Jump to content
Tuts 4 You

Leaderboard

  1. kao

    kao

    Full Member+


    • Points

      25

    • Content Count

      2,429


  2. r0ger

    r0ger

    Full Member


    • Points

      17

    • Content Count

      66


  3. hors

    hors

    Full Member


    • Points

      9

    • Content Count

      45


  4. ToMKoL

    ToMKoL

    Full Member


    • Points

      8

    • Content Count

      56


Popular Content

Showing content with the highest reputation since 03/12/2021 in all areas

  1. No, it really isn't. It stops 10-year olds from running ready made tools, and that's about it. Password is: There are 3 ways to solve it: Easy way (1/10) : open file in hex editor, check the strings and find solution there. Slightly harder (2/10): run crackme under any tracer/profiler, see what functions it calls, see correct string as one of the parameters. "Extremely hard" (3/10): open DnSpy and Visual Studio and fix OldRod source code. You'll need like 5 minutes for that. 1) Compare original KoiVM method handlers with DiamondVM method handlers:
    8 points
  2. Hello, I unpacked the file completely (including VM). Here is how I did it (simplified a bit): 1. After a bit of analysis we can notice that Agile.NET hooks into the Just In Time compiler in order to restore the method code. This can be undone by hooking into the JIT before Agile.NET. 2. Update de4dot to be able to remove simple protections like string encryption, control flow, and reference proxy. This just requires you to update some detections. 3. Spend some time analyzing Agile.NET VM, we find out that it's VM is somewhat different to others as it creates "combined" handlers
    7 points
  3. Very simple example, just to show the idea.. static void Main(string[] args) { using (var module = ModuleDefMD.Load(args[0])) { foreach (var type in module.GetTypes()) { foreach (FieldDef field in type.Fields) { // this will change all string constant values to "kao". Make sure to fix the `if`!!! if (field.HasConstant && field.ElementType == ElementType.String) { field.Cons
    4 points
  4. There's the WinDivert library which allows you do all of this. WinDivert is in C but there are bindings for bindings for Python & C#. You can check the source code of Clumsy which uses utilizes WinDivert to selectively modify the packets. It's in C. There's also the now discontinued flare-fakenet-ng which uses the Python bindings - pydivert. https://reqrypt.org/windivert.html http://jagt.github.io/clumsy/ https://github.com/fireeye/flare-fakenet-ng
    3 points
  5. This code and accompanying article is worse than most ConfuserEx mods written by script kiddies... Where do I start? Holy f*ck, have you ever heard of things you should never ever do inside DllMain? Loading another DLL from DllMain is one of the basic ones - it virtually guarantees a deadlock. "DLL hook"... You mean DLL name? Like, I don't know... a string? Not since year 2018... And it's called "Detours" And the cherry on the top! Just 4 problems in 9 lines of code! Must be a world record or something! 1) if CreateRemoteThread fails, ch
    3 points
  6. you can still install latest flash version and patch Flash32_32_0_0_465.ocx, NPSFW32_32_0_0_465.dll/NPSFW64_32_0_0_465.dll 0FC4F07E DC1D D0018B10 FCOMP QWORD PTR DS:[108B01D0] 0FC4F084 DFE0 FSTSW AX 0FC4F086 59 POP ECX 0FC4F087 59 POP ECX 0FC4F088 F6C4 01 TEST AH,1 0FC4F08B 75 05 JNZ SHORT Flash32_.0FC4F092 0FC4F08D 33C0 XOR EAX,EAX 0FC4F08F 40 INC EAX 0FC4F090 EB 02 JMP SHORT Flash32
    2 points
  7. Hi, I tried Vpn and switched to Germany, it appeared a window like this. My solution is 1.https://chrome.google.com/webstore/detail/tampermonkey-beta/gcalenpjmijncebpfijmoaglllgpjagf?hl=en 2.https://greasyfork.org/de/scripts/412178-youtube-dismiss-sign-in Installing both of these will windows popping up no longer interfering. I've tested it myself, so I'm telling you.
    2 points
