Jump to content
Tuts 4 You

Leaderboard

  1. CodeExplorer

    CodeExplorer

    Team Retired


    • Points

      263

    • Content Count

      2,745


  2. kao

    kao

    Full Member+


    • Points

      175

    • Content Count

      2,147


  3. LCF-AT

    LCF-AT

    Full Member+


    • Points

      121

    • Content Count

      4,612


  4. Teddy Rogers

    Teddy Rogers

    Administrator


    • Points

      100

    • Content Count

      7,809



Popular Content

Showing content with the highest reputation since 04/23/2018 in all areas

  1. 15 points
    Hi guys, I am a fan of FFmpeg CLI tool but its always hard to remember all commandline arguments if I didnt used it for a longer while and I can't find my notes about it (as always).Now I thought it would be a good idea to code a GUI tool where I can use FFmpeg with and store all commandline argument combinations I want into it to call and execute them quickly.I know there are already a few GUI tools out there for FFmpeg but they have some limitations and or are not my taste.So you know I have always a special taste and wanna combine all together in the best case.Now after few months I am done with a first version and wanna also share it with you guys. First Steps -------------------------------------------- Start the app and enter your FFmpeg path.If you dont have it then download a static build from FFmpeg.org or ffmpeg.zeranoe.com/builds/ Next should have installed the VLC player (2.2.6 in my case) How it works? -------------------------------------------- So the app has 2 diffrent GUIs.The main GUI you can use for media editing,converting etc all what you can do with FFmpeg commandline arguments.The seconds GUI I made specially for quick handling of streams to play download them plus more features which could be important. Features: Main GUI -------------------------------------------- -Quick analysis of files after drag & drop into the app and showing the info into it -Full analysis of file by MediaInfo or FFmpeg itself -Preview image of video files & quick playing by your video player -Three diffrent commandline edit controls in main GUI to execute with FFmpeg -Quick Mux / DeMux function to extract / add / change streams without re-encoding in Concat or Input mode -Window to see whole FFmpeg traffic -Storage listview to (add / delete / send / play / record / search) manage your commandlines and infos -NoFile (you can use FFmpeg like in a normal CMD window) Features: Quicky GUI -------------------------------------------- -Store and choose diffrent URLs by menu -Store and choose diffrent commandline args by menu -Store and choose diffrent pre commandline args by menu -Store and choose diffrent names by menu (Will used to save into file and showing in VLC) -Play,Download,Edit,Search functions etc -Store names and URLs into extra listview -Store and call till three custom request headers -Diffrent choosable request methods,user agents and optinal headers -Url checking (with or without SSL) -Reading pagesources -Finding URL extensions -Response Header -Switch View (CRLF) -JSON Viewer -URL Decoder -OnTop On/Off I also created a video with some examples how to use my app but the video was getting a little big with 50 MB so I am sorry for that.Inside you can also find some text files with infos.If something not works or if I forgot to explain some feature or anything else than just post a reply in this topic.Have fun and till later. PS: I also wanna send some extra special thanks to our member fearless who always helped me a lot (without getting crazy - I think so..) with all my coding questions I had.Thank you. Merry Christmas and greetz FFmpeg Quicky 1.0.rar
  2. 14 points
    Hi! This is my first post on tuts4 you I hope that this is the right section, if not, please delete this post! Ok so... Few months ago I have made public my internal project called REDasm on GitHub. Basically it's a cross platform disassembler with an interactive listing (but it's still far, if compared to IDA's one) and it can be extended with its API in order to support new formats, assemblers and analyzers. Currently it supports: Portable Executable VB5/6 decompilation . It can detect Delphi executables, a decompiler is WIP. .NET support is WIP. Debug symbols are displayed, if available. ELF Executables Debug symbols are displayd, if available. DEX Executables Debug symbols are displayed, if available. x86 and x86_64 is supported. MIPS is supported and partially emulated. ARM support is implemented but still WIP. Dalvik assembler is supported. Most common assemblers are implemented by using Capstone library, Dalvik assembler is written manually and even the upcoming MSIL/CIL assembler will be implemented manually. The entire project is written in C++ and its UI is implemented with Qt5, internally, the disassembler is separated in two parts: LibREDasm and UI. LibREDasm doesn't contains any UI related dependencies, it's just pure C++, one day I will split it in two separate projects. Some links with source code, nightlies and wiki: Source Code: https://github.com/REDasmOrg/REDasm Nightly Builds (for Windows and Linux): https://github.com/REDasmOrg/REDasm-Builds Wiki: https://github.com/REDasmOrg/REDasm/wiki And some screenshots:
