Tuts 4 You

Team Retired

70

2,746

13

7,813

Full Member

10

55

Full Member

9

710

## Popular Content

Showing content with the highest reputation since 03/25/2019 in all areas

1. 4 points

## Obfuscating Operations using Linear Algebra

Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using numpy to solve the matrix equation created and using a hack-y method to circumvent not having a square matrix, but I thought that I could do a bit better... Enter two painstaking days of learning linear algebra and figuring out exactly what I needed to do. They start by computing the truth tables of some expressions, putting them into a matrix as columns, then solving for the vector that, when using the dot product on the vector and the matrix, returned zero. After that, they filtered out various "rewrite rules" from the matrix generated. You can read more about this in the paper, though there's not much to go off of. They use numpy's linalg.solve to do this, but that only works with square matrices and produced results with constants that were a tad small for my taste :^) After a bit of research I found a python module called cvxpy, designed to find values that satisfy an expression under certain constraints. Even cooler was that you could specify matrix equations and integer-only solutions, which is exactly what I needed. After tinkering with it for a bit, I was able to reliably create expressions like these (representing a xor b): -27540 * (~a & b) + 373574 * (~a ^ ~b) + -27541 * (a & ~b) + -27541 * (~a & b) + -11 * (a + b) + -30436 * (~a & ~b) + -30436 * (~a * ~b) + 137712 * (a * ~b) + -27544 * (~a) + 1 * (b) + 3 * (~a + ~b) + -221347 * (~a - ~b) + 13 * (a + b) + -2 * (a) + -30454 * (~a + ~b) + -30454 * (~a + ~b) + -3 * (b) + -30449 * (a | b) + -27546 * (~b) 3672455 * (~a * b) + -362611 * (a ^ b) + 78113 * (a) + -524636 * (~b) + -524636 * (a ^ ~b) + 78113 * (a) + -524636 * (~a | b) + -362611 * (a ^ b) + -959545 * (a | b) + -78113 * (a - b) + -959545 * (~a + ~b) + -524636 * (~a) + 142249 * (a + b) + -959544 * (~a + ~b) + 142249 * (a + b) + -524637 * (a - ~b) + -524637 * (~a) + -524637 * (a & ~b) + 3241246 * (~a ^ ~b) Using truth tables modulo 4 instead of modulo 2 I was also able to compute equivalencies for multiplication, which was pretty neato. However, using the same method of computing the truth table and finding an equivalent expression you can reverse this sort of operation. I'll leave that as an exercise to the reader. EDIT: As a friend of mine pointed out, this will work with any operation that can be reducible to boolean math (i.e. xor, addition, subtraction, multiplication), not just arithmetic operations.
2. 3 points

## The best design tools for everything!!

https://github.com/LisaDziuba/Awesome-Design-Tools#no-code-tools bonus (free -> add to cart -> mailinator -> 498mb) - hxxps://fusionretrobooks.com/collections/pdf/products/the-story-of-the-commodore-amiga-in-pixels_pdf
3. 3 points

## [UnPackMe] Obsidium v1.6.1.9

Used protector (I've forget to specify): https://www.52pojie.cn/thread-652274-1-1.html http://distro.crack.vc/index.php?dir=RceTools/Packers/ Finally made scripts and a tutorial on how to restore stolen bytes: https://forum.tuts4you.com/topic/41211-obsidium-olly-scripts/ BR.
4. 2 points

## Millions using 123456 as password...

I really, really disagree. Not all websites are valuable. And not all passwords should chosen to be secure. In fact, this was something I wanted to write about for a long time already, so here it goes: https://lifeinhex.com/my-password-is-password/ (shameless self-promo, I know! )
5. 2 points

6. 2 points

## How to set diffrent colors in a single menu string?

Check Ted's answer again: So if you want colors (any at all) or mix normal/bold then you will need to draw the items yourself using the GDI api SetTextColor and TextOut and those functions after responding to the draw item event by setting the owner draw flag.
7. 2 points

8. 2 points

9. 2 points

## A new disassembler coming soon?

9.0.2 released with the source which notes can be found on their site: https://ghidra-sre.org/releaseNotes.html With the source, they did include the decompiler's source code which some were concerned with being released. It's there and is coded in C/C++ so there is potential for things to get better as time goes on with community help/support. Would love to see it become on par with IDA's and better in the long run. Given how Ghidra is setup too, if it does start to become on par/better of a decompiler someone could essentially turn it into an IDA plugin if they wanted.
10. 2 points

## OpenFodder (WebAssembly)

Is an action-strategy shoot 'em up game developed by Sensible Software and published by Virgin Interactive. The game is military-themed and based on shooting action but with a strategy game-style control system. The player directs troops through numerous missions, battling enemy infantry, vehicles and installations. http://openfodder.com/ https://github.com/OpenFodder/openfodder online (WebAssembly) https://s3.amazonaws.com/openfodder/OpenFodder.html -- -- https://emscripten.org/ Is a toolchain for compiling to asm.js and WebAssembly, built using LLVM, that lets you run C and C++ on the web at near-native speed without plugins. @atom0s
11. 2 points

