Jump to content
Tuts 4 You

Leaderboard


Popular Content

Showing content with the highest reputation since 02/10/2019 in Posts

  1. 2 points
    slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/
  2. 1 point
    A hacker is someone who is inquisitive about how something works and likes to pull things apart to understand and innovate. How a hacker uses that information is what results in negative (or positive) connotations.
  3. 1 point
    native stub, managed file : he needed to drop the file on disk somewhere hidden ; i doubt there is anything malicious about that file, but it worth a look !
  4. 1 point
    For unpacking 1) cawk unpacker 2) dump after decryption 3) fix EP 4) Proxy call fixer by Davicore 5) Strings decryptor by CC 6) Switch killer by CC 7) Dump resources (empty) 😎 Clean cctor and <module>methods (maybe 4, 5 and 6 can be replaced by cawk unpacker again) I will check the key algo tomorrow, don't have time now. a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe -------------------------------------------------------- Username = "Usuario" Code = "161308" int length = username.length(); int num2 = length + 2 - 4 + 40 + 10; return Convert.ToString(419 * num2 * length - length); --------------------------------------------------- EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully.
  5. 1 point
    The Carnal0wnage blog has put up a nice summary of Android hackme/crackme challenges for those interested. http://carnal0wnage.attackresearch.com/2013/08/want-to-break-some-android-apps.html Have fun! -------------------------------------------- Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Android App testing requires some diverse skills depending on what you're trying to accomplish. Some app testing is like forensics, there's a ton of server side stuff with web services, and there's also times when you need to show failings in programmatic protections or features which requires reversing, debugging, or patching skills.To develop these skills you need some practice targets. Here's a list of all known Android security challenges, both app level vulns and crackme-type (RE/patching):In some cases the write-up and challenge starter info is included, in other cases you might have to Google around as some of these CTF's are old.** Should you need some help with configuring an Android pentest / Crackme environment, cktricky and CG have already written some pieces on that: http://carnal0wnage.attackresearch.com/search?q=android **Hacme Bank Android - Foundstone http://www.mcafee.com/us/downloads/free-tools/hacme-bank-android.aspxExploitMe Android - Security Compass http://securitycompass.github.io/AndroidLabs/InSecure Bank - Paladion http://www.paladion.net/downloadapp.htmlGoatDroid - OWASP and Nvisium Security https://github.com/jackMannino/OWASP-GoatDroid-ProjectIG Learner - Intrepidus Group https://play.google.com/store/apps/details?id=com.intrepidusgroup.learnerMoshZuk.apk Description - http://imthezuk.blogspot.com/2011/07/creating-vulnerable-android-application.html File - https://dl.dropboxusercontent.com/u/37776965/Work/MoshZuk.apkCrackme.de’s and deurus's Android Crackmes 1-4 ++ http://crackmes.de/users/deurus/android_crackme01/ http://crackmes.de/users/deurus/android_crackme02/ http://crackmes.de/users/deurus/android_crackme03/ http://crackmes.de/users/deurus/android_crackme04/ http://crackmes.de/users/pnluck/android_signme/Hackplayers.com Crackmes (in Spanish so an extra challenge) http://www.hackplayers.com/2010/12/reto-android-crackme1.html http://www.hackplayers.com/2011/12/reto-14-android-crackme2.htmlNuit du Hack's 2k12 & 2k11 (pre-quals and finals) Android Crackme’s http://blog.w3challs.com/index.php?post/2012/07/02/NDH2k12-wargame-CrackMe-Android http://blog.spiderboy.fr/tag/crackme/Hack.Lu's CTF 2011 Reverse Engineering 300 http://shell-storm.org/repo/CTF/Hacklu-2011/Reversing/Space%20Station%200xB321054A%20(300)/Androidcracking.blogspot.com's Crackme’s http://androidcracking.blogspot.com/2012/01/way-of-android-cracker-0-rewrite.html http://androidcracking.blogspot.com/2010/10/way-of-android-cracker-1.htmlBlueBox Android Challenge http://bluebox.com/labs/android-security-challenge/InsomniDroid Description - http://www.strazzere.com/blog/2012/03/488/ Partial Walkthrough - http://www.fortiguard.com/files/insomnichallenge.pdf (File) http://www.strazzere.com/crackmes/insomnidroid.apkCSAW2011 CTF Android Challenges Android 1 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android1%20-%20200%20Points/CSAW2011CTF.apk Android 2 file - http://shell-storm.org/repo/CTF/CSAW-2011/Forensics/Android2%20-%20400%20Points/CSAW2011CTF.apkDefcon 19 Quals b300 dex challenge http://shell-storm.org/repo/CTF/Defcon-19-quals/Binary_L33tness/b300/b300_b258110ad2d6100c4b8GreHack 2012 Reverse Engineering 100 http://repo.shell-storm.org/CTF/GreHack-2012/reverse_engineering/100-GrehAndroidMe.apk/Nullcon HackIM 2012 RE 300 http://www.nullcon.net/challenge/data/Null%20Mobile.apkC0C0N 2011 RE level 100 http://www.nullcon.net/challenge/c0c0n/data/cocon_apk.zipAtast CTF 2012 Bin 300 http://andromedactf.wordpress.com/2013/01/02/atast-ctf-2012-bin300chall5/SecuInside 2011 CTF Level 7 (level 3 is also android but i am unable to find the bin) Witeup - http://codeengn.com/archive/Reverse%20Engineering/Solution%20-%20CTF/2011%20SECUINSIDE%20CTF%20Write-up%20%5BCMU%5D.pdf File - http://big-daddy.fr/repository/CTF2011/SecuInside-CTF/Q7/WonderfulWidget.apk
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×