  3. 13 points
    Hi, I made a tool that interprets a vmp rsi-stream, it records the handlers (or vm instructions) and connects them via their data dependencies. This is how a JCC looks like The edges in this graph represent data dependencies. Sequences of nodes with one input and one output are collapsed into blocks. Green nodes are constant nodes. They do not depend on external values (such as CPU registers), unlike red nodes. The hex number left of a node is a step number, the right number is its result. Only const nodes (green) can have a result. The graph contains all nodes that directly or indirectly contribute to the lower right "loadcc" instruction. CMP/JCC in VMP works by executing an obfuscated version of the original CMP which also results in either zero or one. VMP then pushes 2 adresses to its stack (step 121f and 1209) and computes an address that points to either one, depending on zero/one result of the corresponding CMP (step 1265). It then simply loads from that computed address and uses its value for a JMP. The load that loads either address is represented by the "loadcc" node in the graph. Even though all puzzle pieces are here, it is still hard to figure out what the original CMP was, but luckily we have LLVM and luckily it isn't hard to lower the graph to LLVM IR: Godbolt Left is the graph as LLVM IR, middle is output of the optimizer, right is the optimized LLVM IR lowered to x64. The attachment contains the original x64 input, the complete vmp program as LLVM (not just the loadcc part), the optimized x64 (-O3) and an unoptimized version (-O0). The unopt version is interesting because it shows how vmp looks like after removing the junk but still leaving the handlers intact (RSI access is removed, RBP-stack is pre-baked to make it easier for the optimizer passes) I thought it was pretty impressive how LLVM's optimizer plows through the crap and produces such a beautiful result. That is all. Thanks for reading. testproc.zip
  4. 9 points
    It's a really nice challenge, thank you! Pseudo-solution: Step 1: make type/function/variable names readable. De4dot to the rescue. Step 2: get some idea how the VM works. In this case, we have P-Code stored in MemoryStream and stream.Position tells us which instruction we're currently executing (aka. EIP). Step 3: put some smart breakpoints and trace execution of the VM. We're looking for good boy/bad boy jumps, so focus on changes in stream.Position. I put a breakpoint in UnmanagedMemoryStream.Seek: Step 4: look at the log data and identify good boy/bad boy jump. In my case, logged data with some comments looked like this. So, we need to trace few instructions starting from EIP=16F4. Turns out that comparison instruction is at EIP=172B and good boy jump is EIP=173D. Step 5: patch P-Code or VM engine. I decided to patch P-Code directly, as integrity checks for the P-Code were not enabled. I changed comparison instruction to compare 2 identical values, so the check always succeeds and good boy jump is always taken. Mission accomplished. EDIT: attached file should not be in the middle of sentence. Out-patched-by-kao.zip
  5. 8 points
    Hello All 😁 this's my first post in Tuts 4 You , Hope it won't be the last 😅 Cmulator is ( x86 - x64 ) Scriptable Reverse Engineering Sandbox Emulator for shellcode and PE binaries Based on Unicorn & Capstone Engine & javascript . https://github.com/Coldzer0/Cmulator this's a work of 3 months , and the Development is Active , the project is fully written in FreePascal 😎 i'm planning to port the project "C" so it last longer ( so we get more contributors ) . Hope you find it useful
  6. 8 points
  7. 7 points
    just a try to add more feature's to x64dbg script system History Section: - version 2.0: 1-all numbers are hex numbers. 2-more nested in arguments. 3-Build bridge to make plugin system Compatible with x64dbg script system. 4-create parallel Functions to x64dbg Functions, like ( cmp >> cmpx ). 5-rename new name (Varx Getx Setx) and fix array index entry. 6-add VarxClear ( clear all variable to help user in test's ) , memdump with print style. - version 1.6: 1- add Parser system to recognize arguments. 2- begin build Script system. 3- add more Helper Functions. - version 1.4: 1- make StrCompx in separate Thread and add Sleep time to wait x64dbg to finish process. 2- Fix Hex2duint function add length check in case it less than 2 . - version 1.3: 1- Add another argument to cbLogxJustAtBP for printing on LogxWindow. 2- now it accept bool argument like this (true/false-on/off-1/0). 3- add StrComp_BP function for compare string in memory at BP. 4- compiled x32. Source Code: https://github.com/Ahmadmansoor/AdvancedScript If you find it useful please let me know, and if you want to add more feature's please leave a comment. support both x86 and x64 BR AdvancedScript.v2.0.rar