## [UnPackMe] Obsidium v1.6.1.9

Found a olly modification that I've created that works ok with Obsidium; I called it OLLY_(Orig_Safengine).rar since it also works for Safengine. A tutorial by Nieo is the most recent: https://tuts4you.com/e107_plugins/download/download.php?view.3678 Let the cracking begin! OLLY_(Orig_Safengine).rar
12. 2 points

13. 2 points

## Armored Binary - Official UnpackMe

Language : Delphi XE Platform : Microsoft Windows x32/x64 OS Version : XP/Vista/7/8/8.1/10 Packer / Protector : ArmoredBinary - Modern Binary Obfuscation Tool. Description : Attached file was protected with full version of armoredbinary obfuscator ( with medium protection approach ) , make sure unpacked file will execute successfully in any environment. You will dealing with OEP hiding , Resource Protection , Simple IAT Protection , AntiDump Tricks. Screenshot : Protected file after execution will be similar to Thanks. ArmoredBinary_Official_UnpackMe.rar
14. 1 point

https://www.bleepingcomputer.com/news/microsoft/windows-10-start-menu-gets-its-own-process-in-build-1903/ This should have happened a long time ago though it could be an indication Start is becoming bloated under Windows 10... Ted.
15. 1 point

16. 1 point

## Archangel Cloak .NET

your password is tesfaw https://gyazo.com/37e85be8307829270736eb42156ed9f5 as kao said this isnt unbreakable at all
17. 1 point

## Archangel Cloak .NET

@Kazura: That's nonsense. Cloak.NET been broken before and can be broken now. See It's just that people who can unpack that, are not really interested in a very basic crackme.
18. 1 point

## MineSweeper

Hi, can you please check your OS and .NET versions? I only tested it on .NET 4.6.2 EDIT: It seems you will also need the C/C++ runtime library from Microsoft Let me know if you are still facing issues. For me and some other people who tested it, it seems to work.
19. 1 point

## How to set diffrent colors in a single menu string?

MFT_OWNERDRAW flag should get the messages sent. It should be set on creation as in Ted's example above or possibly other ways like SetStyle API.
20. 1 point

## Opera Pink?WTF!

Opera is a Chromium-based browser IE is a Chromium-based browser Brave is a Chromium-based browser man use the #1 browser, brave ...
21. 1 point

## How to set diffrent colors in a single menu string?

Hi again, ok thanks again for the info.I have test it now with TextOut and ExtTextOut + new color function and it seems to work. Now I got a small another problem to receive WM_DRAWITEM and WM_MEASUREITEM messages.So in my case I did create a contextmenu by button press and not via right mouse.How to handle this problem now to get triggered at the 2 messages? greetz
22. 1 point

## How to set diffrent colors in a single menu string?

Hi LCF-AT, usually you have to use owner-drawn menus: you just tell windows you would take the burden to measure and draw the content by yourself. A very very quick Google search takes you to http://winapi.freetechsecrets.com/win32/WIN32Example_of_OwnerDrawn_Menu_Items.htm https://www.codeproject.com/Articles/8715/Owner-drawn-menus-in-two-lines-of-code https://www.codeguru.com/cpp/controls/menu/article.php/c3719/The-Easiest-Way-to-Code-the-Owner-Drawn-Menu.htm Don't know if there's available an example in pure ASM, I'm afraid. Regards, Tony
23. 1 point

## How to set diffrent colors in a single menu string?

Probably have to create your own control with a WS_POPUP window and use DrawText for the individual parts in the different colors. And have to calc the 'menu item' positions, and store the 'menu text' strings in an array or structures etc. Also calc position of the control relative to where mouse/cursor position was, for the placement to show it at.
24. 1 point

## Reversing WannaCry w/ Ghidra

https://youtu.be/Sv8yu12y5zM bonus - VSCodium - Binary releases of VS Code without MS branding/telemetry/licensing - hxxps://github.com/VSCodium/vscodium
25. 1 point

## First Crackme

Program cannot start because VMprotect dll is missing Are you sure this is using no packer or protector?
26. 1 point

## A new disassembler coming soon?

Compiling it is certainly for serious developers and paranoid reversers
27. 1 point

## A new disassembler coming soon?

Hmm think the forums are bugging out.. your post wasn't there for me @Progman when I made mine. But shows it was posted an hour ago now.
28. 1 point

## A new disassembler coming soon?

@atom0s and @deepzero we now also have a version 9.02 with some more fixes: https://ghidra-sre.org/ghidra_9.0.2_PUBLIC_20190403.zip Since serious reversers will want to download the source and not merely browse it, here is a directly link (and it weighs in at ~66mb, smaller than the distribution package even): https://github.com/NationalSecurityAgency/ghidra/archive/master.zip
29. 1 point