  8. 1. If you want to try the library capstone is not essential (used for tests with opaque predicates), the library is still available here https://github.com/Pigrecos/Capstone4Delphi 2.I have not tried but with small adjustments (which unfortunately I do not have the time to do ...) it is certainly possible and quite simple (it is always pascal)
    2 points
  9. alright, here is some remix of my favourite chiptune so i can use it on the next keygen/patch templates. the original song is called "next 2 me" by crome , thanks to LHS for some samples (the leads , the bass and the c64 drum) . plus, it's also dedicated to all my high school friends that i miss them so much ever since i left Romania . UPDATE: sorry guys , i found out actually that the bass lead was actually too loud and i can barely hear the sample no.4 so i had to amplify it with 75-80% to sound a little better so here is the newer version . prfkeygens.xm
    2 points
  10. another crack template i've made today. it was initially for Speed Video Converter 4.4.9, but i couldn't find any setup for this because all the download links i've found on different arabic and iranian shareware sites are totally dead. so the patch engine is not included. i did wrote the offset patch engine for it tho. xm by zalza (modified by me with same semitones as the original song from Europe) btw on KeygenTemp17 , i’ve noticed again that i forgot to wrote that it was used bassmod not MagicV2mEngine , on “10x go 2” section (good grief why am i supposed to forget to
    2 points
  11. https://blog.malwarebytes.com/careers/2021/03/careers-in-cybersecurity-malwarebytes-talks-to-teachers-and-students/ Ted.
    2 points
  12. Generating code could be shorter, at least this time I didn't use an external rc file. kgn.bat ;@echo off ;goto KesMezar .686 .MODEL flat, stdcall OPTION casemap:none include \MASM32\INCLUDE\dialogs.inc include \MASM32\INCLUDE\windows.inc include \MASM32\INCLUDE\user32.inc include \MASM32\INCLUDE\kernel32.inc include \MASM32\INCLUDE\shell32.inc include \MASM32\INCLUDE\comctl32.inc include \MASM32\INCLUDE\comdlg32.inc includelib \MASM32\LIB\user32.lib includelib \MASM32\LIB\kernel32.lib includelib \MASM32\LIB\shell32.lib includelib \MASM32\LIB\comctl32.lib includelib \MASM32
    2 points
  13. this is the most creepiest and spookiest keygen template i've ever made. the keygen algo is removed tho. the image from the aboutbox is actually Gurgles' face (from "Gurgles and Bugman" creepypasta). v2m by Little bitchard (if this music is too loud for you because of the beeping then sorry) btw thanks to Xylitol for reminding me that this v2m library with replay-function still exists on this forum KeygenTemp21.zip
    2 points
  14. Example code just to get you started: using (var module = ModuleDefMD.Load(args[0])) { foreach (var type in module.GetTypes()) { foreach (FieldDef field in type.Fields) { // this will change all byte[] field values to my own. Make sure to fix the `if`!!! if (field.HasFieldRVA && field.InitialValue != null) { byte[] fake = new byte[] { 0x6B, 0x61, 0x6F }; // it'
    1 point
  15. I think the new GUI introduced ~1yr ago, sucks 100% -- browse @ old.reddit.com/
    1 point
  16. alright , another new crack template with a new ripped effect is here ! in the spotlights.asm file , you will find all the comments i just wrote in their original values to identify the form , the colours and the speed too (initially coded by Rustem) . patch engine not included. v2m by MAP. CrackTemp6.zip
    1 point
  17. Hi guys, so I noticed few days ago that YT has changed again something to ask about cookies and does now redirect the YT link to this... https://consent.youtube.com/m?continue=https://www.youtube.com ...each time / everyday to ask about cookie stuff etc.So this is really uhhmmmm!!!You know, I could puke around.I don't wanna see & get that shit NAG each time / browser call (cookie clean) and choose and accept or turn On/Off that options.So before I didnt got that too so why now?My question now is whether anyone found already a way / method to bypass this redirection cookie NA
    1 point
  18. 18 downloads