  8. 7 points
    Done! This has been added for your user group. I will see how this progresses. Obviously there is a possibility this could be abused by members however I currently trust persons in this group will use it appropriately. Done! You can now download PM's individually or bulk in HTML. The output HTML template is a bit crude. If you have some suggestions I'll contact the developer and propose the ideas with some of my own. Of the other suggestions proposed here I will reply to you all after I have thought them over and have appropriate time to reply accordingly. Thank you! Ted.
  9. 6 points
    Strings plugin for x64dbg. Download: https://github.com/horsicq/stringsx64dbg/releases Sources: https://github.com/horsicq/stringsx64dbg/ More Info: http://n10info.blogspot.com/2019/03/strings-plugin-for-x64dbg.html
  10. 6 points
    For unpacking 1) cawk unpacker 2) dump after decryption 3) fix EP 4) Proxy call fixer by Davicore 5) Strings decryptor by CC 6) Switch killer by CC 7) Dump resources (empty) 😎 Clean cctor and <module>methods (maybe 4, 5 and 6 can be replaced by cawk unpacker again) I will check the key algo tomorrow, don't have time now. a29p-EP-anti2_noproxy_stringdec-cleaned_deobfuscated-res2-cctor-module.exe -------------------------------------------------------- Username = "Usuario" Code = "161308" int length = username.length(); int num2 = length + 2 - 4 + 40 + 10; return Convert.ToString(419 * num2 * length - length); --------------------------------------------------- EDIT2: I have received a few PMs asking how to fix EP, so I will post the videos I used as reference here. Following this 2 videos you should be able to unpack confuserex fully.
  11. 6 points
    The FireEye Labs Advanced Reverse Engineering (FLARE) team’s annual reverse engineering challenge will start at 8:00 p.m. ET on Aug. 24, 2018. This is a CTF-style challenge for all active and aspiring reverse engineers, malware analysts, and security professionals. So dust off your disassembler, put a new coat of oil on your old debugger, and get your favorite chat client ready to futilely beg your friends for help. Once again, this contest is designed for individuals, not teams, and it is a single track of challenges. The contest runs for six full weeks and ends at 8:00 p.m. ET on Oct. 5, 2018. This year’s contest will once again host a total of 12 challenges covering architectures from x86, x64 on Windows, Java, .NET, Webassembly, and Linux, with special appearances of Bootloaders and Bootkits. This is one of the only Windows-centric CTF challenges out there and we have crafted it to represent the skills and challenges of our workload on the FLARE team. If you complete the Flare-On Challenge you will receive a prize and permanent recognition on the flare-on.com website for your accomplishment. Prize details will be revealed when the contest ends, but as always, it will be something that will be coveted and envied by your peers. In prior years we’ve had rodeo belt buckles, replica police badges, challenge coins, and a huge pin. Check out the Flare-On website for a live countdown timer and to see the previous year’s winners. For official news and support we will be using the Twitter hashtag: #flareon5. 9 days left, better brush up your skills and make sure your tools are in good order! Official site: http://www.flare-on.com/
  12. 6 points
    Yes, it's still active: I'm working on version 2.0 on the "next" branch, GitHub doesn't show branch activities. I have posted a video preview on Twitter few days ago which shows the upgraded engine in action along with the brand new disassembly widget. NOTE: Some parts of the UI are still disabled in that video, I have attached a screenshot with the latest enhancements here (the UI is still ugly, I'm planning to clearing up a bit).
  13. 6 points
    Hello. Who the heck designed the new security requirements as far as passwords for this forum? Its absolutely insane. This time I submit a fully devirtualized version of the aforementioned crackme for the 64 bit version of VMP. Of course, I didn't work on this entirely by myself, it was more like a joint project with other reversers that are no strangers to this forum. Because we all had the same interests (code deobfuscation/VMs devirtualization/Unpacking) we decide to create our own group, where we essentially reverse some well known protectors for PE files. Current group members: @fvrmatteo @SmilingWolf @mrexodia @xSRTsect @Raham @root @Downpour People involved in the coding of the 64 bit VMP devirtualization tool: @fvrmatteo, @SmilingWolf, @mrexodia, @xSRTsect. The tools will never be released. There is a tiny chance that an outsider can join our group IFF you have pwned an interesting protector and you are willing to share your insight with our group or you are willing to impress us with some mad unpacking / deobfuscation skills. Best Regards, The European Reversers Alliance. Edit: Added gay @ symbols to the nicknames (some people really wanted that). And added a more gay version of the devirtualized binary which is essentially the same but with the devirtualized functions linked statically. devirtualized.rar inlined_version_ERA.7z