## A new disassembler coming soon?

Source Code of Ghidra Released:
30. 1 point

## The Free Programming E-Books Topic

The following Kindle e-books are free at the moment. You will need to amend the URL for your specific region if you are not in Australia... Command Line Kung Fu: Bash Scripting Tricks, Linux Shell Programming Tips, and Bash One-liners Linux Administration: The Linux Operating System and Command Line Guide for Linux Administrators Python Programming for Beginners: An Introduction to the Python Computer Language and Computer Programming (Python, Python 3, Python Tutorial) High Availability for the LAMP Stack: Eliminate Single Points of Failure and Increase Uptime for Your Linux, Apache, MySQL, and PHP Based Web Applications Machine Learning For Absolute Beginners: A Plain English Introduction (Second Edition) (Machine Learning For Beginners Book 1) Shell Scripting: How to Automate Command Line Tasks Using Bash Scripting and Shell Programming Ted.
31. 1 point

32. 1 point

## A new disassembler coming soon?

9.0.1 was released recently: https://ghidra-sre.org/releaseNotes.html
33. 1 point

## REDasm Disassembler

Hi! This is my first post on tuts4 you I hope that this is the right section, if not, please delete this post! Ok so... Few months ago I have made public my internal project called REDasm on GitHub. Basically it's a cross platform disassembler with an interactive listing (but it's still far, if compared to IDA's one) and it can be extended with its API in order to support new formats, assemblers and analyzers. Currently it supports: Portable Executable VB5/6 decompilation . It can detect Delphi executables, a decompiler is WIP. .NET support is WIP. Debug symbols are displayed, if available. ELF Executables Debug symbols are displayd, if available. DEX Executables Debug symbols are displayed, if available. x86 and x86_64 is supported. MIPS is supported and partially emulated. ARM support is implemented but still WIP. Dalvik assembler is supported. Most common assemblers are implemented by using Capstone library, Dalvik assembler is written manually and even the upcoming MSIL/CIL assembler will be implemented manually. The entire project is written in C++ and its UI is implemented with Qt5, internally, the disassembler is separated in two parts: LibREDasm and UI. LibREDasm doesn't contains any UI related dependencies, it's just pure C++, one day I will split it in two separate projects. Some links with source code, nightlies and wiki: Source Code: https://github.com/REDasmOrg/REDasm Nightly Builds (for Windows and Linux): https://github.com/REDasmOrg/REDasm-Builds Wiki: https://github.com/REDasmOrg/REDasm/wiki And some screenshots:
34. 1 point

## Congratulations Mr Exodia

I heard that Mr Exodia joined Denuvo very recently as an employee. Very hearty congratulations to our very much beloved Mr Exodia!!!! 🍻 I just hope that there would be no "conflict of interest" with his reversing hobby and that he would continue to post and release great work for all of us! 😁
35. 1 point

## Debugger Detected

How To Fix Debugger Detected In x64dbg Picture ProtectionID Scan
36. 1 point

AdvancedScript beta version it is beta version it could have bug, so please report and if u like to add more features let me know. version 2.5 beta : 1- Script window is sperate. 2- Create Folder for script,form Load script with category. 3- add more mirror Functions (xorx - pushx ...), and Functions like ( if , goto,writestr ) to shortcut the work. 4- show all variables in a list with it's values. 5- edit script onfly. 6- enable to define array with range like z[n]. 7- writestr Function. 8- run from anyware in the script. 9- rest variables list in case maintenance. 10- insert rows as much as you need. 11- insert from clipboard replace all script. 12- insert from clipboard inside the script. 13- copy separated lines to used in other script. 14- insert description without confusing . 15- add the dll file of c++ runtime for each package. 16- add some scripts samples. 17- as it is beta version so it support one step not auto step , use F12 for step, sorry for that I need to check if it work then I will add auto step :} note : I forget to say use (Scriptw) command to show the Script window , but git has stop working and copy the script sample to ur script folder in x64dbg folder and pls read the help first AdvancedScript_2.5beta.zip
37. 1 point

## Want to develop Antivirus

I think it's the best idea, you can later share your findings with the rest of the community, I'm sure we can learn from this.
38. 1 point

## Want to develop Antivirus

What if i reverse engineer an existing antivirus and develop my own. Thanks for your comment.
39. 1 point

43. 1 point

## Binary Patching a Firmware Image In Order to Hook Into its EP

Read the FULL ARTICLE HERE . Full SOURCES and set of tools can be DOWNLOADED FROM HERE . A PDF created from the website article is attached for the convenience of the readers. PRACTICAL uses : The principles discussed can be used for reversing the firmware of Routers, Dongles etc etc. Please note that while the author has focussed on firmware which is Open Source, the same principles can also be used for Closed-Source Firmware. Firmware Hooking - Using Capstone and Keystone.pdf
44. 1 point