524637 * (a - ~b) + -524637 * (~a) + -524637 * (a & ~b) + 3241246 * (~a ^ ~b) Using truth tables modulo 4 instead of modulo 2 I was also able to compute equivalencies for multiplication, which was pretty neato. However, using the same method of computing the truth table and finding an equivalent expression you can reverse this sort of operation. I'll leave that as an exercise to the reader. EDIT: As a friend of mine pointed out, this will work with any operation that can be reducible to boolean math (i.e. xor, addition, subtraction, multiplication), not just arithmetic operations.
2. 3 points

## The best design tools for everything!!

https://github.com/LisaDziuba/Awesome-Design-Tools#no-code-tools bonus (free -> add to cart -> mailinator -> 498mb) - hxxps://fusionretrobooks.com/collections/pdf/products/the-story-of-the-commodore-amiga-in-pixels_pdf
3. 3 points

## [UnPackMe] Obsidium v1.6.1.9

Used protector (I've forget to specify): https://www.52pojie.cn/thread-652274-1-1.html http://distro.crack.vc/index.php?dir=RceTools/Packers/ Finally made scripts and a tutorial on how to restore stolen bytes: https://forum.tuts4you.com/topic/41211-obsidium-olly-scripts/ BR.
4. 2 points

## How to set diffrent colors in a single menu string?

Check Ted's answer again: So if you want colors (any at all) or mix normal/bold then you will need to draw the items yourself using the GDI api SetTextColor and TextOut and those functions after responding to the draw item event by setting the owner draw flag.
5. 2 points

6. 2 points

## How to set diffrent colors in a single menu string?

I use something like this if I want to make a menu item bold... bold.MENUITEMINFO bold\cbSize = SizeOf(bold) bold\fMask = #MIIM_STATE bold\fState = #MFS_DEFAULT SetMenuItemInfo_(MenuID(0), 2, #True, bold) ;"2" is the MenuItem to be made bold https://docs.microsoft.com/en-us/windows/desktop/api/winuser/nf-winuser-setmenuiteminfow https://docs.microsoft.com/en-au/windows/desktop/api/winuser/ns-winuser-tagmenuiteminfoa Ted.
7. 2 points

## A new disassembler coming soon?

9.0.2 released with the source which notes can be found on their site: https://ghidra-sre.org/releaseNotes.html With the source, they did include the decompiler's source code which some were concerned with being released. It's there and is coded in C/C++ so there is potential for things to get better as time goes on with community help/support. Would love to see it become on par with IDA's and better in the long run. Given how Ghidra is setup too, if it does start to become on par/better of a decompiler someone could essentially turn it into an IDA plugin if they wanted.
8. 2 points

## OpenFodder (WebAssembly)

Is an action-strategy shoot 'em up game developed by Sensible Software and published by Virgin Interactive. The game is military-themed and based on shooting action but with a strategy game-style control system. The player directs troops through numerous missions, battling enemy infantry, vehicles and installations. http://openfodder.com/ https://github.com/OpenFodder/openfodder online (WebAssembly) https://s3.amazonaws.com/openfodder/OpenFodder.html -- -- https://emscripten.org/ Is a toolchain for compiling to asm.js and WebAssembly, built using LLVM, that lets you run C and C++ on the web at near-native speed without plugins. @atom0s
9. 2 points

## [UnPackMe] Obsidium v1.6.1.9

Found a olly modification that I've created that works ok with Obsidium; I called it OLLY_(Orig_Safengine).rar since it also works for Safengine. A tutorial by Nieo is the most recent: https://tuts4you.com/e107_plugins/download/download.php?view.3678 Let the cracking begin! OLLY_(Orig_Safengine).rar
10. 2 points

11. 2 points

## Armored Binary - Official UnpackMe

Language : Delphi XE Platform : Microsoft Windows x32/x64 OS Version : XP/Vista/7/8/8.1/10 Packer / Protector : ArmoredBinary - Modern Binary Obfuscation Tool. Description : Attached file was protected with full version of armoredbinary obfuscator ( with medium protection approach ) , make sure unpacked file will execute successfully in any environment. You will dealing with OEP hiding , Resource Protection , Simple IAT Protection , AntiDump Tricks. Screenshot : Protected file after execution will be similar to Thanks. ArmoredBinary_Official_UnpackMe.rar
12. 1 point

13. 1 point

## How to set diffrent colors in a single menu string?

Hi LCF-AT, usually you have to use owner-drawn menus: you just tell windows you would take the burden to measure and draw the content by yourself. A very very quick Google search takes you to http://winapi.freetechsecrets.com/win32/WIN32Example_of_OwnerDrawn_Menu_Items.htm https://www.codeproject.com/Articles/8715/Owner-drawn-menus-in-two-lines-of-code https://www.codeguru.com/cpp/controls/menu/article.php/c3719/The-Easiest-Way-to-Code-the-Owner-Drawn-Menu.htm Don't know if there's available an example in pure ASM, I'm afraid. Regards, Tony
14. 1 point

## How to set diffrent colors in a single menu string?

Probably have to create your own control with a WS_POPUP window and use DrawText for the individual parts in the different colors. And have to calc the 'menu item' positions, and store the 'menu text' strings in an array or structures etc. Also calc position of the control relative to where mouse/cursor position was, for the placement to show it at.
15. 1 point