  14. 5 points
    Hi there, With few guys we made a zoo dedicated to malware targeting ATM platforms, as far as i know nobody has made a similar public project so voila. You will find here malwares that specifically targets ATMs, and reports (notice) about them. Files of interest got harvested from kernelmode.info, but also virustotal and various other services and peoples interested about the project. I'm using binGraph, pedump, Python, bintext, for the engine on reports. Some samples exist in 'duplicate' on the wall (we also provide unpacks for few files), if it is the case: it's mentioned on the report. We have hashs who are without references (i mean not associated in a white paper or something) thoses files are regrouped on the statistics page, we tried to make the stat page interesting enough for everyone to have fun exploring the zoo from the stats. We have IoCs that others seem to don't have, e.g kaspersky report about winpot, that leaded also to funny react from ppl selling it no worry, everyone have it now. We have also a page that includes some yara rules for detecting some of these malwares, and a page with goodies, voila! Everything provided in old skool style, intro also available! CyberCrime quality http://atm.cybercrime-tracker.net/ Feedback welcome, enjoy the ride ! 💳🏧
  15. 5 points
    Language : .NET Platform : .NET/Mono OS Version : All Packer / Protector : Custom Description : This is something I've stopped working on over the last few months, but if someone's interested in taking up the project with me I'll gladly accept. The original password is hashed to prevent string equality hooking, so the goal here is just to make it respond correctly. Cracking : If you do crack this, please post in the thread (or DM me) about how you did it. It doesn't have to be step-by-step; a simple "after doing X all you need to do is Y" is fine. If you have any suggestions for additional obfuscation, please include those as well. Any method is acceptable (besides printing the correct string yourself):^) Screenshots are attached. Out.exe
  16. 5 points
    Anti Debugging Protection Techniques With Examples: https://www.apriorit.com/dev-blog/367-anti-reverse-engineering-protection-techniques-to-use-before-releasing-software
  17. 5 points
    Challenge of Reverse Engineering - Rules and Guidelines All challenges will be reviewed and approved prior to them being made public. You must use and adhere to the above template (when submitting a challenge) and the template in the post below (when submitting an answer/solution). A challenge is regarded as being solved only when a successful solution has been posted containing a tutorial or a detailed explanation. Solutions posted without any information will remain hidden from public view until a tutorial or detailed explanation has been submitted. The challenge will continue to remain unsolved. Please allow up to 48 hours for challenges and solutions to be reviewed.
  18. 5 points
    It is indeed true that I work for Denuvo and this is public information you can see at my LinkedIn profile. We use x64dbg at work and I have assured that there in no conflicts of interest in that regard. I keep working on features I need like always. However I would like to say that those “rumors” don’t exist and my employer has no influence about what I do or say online. If you feel like you have some questions related to those “rumors” @p4r4d0x (or anybody else) you can ask those things to me directly instead of going deep in conspiracies that you hear from “senior reversers”. With regards to breaking communities, there is absolutely zero benefit like @Progman noted. The reversing community as a whole has been going downhill in my opinion for years now and if anything we need more people sharing information online, not less. @Kurapica I will keep sharing my tools and knowledge as always. Nowadays I’m more active on Github and Stack Exchange than these (and other) forums, but I’m sure you can appreciate how your available time changes if you start your first full time job 😀 Also only few people seem to write my nickname as I like it nowadays: “mrexodia”, which is surprising
  19. 5 points
    Reverse-Engineering WebAssembly binaries: https://www.forcepoint.com/blog/security-labs/analyzing-webassembly-binaries Best Regards, Evilcry
  20. 5 points

