Jump to content
Tuts 4 You

Leaderboard


Popular Content

Showing content with the highest reputation since 08/22/2019 in Posts

  1. 7 points
    Many years ago I wrote a software protector called MyAppSecured. Somewhere in the middle of porting it from Delphi to C++ I lost my interest in this project. Just found it on my HDD so I thought it might be helpful for someone. In short, the GUI of this protector is written in C++ and the protection stub in written in MASM. The C++ code loads a target in memory and adds 2 PE sections to it. One for the TLS callback code and one for the main code. The MASM stub will be written to those 2 sections. This protector has just 2 protection features: Analyze Immunity (anti-debug) and Memory Shield (anti debug-tools, OEP relocation). Note this is not a download-and-use-right-away protector. The code is written years ago so it's not very well written and also for some unknown reason the MASM stub could not be written into the 2 created sections. It did work very well years ago but I don't have the time to investigate why it doesn't work now. To be clear, the compiled exe file you will find in the package should run nicely but once you try to secure a exe file, that exe file is gonna be corrupted. This project is free for personal and commercial purposes. If you have any questions please ask, but keep in mind I abandoned this project and removed it from my HDD right after posting it here. Even if you are not gonna use this project it might be interesting to check the code. Some interesting stuff you might find there for your own project, such as emulating the CreateThreadW function in pure MASM, adding PE sections & relocation of OEP. MyAppSecured v1.00 Beta source.zip
  2. 4 points
    I have never used it before, but from the first look - it installs offline, doesn't require any activation or license key, you can create more than one sandbox (which was a limitation in unregistered versions) and "Forced programs" also works. Looks good to me. EDIT 2x: direct download links (REMOVED, as they apparently are time-limited)
  3. 3 points
    Finished, was harder than the usual but still got it -To beat this i modded oldrod in-place since there weren't commandlines that supported what i wanted to do. ObfuscationTest.exe
  4. 3 points
    https://community.sophos.com/products/sandboxie/f/forum/115109/major-sandboxie-news-sandboxie-is-now-a-free-tool-with-plans-to-transition-it-to-an-open-source-tool
  5. 3 points
    I used this in my MyAppSecured exe protector project. This code emulates the winAPI CreateThread using ZwCreateThread, in pure MASM, compiled in WinASM studio. Feel free to use it for your own projects. ZwCreateThread example.rar
  6. 3 points
    the scenario is @ A-target app B-a test app by you 1-get the XAML by DNSPY or Reflector 2-@B use the XAML make any modification and compile the project 3-extract the BAML from @B 4-replace the namspace then add it @A tested&working a demonstration https://workupload.com/file/RHt7JeCJ pass : b-at-s.info format:RAR5
  7. 2 points
    Batman week - all of the Arkham games and the three lego batman games currently free on epic. https://www.epicgames.com/store/en-US/collection/batman-free-week
  8. 2 points
    go @ : https://www.filehorse.com/download-sandboxie/ SHA1 compared w/ author site is the same @: https://www.sandboxie.com/AllVersions
  9. 2 points
    @LCF-AT : I recommend this https://www.httpdebugger.com/
  10. 2 points
  11. 2 points
    Well it was a lil harder than normal koivm but not that hard. 1) Made a quick tool that will change #Strings koi heap name to #Koi (Had to modify dnlib) 2) Run oldrod with "-rt 72b51d4140ae7ec413ebad02f2d22f9e.dll UnPackMe.exe" as arguments. 3) File devirted Edit: Tool to change heap name wasn't needed i just realised u can change through dnspy
  12. 2 points
    https://gchq.github.io/CyberChef/
  13. 1 point
    Used https://github.com/TobitoFatitoNulled/ArchangelUnCloaker WindowsApp1-UnClocked-Cracked.rar
  14. 1 point
    Used https://github.com/TobitoFatitoNulled/ArchangelUnCloaker and appfuscator tools by codecracker WindowsApp1-UnClocked_deobfuscated_strdec-Cracked.rar
  15. 1 point
    Never been a fan of Brave Browser (PC version). I have tried to love it many times. It always feels to me disjointed, broken and unpolished as if it is purely a theme over Chrome with custom extensions. I know this will not help answer your query and this is a borderline who's browser is better comment, I think you may find something like Vivaldi much more appealing. More polished, stable with a lot more settings and customisation's for you to spend hours fiddling with. If you just want something that works stick with Chrome or a pure Chromium build... Ted.