    Welcome back! A lot of people asked me after they've read my article about inserting a message box at program start of an exe file if it's possible/how to add a splash screen to a PE. Well, yes it is possible! You can inject (theoretically) everything you want to an exe file, it just depends of your reverse engineering skills! (of your time and of your perseverance. Actually I thought about doing this, so my first step was to think about what is necessary. So let's just think about all the steps.
    1 point
  19. This is working for me to block the YT signin using GreaseMonkey // ==UserScript== // @name Youtube Signin Block Script 512826 // @version 1 // @grant none // ==/UserScript== // SentinelJS is a JavaScript library that lets you detect new DOM nodes const sentinel = function(){var e,n,t,i=Array.isArray,r={},o={};return{on:function(a,s){if(s){if(!e){var f=document,l=f.head;f.addEventListener("animationstart",function(e,n,t,i){if(n=o[e.animationName])for(e.stopImmediatePropagation(),t=n.length,i=0;i<t;i++)n[i](e.target)},!0),e=f.createElement("style"),l.insertBefore(e,l.firstChild),
    1 point
  20. https://torrentfreak.com/denuvo-we-are-passionate-gamers-and-guarantee-we-dont-slow-games-down-210404/ 🙄
    1 point
  21. same kind of shit happened to me, on TC with their kind of nag announcement who wont go away till you have the good cookie, so i made a script to fix the problem ith greasemonkey, shared it, and and got a warning on their forum for 'hacking with script' lmao.
    1 point
  22. Yes I would expect a lot more of this. GDPR caused a bit of chaos on a lot of websites for EU users but it motivates perhaps more general changes in anticipation of laws changing elsewhere. I still cant access some news websites in the US on an EU IP. Clearing cookies is no longer really a great idea anyway for all sites. Really you should whitelist the sites you want to preserve state with and clear the rest. Most of us don't use so many sites and practically speaking everyone is limited by time and energy of maintaining account registrations, etc so it's not a lot to whitelist some doma
    1 point
  23. Its the EU user consent policy that Google has to comply with. You may see this type of thing popping up more often because you live in the EU. Some options, use a VPN to make it appear you are outside of the EU. Alternatively use one of the annoyance filters that come with adblock; Fanboy, AdGuard, etc. Ted.
    1 point
  24. @LCF-ATgive a try @ ghacks.net/2020/09/27/how-to-deal-with-googles-and-youtubes-aggressive-popups-before-you-continue-sign-in/ -- youtube.com/watch?v=msoOdQID60I can be @ yt.dorper.me/watch.php?v=msoOdQID60I invidious.snopyta.org/watch?v=msoOdQID60I ;)
    1 point
  25. "...each time / everyday to ask about cookie stuff etc.So this is really uhhmmmm!!!You know, I could puke around. I don't wanna see & get that shit NAG each time / browser call (cookie clean) and choose and accept or turn On/Off that options..." ========== I totally agree! I was also looking for something like the "no redirects" add-on, but so far I'm just ignoring Google , or at least trying to ... :-)
    1 point
  26. Using an extension for modern browsers like StyleBot, you can fix it yourself with some basic edits. The syntax parser the forum uses is fairly bad/basic, so a very basic CSS edit/override works fine. Here's mine: @media screen { .str { color: #CC7645 } .kwd { color: #569CD6 } .com { color: #57A64A } .typ { color: #79D8FE } .lit { color: rgb(179, 201, 101) } .pln { color: #9A9A9A; } .pun,.opn,.clo { color: #A2B3AE } } I only targeted C/C++ language type tags that were t
    1 point
  27. you can also try to play around with https://github.com/anatolikalysch/VMAttack
    1 point
  28. https://www.codeproject.com/articles/13368/multiple-consoles-for-a-single-application https://codereview.stackexchange.com/questions/195157/using-multiple-console-windows-for-output
    1 point
  29. How COVID-19 affects the brain eurekalert.org/pub_releases/2021-03/jn-hca032521.php jamanetwork.com/journals/jamapsychiatry/fullarticle/2778090
    1 point
  30. This! You have defined 3 patches, all of them 1 byte in size. But you apply only 2 patches, each 2 bytes in size. Makes no sense.
    1 point
  31. 1 point
  32. Tutorial: unpacked.rar
    1 point
  33. 74 downloads