    Version 1.0.0

    27 downloads

    hotkeys: m: (play/stop music) f1: (switch fullscreen/windows) f3: (nfo reader) elite: (hidden part) esc: (quit)
  21. 5 points
    It's official - I finished as #4 this year! Subjectively - first challenges are a bit harder than last year, probably due to the exotic targets (wasm, webinjects, etc..). All in all, I enjoyed it immensely!
  22. 5 points
    Does anyone even really care about the stupid 'scene rules' anymore? Who cares what some elitists want to state is required for something. If they can make the game run anywhere with or without Denuvo fully removed, that is what the players want. None of them care about the scene or what is still left in the exe as long as it works and plays.
  23. 5 points
    intel x86 / x64 opcode reference manuals (i think you can download them in pdf form on their site somewhere) then writing some apps in asm to get a grip for masm etc, or in c and then debug them to see how things work then lena's tuts (i've never used them though, i taught myself a long time ago, where i'd dl the opcode ref's and study them offline (inet connection was a rarity at the time for me)) pencil (to undo mistakes) and paper, to make notes, and lots of them tools like hiew, ida (never really liked ida too much as i thought it was slow), olly, x64dbg etc etc and referencing sites like this one, the masm32 site, woodmann and some others time and patience, and doing some homework before asking for help / pointers (i usually wont help people who want to get everything spoonfed to them or ask for videos etc or think they're somehow entitled)
  24. 5 points
    Unpackers tools - source code C# My source code: https://gitlab.com/CodeCracker https://github.com/CodeCrackerSND https://bitbucket.org/CodeCrackerSND/ I will NOT share (anymore) the rest of my tools!
  25. 5 points
    @unavailable: Don't give up! The success is by perseverance!! Cracking is a long process. I lost my interest on cracking programs, but I will still make some RE tools and try to help people the way I can.
  26. 5 points
    Hi In this method we're using dlls as loader, Some system files(I'm just tested dll files) can load from outside of system directory so we can use them to patch files !! Most "Delphi" and "Dotnet applications" loads "version.dll" by default so we can use this file as loader for them ! Best Regards, h4sh3m version.rar
  27. 5 points
    Crashing on my Win10 inside VMware as well. Windows Defender stopped, no other AV. It's a perfect protection - if nobody can run it, nobody can crack it.
  28. 4 points
  29. 4 points
    Hey all! I recently came across this neat paper here: https://tel.archives-ouvertes.fr/tel-01623849/document where they used what they called "Mixed-Boolean Arithmetic" to obfuscate arithmetic expressions, and then showed ways to deobfuscate them. Looking a the deobfuscation methods, they seemed largely either pattern-based or wouldn't work when bigger numbers were involved. So I thought to myself, "How can I mess with this?" Well, first things first, they have no concrete method there for creating these expressions. There are two pages total dedicated to the creation of these expressions, so I had to get creative to make it work. They describe using numpy to solve the matrix equation created and using a hack-y method to circumvent not having a square matrix, but I thought that I could do a bit better... Enter two painstaking days of learning linear algebra and figuring out exactly what I needed to do. They start by computing the truth tables of some expressions, putting them into a matrix as columns, then solving for the vector that, when using the dot product on the vector and the matrix, returned zero. After that, they filtered out various "rewrite rules" from the matrix generated. You can read more about this in the paper, though there's not much to go off of. They use numpy's linalg.solve to do this, but that only works with square matrices and produced results with constants that were a tad small for my taste :^) After a bit of research I found a python module called cvxpy, designed to find values that satisfy an expression under certain constraints. Even cooler was that you could specify matrix equations and integer-only solutions, which is exactly what I needed. After tinkering with it for a bit, I was able to reliably create expressions like these (representing a xor b): -27540 * (~a & b) + 373574 * (~a ^ ~b) + -27541 * (a & ~b) + -27541 * (~a & b) + -11 * (a + b) + -30436 * (~a & ~b) + -30436 * (~a * ~b) + 137712 * (a * ~b) + -27544 * (~a) + 1 * (b) + 3 * (~a + ~b) + -221347 * (~a - ~b) + 13 * (a + b) + -2 * (a) + -30454 * (~a + ~b) + -30454 * (~a + ~b) + -3 * (b) + -30449 * (a | b) + -27546 * (~b) 3672455 * (~a * b) + -362611 * (a ^ b) + 78113 * (a) + -524636 * (~b) + -524636 * (a ^ ~b) + 78113 * (a) + -524636 * (~a | b) + -362611 * (a ^ b) + -959545 * (a | b) + -78113 * (a - b) + -959545 * (~a + ~b) + -524636 * (~a) + 142249 * (a + b) + -959544 * (~a + ~b) + 142249 * (a + b) + -524637 * (a - ~b) + -524637 * (~a) + -524637 * (a & ~b) + 3241246 * (~a ^ ~b) Using truth tables modulo 4 instead of modulo 2 I was also able to compute equivalencies for multiplication, which was pretty neato. However, using the same method of computing the truth table and finding an equivalent expression you can reverse this sort of operation. I'll leave that as an exercise to the reader. EDIT: As a friend of mine pointed out, this will work with any operation that can be reducible to boolean math (i.e. xor, addition, subtraction, multiplication), not just arithmetic operations.
  30. 4 points