## Reversing WannaCry w/ Ghidra

https://youtu.be/Sv8yu12y5zM bonus - VSCodium - Binary releases of VS Code without MS branding/telemetry/licensing - hxxps://github.com/VSCodium/vscodium
16. 1 point

## First Crackme

Program cannot start because VMprotect dll is missing Are you sure this is using no packer or protector?
17. 1 point

## A new disassembler coming soon?

Compiling it is certainly for serious developers and paranoid reversers
18. 1 point

## A new disassembler coming soon?

Hmm think the forums are bugging out.. your post wasn't there for me @Progman when I made mine. But shows it was posted an hour ago now.
19. 1 point

## A new disassembler coming soon?

@atom0s and @deepzero we now also have a version 9.02 with some more fixes: https://ghidra-sre.org/ghidra_9.0.2_PUBLIC_20190403.zip Since serious reversers will want to download the source and not merely browse it, here is a directly link (and it weighs in at ~66mb, smaller than the distribution package even): https://github.com/NationalSecurityAgency/ghidra/archive/master.zip
20. 1 point

## A new disassembler coming soon?

Source Code of Ghidra Released:
21. 1 point

## The Free Programming E-Books Topic

The following Kindle e-books are free at the moment. You will need to amend the URL for your specific region if you are not in Australia... Command Line Kung Fu: Bash Scripting Tricks, Linux Shell Programming Tips, and Bash One-liners Linux Administration: The Linux Operating System and Command Line Guide for Linux Administrators Python Programming for Beginners: An Introduction to the Python Computer Language and Computer Programming (Python, Python 3, Python Tutorial) High Availability for the LAMP Stack: Eliminate Single Points of Failure and Increase Uptime for Your Linux, Apache, MySQL, and PHP Based Web Applications Machine Learning For Absolute Beginners: A Plain English Introduction (Second Edition) (Machine Learning For Beginners Book 1) Shell Scripting: How to Automate Command Line Tasks Using Bash Scripting and Shell Programming Ted.
22. 1 point

23. 1 point

## A new disassembler coming soon?

9.0.1 was released recently: https://ghidra-sre.org/releaseNotes.html
24. 1 point

## How to create transparent bmp file?

fix and tools in attach. example_fix.zip RGN Tools.zip
25. 1 point

## Global ATM Malware Wall

Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got harvested from kernelmode.info, but also virustotal and various other services and peoples interested about the project. I'm using binGraph, pedump, Python, bintext, for the engine on reports. Some samples exist in 'duplicate' on the wall (we also provide unpacks for few files), if it is the case: it's mentioned on the report. We have hashs who are without references (i mean not associated in a white paper or something) thoses files are regrouped on the statistics page, we tried to make the stat page interesting enough for everyone to have fun exploring the zoo from the stats. We have IoCs that others seem to don't have, e.g kaspersky report about winpot, that leaded also to funny react from ppl selling it no worry, everyone have it now. We have also a page that includes some yara rules for detecting some of these malwares, and a page with goodies, voila! Everything provided in old skool style, intro also available! CyberCrime quality http://atm.cybercrime-tracker.net/ Feedback welcome, enjoy the ride ! 💳🏧
26. 1 point

27. 1 point

## Congratulations Mr Exodia

I heard that Mr Exodia joined Denuvo very recently as an employee. Very hearty congratulations to our very much beloved Mr Exodia!!!! 🍻 I just hope that there would be no "conflict of interest" with his reversing hobby and that he would continue to post and release great work for all of us! 😁
28. 1 point

## Debugger Detected

How To Fix Debugger Detected In x64dbg Picture ProtectionID Scan
29. 1 point

## AdvancedScript x64dbg Plugin

AdvancedScript beta version it is beta version it could have bug, so please report and if u like to add more features let me know. version 2.5 beta : 1- Script window is sperate. 2- Create Folder for script,form Load script with category. 3- add more mirror Functions (xorx - pushx ...), and Functions like ( if , goto,writestr ) to shortcut the work. 4- show all variables in a list with it's values. 5- edit script onfly. 6- enable to define array with range like z[n]. 7- writestr Function. 8- run from anyware in the script. 9- rest variables list in case maintenance. 10- insert rows as much as you need. 11- insert from clipboard replace all script. 12- insert from clipboard inside the script. 13- copy separated lines to used in other script. 14- insert description without confusing . 15- add the dll file of c++ runtime for each package. 16- add some scripts samples. 17- as it is beta version so it support one step not auto step , use F12 for step, sorry for that I need to check if it work then I will add auto step :} note : I forget to say use (Scriptw) command to show the Script window , but git has stop working and copy the script sample to ur script folder in x64dbg folder and pls read the help first AdvancedScript_2.5beta.zip
30. 1 point

## Want to develop Antivirus

I think it's the best idea, you can later share your findings with the rest of the community, I'm sure we can learn from this.
31. 1 point

## Want to develop Antivirus

What if i reverse engineer an existing antivirus and develop my own. Thanks for your comment.
32. 1 point

35. 1 point

## Binary Patching a Firmware Image In Order to Hook Into its EP

Read the FULL ARTICLE HERE . Full SOURCES and set of tools can be DOWNLOADED FROM HERE . A PDF created from the website article is attached for the convenience of the readers. PRACTICAL uses : The principles discussed can be used for reversing the firmware of Routers, Dongles etc etc. Please note that while the author has focussed on firmware which is Open Source, the same principles can also be used for Closed-Source Firmware. Firmware Hooking - Using Capstone and Keystone.pdf
36. 1 point

Version