    Try to unpack or alternatively provide a serial.
    1 point
  34. You should then take a look at Akamai's anti bot. They use machine learning principles and one of their biggest defense is mouse movement analysis.
    1 point
  35. Then you could code your own, wireshark uses WinPcap library, you could code whatever you need using that library so you dont have to code a driver too
    1 point
  36. Malware analysis is done here. But breaking legitimate bots and software is not allowed here, since it could be deemed illegal in some cases. Bypassing protection measures (legit) ones always raises eyebrows and can cause problems if clear tuts are made available with clear intention to bypass them.
    1 point
  37. it's already in the keygen template (KeygenTemp20), name of the asm file is "CrazyWord.asm".
    1 point
  38. another keygen template i've made today . this was actually a keychooser because translating some algos from delphi to assembly will take so much time and i'm kinda bit lazy to do that, maybe these days idk :E xm by Nemo . (lead samples edited by me for this keychooser) ( sorry for the double-post , my laptop is sometimes working a bit slow , but i am looking forward to get a powerful video-editing i7/i9 chassis ) KeygenTemp6.zip
    1 point
  39. here's some keygen template i've made about 1 week and 5 days ago. the keygen algo is not included in the project. v2 music by darkman007. KeygenTemp5.zip
    1 point
  40. here's another crack template i've made, although i didn't include it in my topic above (actually made it today) no patch engine included in the project. xm by stalker (modified its finetune just to sound better for the crack) CrackTemp3.zip
    1 point
  41. here's the keygen template from image no. 3. the keygen algo is removed from the project. music by Freefall (cover for Captain jack song) KeygenTemp3Updated.zip
    1 point
  42. here are the keygen templates from images no. 2 and 4. the keygen algos are disabled and removed from the projects. v2m by Soft maniac . xm by LHS (modified finetune to sound better for the keygen) GRUiA neinfricatul means in romanian GRUiA the brave . KeygenTemp1.zip KeygenTemp2.zip
    1 point
  43. alright, here's the crack template from image no.6 . no patch engine included (or added) in the ASM project. more coming up music by icefall . CrackTemp1.zip
    1 point
  44. Why was SychicBoy's post accepted by moderators? * Code is not devirtualized at all, see Form01.method_2. That's not a properly unpacked file. * Correct serial is not provided either. There's just a simple patch which disables serial check - so, neither of unpackme's goals are achieved.
    1 point
  45. 143 downloads

    DupSkins.rar contains fallowing dup skins: Ariana_Grande_Skin_v1 Ariana_Grande_Skin_v2 DooM_Skin Elsa_and_Tiana_Skin Female_Skin paradise_frieslve-dup2skin (Paradise-DUP2skin) All credits go to original author fRiESLVe: https://forum.tuts4you.com/profile/98062-frieslve/content/?type=downloads_file https://forum.tuts4you.com/files/file/1206-paradise-dup2-skin/
    1 point
  46. this is my project for porting keras(Deep Learning for humans http://keras.io/) to delphi https://github.com/Pigrecos/Keras4Delphi Keras4Delphi is a high-level neural networks API, written in Pascal with Python Binding
    1 point
  47. 130 downloads

    This article discusses the methods of software reverse engineering and the case study of FLEXlm system.
    1 point
  48. Unpacked Enigma api i just fix it with LCF-AT tut unprotectme_Unpacked.rar
    1 point
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...