    Version

    11,516 downloads

    Many of you may be amazed at Guru LCF-AT's script "VMProtect API Turbo Tracer 1.2". But for most of the newbies, just like me, you may have a lot of problems in getting the script work properly in your own Ollydbg. LCF-AT already uploaded a lot of Ollydbg setting information togehter with the script to help us fix those Ollydbg problems, but there are too many details. Yes, I suffered a lot at the inital stage when I was trying to use "VMProtect API Turbo Tracer 1.1" by my chinese version "Terminator Ollydbg 1.1.0". Under LCF-AT's kind help, I created this basic version Ollydbg 1.1.0, which is specially for running "VMProtect API Turbo Tracer 1.1". And it works smoothly in my laptop, with Windows XP Professional SP3. If you like, get it and give it a try. Enjoy Cracking!!
  31. 4 points
    How to become a Hack... .... greetz
  32. 4 points
    slugsnacks reversing series by c0lo: Link: https://kienmanowar.wordpress.com/slugsnacks-reversing-series-by-c0lo/slugsnacks-reversing-series-5/
  33. 4 points
    AdvancedScript beta version it is beta version it could have bug, so please report and if u like to add more features let me know. version 2.5 beta : 1- Script window is sperate. 2- Create Folder for script,form Load script with category. 3- add more mirror Functions (xorx - pushx ...), and Functions like ( if , goto,writestr ) to shortcut the work. 4- show all variables in a list with it's values. 5- edit script onfly. 6- enable to define array with range like z[n]. 7- writestr Function. 8- run from anyware in the script. 9- rest variables list in case maintenance. 10- insert rows as much as you need. 11- insert from clipboard replace all script. 12- insert from clipboard inside the script. 13- copy separated lines to used in other script. 14- insert description without confusing . 15- add the dll file of c++ runtime for each package. 16- add some scripts samples. 17- as it is beta version so it support one step not auto step , use F12 for step, sorry for that I need to check if it work then I will add auto step :} note : I forget to say use (Scriptw) command to show the Script window , but git has stop working and copy the script sample to ur script folder in x64dbg folder and pls read the help first AdvancedScript_2.5beta.zip
  34. 4 points
    Forum Ideas / Suggestions Some ideas that could potentially bring some life back into the forum and get things more active. Ranks - While this is a more of a gimmick type thing, a lot of people do focus on their status of a forum. Even if that status is nothing more than superficial text/colors. Active members that are liked a lot, thanked a lot and contribute to the site could have extra "glitter" added to their post information to the left where our name/avatar/post count etc. is. Something that shows the reputation in a more significant manner, newer ranks based on reputation and post counts, etc. could help give people incentive to share things. Badges/Awards - Another gimmick type thing, some extra flair to the users information to the left again, badges can be used to show various things such as post/reputation milestones. There are tons of different things that can earn a badge such as a post that has hit a certain amount of likes, a download that has been downloaded at least a certain number of times, etc. There are so many different things that can have a badge attached to it to