  16. 1 point
  17. 1 point
    @LCF-AT: Sorry about the inconvenience. At the time of posting links were tested from several IP addresses and were working. Please use official download site, or the other option mentioned by whoknows.
  18. 1 point
    @Loki HTTP debugger is able to intercept and modify traffic too, I think it's decent for seeing what happens in the background with an easy to use GUI I'm not promoting it but it saved me much time when I was testing some activation process via HTTP in the background
  19. 1 point
    damn so you can unpack themida but you can't search?
  20. 1 point
    As stated in their small FAQ on the link I posted: How do I get a free license? What features are included? Sandboxie currently uses a license key to activate and grant access to premium features only available to paid customers (as opposed to those using a free version). We have modified the code and have released an updated free version that does not restrict any features. In other words, the new free license will have access to all the features previously only available to paid customers.
  21. 1 point
    @misanthropik1:
  22. 1 point
    There are no guarantees O3 will be faster in all scenarios. /Os perhaps? Ted.
  23. 1 point
    Remember Microsoft PowerToys? It is back and available on GitHub for Windows 10... https://github.com/microsoft/PowerToys Ted.
  24. 1 point
    I have a console window. The problem was calling printf from cuda device (__global__ method). Finally I succeed: after adding at start of .cu file: #include "cuPrintf.cu" First time you should init cuPrintf it using: #ifdef DebugValues cudaPrintfInit(); // init print - first step of cuPrintf #endif Inside the __global__ method call cuPrintf like this: cuPrintf("a = %X, b = %X, c = %X, d = %X\n", a, b, c, d); The final step is calling: #ifdef DebugValues cudaPrintfDisplay(stdout, true); // part two of cuPrintf cudaPrintfEnd(); #endif All works fine now!
  25. 1 point
    Hi guys, a while ago I found that the VLC player has a problem to play some h26x encoded video files correctly from the start and does show or flashing black frames first.So I can see this problem more if I enable the loop mode in VLC.First I thought the video itself is the problem but other players like MPC-HS are playing the same video file correctly without any black flash.On internet I found also some posts about it with the hint to use a other VLC 2.2.0 version what works correctly and dosent show a black flash but I dont wanna use a old VLC version anymore and in the latest version 3.0.8 the problem is still present.So it seems to be a VLC issue or maybe any enabled / disabled VLC setting.My first question in this case would be whether anyone knows how to fix this problem in VLC? Next I tried to encode small video parts by myself using x264 compression to encode with VirtualDub1 & 2 and I got some diffrent results. If I am using VD1 to encode with x264 / mpeg-4 I get that black flash in VLC.In VD2 I have a 3 diffrent choices of this x264.All seems to be same only using diffrent driver names / 8 & 10 bit.Now if I encode a video part 3 times using all 3 diffrent x264 and I get one of them working with VLC without to get a black flash and the question is why.I did analyse all 3 video parts with ffmpeg and I got this results out. Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'C:\DM a.mp4': Metadata: major_brand : isom minor_version : 512 compatible_brands: isomiso2avc1mp41 encoder : Lavf57.78.100 Duration: 00:00:01.06, start: 0.000000, bitrate: 701 kb/s Stream #0:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p, 480x360 [SAR 1:1 DAR 4:3], 450 kb/s, 25 fps, 25 tbr, 12800 tbn, 50 tbc (default) Metadata: handler_name : VideoHandler Stream #0:1(und): Audio: aac (LC) (mp4a / 0x6134706D), 44100 Hz, stereo, fltp, 246 kb/s (default) Metadata: handler_name : SoundHandler At least one output file must be specified ----------------------------------------------------------- Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'C:\DM a2.mp4': Metadata: major_brand : isom minor_version : 512 compatible_brands: isomiso2avc1mp41 encoder : Lavf57.78.100 Duration: 00:00:01.06, start: 0.000000, bitrate: 534 kb/s Stream #0:0(und): Video: h264 (High) (avc1 / 0x31637661), yuv420p(tv, bt470bg/unknown/unknown), 480x360 [SAR 1:1 DAR 4:3], 276 kb/s, 25 fps, 25 tbr, 12800 tbn, 50 tbc (default) Metadata: handler_name : VideoHandler Stream #0:1(und): Audio: aac (LC) (mp4a / 0x6134706D), 44100 Hz, stereo, fltp, 246 kb/s (default) Metadata: handler_name : SoundHandler At least one output file must be specified ----------------------------------------------------------- Input #0, mov,mp4,m4a,3gp,3g2,mj2, from 'C:\DM a3.mp4': Metadata: major_brand : isom minor_version : 512 compatible_brands: isomiso2avc1mp41 encoder : Lavf57.78.100 Duration: 00:00:01.06, start: 0.000000, bitrate: 536 kb/s Stream #0:0(und): Video: h264 (High 10) (avc1 / 0x31637661), yuv420p10le(tv, bt470bg/unknown/unknown), 480x360 [SAR 1:1 DAR 4:3], 279 kb/s, 25 fps, 25 tbr, 12800 tbn, 50 tbc (default) Metadata: handler_name : VideoHandler Stream #0:1(und): Audio: aac (LC) (mp4a / 0x6134706D), 44100 Hz, stereo, fltp, 246 kb/s (default) Metadata: handler_name : SoundHandler At least one output file must be specified The first & second video parts showing that black flash in VLC player and the third video not.So I dont know why VLC does handle them diffrently and I would like to know why and how to fix it in VLC so that all 3 videos gets handled same on playback / loop you know.Maybe anyone does know what the problem is in VLC.Bellow I attached all diffrent 3 video parts (only one second runtime) for testing it etc.Maybe you can check this too in your VLC player to get problem like I get. DM a.mp4 = shows black flash in VLC not in MPC-HC DM a2.mp4 = shows black flash in VLC not in MPC-HC DM a3.mp4 = shows NO black flash in VLC All 3 video showing also NO black flash in VLC 2.2.0 version (I have test portable version) Just turn on the loop mode in VLC to see it. TestVideoSet.rar greetz
  26. 1 point
    Hi. Some good news: I've used include files directory (.h files) from an very old Poco and I've used libs from a newer Poco I've set POCO_STATIC in Preprocessor Definitions of all projects; now this thing works fine on all builds!
  27. 1 point
  28. 1 point
    You have to "deref" the iterator: dest.emplace(*l_p);
  29. 1 point
    Sure! See attached. crackme2.exe
  30. 1 point
    ext has plenty of limitations too depending on use case.... saying linux has better filesystems is a little subjective. FAT (in it's various forms) works as a fairly universal, simple solution in some cases.
  31. 1 point
    @Kura: There's no need to diff anything, everything is described in a very detailed fashion: https://research.checkpoint.com/extracting-code-execution-from-winrar/ Fix could be a simple in-place patch of unacev2.dll or maybe a small amount of code added to some codecave.
  32. 1 point
    Language : .NET Platform : Windows OS Version : All Packer / Protector : Modded KoiVM //Thnx XenoCodeRCE Description : Good Luck! İyi Şanslar! удачи Screenshot : Unpack ME.7z
  33. 1 point
    Hi Am4t3uR, yes thanks for this link.I really dont check why are they hiding some things like that and I need to search a wolf.In this case I do prefer Firefox simple method to go directly to changelog page.Anyway.I did download brave installer again and installed just over etc and now its updated.. Version 0.68.131 Chromium: 76.0.3809.100 (Offizieller Build) (32-Bit) ....strange method. greetz
  34. 1 point
    Hi, Lcf-At Hope that helps : https://github.com/brave/brave-browser/blob/master/CHANGELOG.md
  35. 1 point
    Exactly what i do now a days. Open your target app. find the xaml code in resource and save it... then create a wpf application into the visual studio and create a new test or dummy project. insert the saved xaml code into your project that you created. modify all the changes into the xaml that you edit into the wpf app. then compile the project. now open your project in the dnspy and go to resource and you will see xaml resources as baml. dont save it directly. save it with raw save baml resources. now again go to your target app and then delete your resoueces which you wanna change and create a new system.io resource and select tghe raw baml file which you saved using dnspy from the test or demo wpf project. now give the same name into the target and boom /// it will work good. i tested it.