give users ways to earn all kinds of things by helping out. Usergroup Images - Instead of just text, perhaps some images to add some more bling. Monthly MVP's / User Spotlights - To encourage people to be active and help/support others, post things and so on, we could have community voted MVP's each month, or user spotlights as a way to say thanks to a member for doing things that help the community. Someone that posts a lot of tutorials, explains things well to others, completes challenges with good answers/tutorials, etc. Most of these things are nothing more than just gimmicks but a lot of people like to see themselves earning something, even if it means nothing, while being part of a site. A great example of these kinds of systems in place are on sites like HackForums, UnknownCheats, and similar game hacking forums. These do not need to carry any type of weight or anything other than just being something earned for helping the site.
  35. 4 points
    Unpacked Use any long key to pass checks. GetMe_unp.zip
  36. 4 points
    Hi, sorry I wasn't online for so long. I am still alive 🙂 but I had a HDD crash and lost almost everything including account information. Today I was able to recover some account information from a forgotten USB stick. At least the forum here + bitbucket/github account. So I may be able to work on the projects again 🙂
  37. 4 points
    Find it funny how the agitator creates the topic to try and bring attention to what he had to post later on Puny schemes. People just have lives; RE isn't going anywhere. Same as there's been one generation of smart, skilled and enthused people, others will follow. Circle of life. What I do find funny is how this "high-level programming" works even with big companies, such as Denuvo. I put quotes because same as Java relies on a ton of shit OTHER people wrote across time, which they now just import, similarly Denuvo relies on VMProtect to shield whatever crap they've got going on. Were it not for it, we'd have gotten ourselves the ol' time SecuROM/SafeDisc fiascos. I digress.. Congrats, ExoD And keep it up, love your work.
  38. 4 points
    @p4r4d0x: enough already! If you can't stop whining about exetools and techlord, please go away - as this behavior is not bringing anything useful to this forum. :@ @mrexodia: I wish you all the best in your new job. You're extremely skillful person and I'm sure you'll enjoy the challenges this line of work will bring. And remember to learn as much new stuff as possible!
  39. 4 points
    Hi. its month after challenge v2, but i had free time just now, to work on target. Result of both Key 1 & 2 are identical compared to Protected file. Kind Regards devirtualizeme32_vmp_3.0.9_v2_DeVM_Final_OK.exe
  40. 4 points
    Hello All, I created my first reverse engineering project. It's an open source loader called patchya, It's not strong as dUP yet. I am planning to port it to Linux and to add more features as anti anti debugging tricks. Would appreciate any feedback! Github project: https://github.com/misaleh/patchya
  41. 4 points
    Doesnt matter what the players want, if the protector isnt fully defeated/removed it's not a proper crack.The purpose isnt to bring players a playable game but rather to crack the protector.
  42. 4 points
    To store all the paths you could use an INI-File with a structure like: [Settings] Count = Number of paths [0] Path = Path to the program to execute Param = Parameter value ... You could read the Count and Param value with GetPrivateProfileInt and the path with GetPrivateProfileString. To store the path and parameter you can create a structure in MASM that holds both values and allocate memory to store the stuff inside. After loading the INI-File you can iterate through your array and compare the Param attribute and execute the program if it's a match. This may not be the best solution but it should be pretty simple.
  43. 4 points
    SHADOW_YXXIZQ 8HG DNJ 656 8J5 KN8 65K NHF IU4 3JK NGD
  44. 4 points
    ..and with one known key it's perfectly solvable. All credits go to @Reza-HNA for deobfuscating the keygenme. After that, it was a piece of cake. Keygen is not obfuscated in any way, so anyone can take a look how it's done. keygen for Newbe KeygenMe1.zip
  45. 4 points
    You didn't do that right. Try again. Malware copies itself to %AppData%\Roaming\ProSoft\ProSoft.exe Then it creates svchost.exe process, decrypts the actual password stealer and injects it there. Password steal will connect to secure.jagexlaucher.top and send stolen data. That's all you need to know to analyze it.
  46. 4 points
    See ECMA335, read ".NET IL Assembler" by Serge Lidin or search .NET Core for ENC_MODEL_STREAM_A "#~" is the standard "compressed" stream. "#-" is an "uncompressed/unoptimized" stream that can contain deleted items, items from edit-and-continue operation in VS, etc.
  47. 3 points
    Apparently, a "new" disassembler made by the NSA (lol) named "GHIDRA" is going to be released at the RSA conference in ~2 months for free. Its made in Java, and seems to have a fully functioning decompiler. Not much more details were released other then that, but it seems interesting as a competitor to IDA. https://www.rsaconference.com/events/us19/agenda/sessions/16608-come-get-your-free-nsa-reverse-engineering-tool
  48. 3 points
    Non-working on 32bit Win7 with .NET 4.6.2. Non-working on 64bit Win7 with .NET 4.5.1. Non-working on 64bit Win7 with .NET 4.6.2. Non-working on 64bit Win7 with .NET 4.7.1. Get your shit together or GTFO.
  49. 3 points
    Well, I was working on it too and unpacked it but did nto have time to clean it well enough to my liking. However, as you can see from my screenshot below, its unpacked and clean enough to give us the solution : Best Regards :)
  50. 3 points
    private void btnGo_Click(object sender, EventArgs e) { this.txtOutput.Text = main.smethod_0(this.txtInput.Text); } private static string smethod_0(string string_0) { byte[] bytes = Encoding.UTF8.GetBytes("5myd2VTtPqB7dJ0i"); byte[] bytes2 = Encoding.UTF8.GetBytes(string_0); byte[] bytes3 = new PasswordDeriveBytes("uh oh... looks like i've been unpacked", null).GetBytes(32); ICryptoTransform transform = new RijndaelManaged { Mode = CipherMode.CBC }.CreateEncryptor(bytes3, bytes); MemoryStream memoryStream = new MemoryStream(); CryptoStream cryptoStream = new CryptoStream(memoryStream, transform, CryptoStreamMode.Write); cryptoStream.Write(bytes2, 0, bytes2.Length); cryptoStream.FlushFinalBlock(); byte[] inArray = memoryStream.ToArray(); memoryStream.Close(); cryptoStream.Close(); return new string(Convert.ToBase64String(inArray).ToArray<char>().Reverse<char>().ToArray<char>()).Replace("=", string.Empty); } unpack-me_.exe
  • Newsletter

    Want to keep up to date with all our latest news and information?

    Sign Up
×
×
  • Create New...