  36. 1 point
    A better way to do this is - do all the change in Hex Format. Yes when you see in resources, you find xaml and you cant edit it. so just open file with hex editor and do changes !
  37. 1 point
    What features do you miss in my old tool ? creating a tracer for .NET requires knowledge in C++/COM technologies so it's not fun at all you can find several base projects on the web to build on but be ready for some fun with COM and interfaces
  38. 1 point
    https://github.com/Washi1337/Rivers I made one using this and read .net metadata and code using https://github.com/0xd4d/dnlib/ you should definitly look into this, the graph will will need work tho, mine looked very spiderweb-ish
  39. 1 point
    You can try modofied RegEx (compatible with javascript) ^"\/Date\((-?[0-9]+)(?:[a-zA-Z]|(?:\+|-)[0-9]{4})?\)\/" Matching: "/Date(-01234567890A)/" ^"\/Date\((-?[0-9]+)(?:[a-zA-Z] | (?:\+|-)[0-9]{4})?\)\/" or "|" Matching alternative: "/Date(-0123456789-1234)/ "/Date(-0123456789+1234)/
  40. 1 point
    Hi, uhhmm! Great!I was again not smart enough to see this.Sorry.But thank you for the link Progman. greetz
  41. 1 point
    Hi Any tutorial on how to patch HWID? I read sound's tutorial but it's in Chinese and I can't read Chinese, google translate was bad too.
  42. 1 point
    Not really a KeygenMe, but oh well.. Approach:
  43. 1 point
    No, thanks. Compared to Themida v2, the themida v3 does not have a great improvement over the VMs. There are two types of VMs in this UnPackMe, Dolphin and Tiger.
  44. 1 point
    I think nobody can unpack this protector because it's very hard.
  45. 1 point
    fix and tools in attach. example_fix.zip RGN Tools.zip
  46. 1 point
    Hi, I made a tool that interprets a vmp rsi-stream, it records the handlers (or vm instructions) and connects them via their data dependencies. This is how a JCC looks like The edges in this graph represent data dependencies. Sequences of nodes with one input and one output are collapsed into blocks. Green nodes are constant nodes. They do not depend on external values (such as CPU registers), unlike red nodes. The hex number left of a node is a step number, the right number is its result. Only const nodes (green) can have a result. The graph contains all nodes that directly or indirectly contribute to the lower right "loadcc" instruction. CMP/JCC in VMP works by executing an obfuscated version of the original CMP which also results in either zero or one. VMP then pushes 2 adresses to its stack (step 121f and 1209) and computes an address that points to either one, depending on zero/one result of the corresponding CMP (step 1265). It then simply loads from that computed address and uses its value for a JMP. The load that loads either address is represented by the "loadcc" node in the graph. Even though all puzzle pieces are here, it is still hard to figure out what the original CMP was, but luckily we have LLVM and luckily it isn't hard to lower the graph to LLVM IR: Godbolt Left is the graph as LLVM IR, middle is output of the optimizer, right is the optimized LLVM IR lowered to x64. The attachment contains the original x64 input, the complete vmp program as LLVM (not just the loadcc part), the optimized x64 (-O3) and an unoptimized version (-O0). The unopt version is interesting because it shows how vmp looks like after removing the junk but still leaving the handlers intact (RSI access is removed, RBP-stack is pre-baked to make it easier for the optimizer passes) I thought it was pretty impressive how LLVM's optimizer plows through the crap and produces such a beautiful result. That is all. Thanks for reading. testproc.zip
  47. 1 point
    Well apparently it jailbreaks devices which could potentially lead to data corruption.. Either way who uses apple stuff anyway.. lol
  48. 1 point
    Calm down my friend !. First and formost, no body asks you to invest your invaluable time to write scripts. It was just an usual question as you here and there, almost in every forum, ask people if they have any suggestions and/or improvements regarding your debugger so if you want to consider the suggestion by demon_da and me that's fine, if not all are up to you otherwise. Finally, please respect us and do not be so agressive and offensive at people by misuse words and expressions such as "You won't see it from me, ever." or "If you lack those, why are you even here?" as we could simply respond at the same low level. Further, I strongly have a firm view that you have no rights to assess whether we deserve to be members here or not !
  • Newsletter

    Want to keep up to date with all our latest news and information?
    Sign Up
×
×
  • Create New...