Leaderboard

Reverse Engineering Denuvo in Hogwarts Legacy Slides Sogen Emulator Source Ted.

Unfortunately you didn't include the entire command-line and the whole log. In general, this VS error indicates that VS cannot find the required include files. You either didn't run it from the "Developer command prompt for VS 2022" OR you don't have the the correct SDKs of Visual Studio installed, OR the PATH variable is borked in some way.. There are several workarounds: Option A: use a Python version from that time period. In my tests Python v3.9 works out of the box and doesn't even need VS Build Tools. Option B: change version requirements for the project: 1) make a folder for unlicense, say c:\projects\unlicense 2) open command prompt, change to that folder and clone the unlicense repo there: git clone https://github.com/ergrelet/unlicense.git . Or just download ZIP and unpack it into that folder. 3) edit pyproject.toml to change versions of python packages. For you, the most important is the xxhash version, pick one where there is a pre-compiled wheel file available for your version of Python. I'd use "^3.6" there, it seems to be compatible. If that does not work, try "^3.1", that's the oldest version with a pre-built v3.11 wheel. That should be enough for you. 4) run pip install . - it should run build process, find the pre-built packages in PyPI and happily use them, instead of compiling xxhash from source. Option C: try installing/building xxhash package and figure out what went wrong. Ain't got no time for that..

NtUserGetForegroundWindow also has to marked for some advanced targets In my tests Unlicense has some problems with virtualized entry points: sometimes the targets starts, sometimes it doesn't start.

@lpu random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. You shouldn't be making any assumptions - it's a crypto problem, not a guessing game. You were given all the data you need to solve it.

Totally forgot about this one. Place to patch to use @boot key and hwid on your pc: VMProtect_HWID_License.vmp.exe+7ED551 -> RAX 0 to 1.Both of them seem to be working just fine. SetSerial should provide successful message as well as VMCode. ScreenRecorderProject1_3.mp4

I am trying to compile Unlicense https://github.com/ergrelet/unlicense I've installed vs_BuildTools.exe VS 2022 However when I run: pip install git+https://github.com/ergrelet/unlicense.git I get: https://ibb.co/BKPT5MHf How to fix the above error?

The target has a license server that collects minimal, anonymized information about the launch. Information about debugger detections, code integrity violations, launches in virtual environment, etc. is also transmitted to the license server. Most likely, you simply did not reach the point where the application would display a MessageBox with a message about detecting a debugger. The debugger was detected by 3 out of 3 methods, ScyllaHide was unable to deceive any of them. The screenshot shows the log of your last target launch.

No, the above script won't work due to Themida anti-debug tricks, even if program starts with the debugger. I got to say: Themida is great protector. Too bad about antivirus detections like https://www.malwarebytes.com/blog/detections/riskware-patcher-themida I made some new updates to Unlicense: - fixed winlicense v3 detection for the above https://storage.custos.dev/ResourceCryptor_latest.7z - fixed imports for winlicense v3 x64 OEP still needs to be fixed as currently stops before real OEP; You could try --force_oep: --force_oep=0x0115E 0x0115E = OEP rva; as long as you know OEP rva. unlicenseFixed2.rar

rar file is password protected

I don't have hwid themida crackme. I have licensed Themida v3.1.8.0 Themida v3.2.2.22. Can someone test this, specially build for OPTION_ADVANCED_OEP_IAT_SCRAMBLE, but it must find OEP for standard options also. It is an x96dbg script; my first fixed x96dbg script: Themida v2.x.x.x OEP Finder fixed.txt https://workupload.com/file/n7nE5xJ9vCM

"THEMIDA OPTION_ADVANCED_OEP_IAT_SCRAMBLE" refers to a specific, advanced protection option within the Themida software protection tool. It is a setting that scrambles the Import Address Table (IAT) to make it harder for attackers to analyze the application's functions at the Original Entry Point (OEP), a key target for software cracking What it is: It's a Themida protection feature that modifies the Import Address Table (IAT). How it works: By scrambling the IAT, the option makes it significantly more difficult for attackers to identify and analyze the functions the program uses at its Original Entry Point (OEP). Purpose: The goal is to enhance the security of the application by complicating reverse-engineering and cracking attempts that often rely on manipulating the OEP and IAT. OPTION_ADVANCED_OEP_IAT_SCRAMBLE VALUE YES

This setting breaks existing public unpackers

Even TitanHide won't help against this target This is because most people do not know how to properly configure the protection options for Themida. Most just use the default settings.

And here is my first fix: fixed jmp dword ptr [import thunk] on old version was wrongly fixed by call dword ptr. imports_fixed1.rar

Many thanks. Python v3.9 did the trick. Other command line I have to run: pip install poetry pip install yapf poetry run unlicense instead of poetry run yapf -r -d unlicense

Here is little video i can make. tool I use.rar Edit: Rar Pas 1

damn it's already been taken down :/ thank you for trying to upload it anyways!

Hey! Some rabbit holes are fun to dive into. And sometimes you also don't realize you are in a rabbit hole 🙃 (Definitely guilty of that myself here 😅)

@Pau1 : random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. random text so that spoiler actually works. You went in the wrong direction.

This is a known issue, and there is an open bug report with the Invision team to have it resolved. Spoiler contents are also visible in search results too... Ted.

VMProtect v3.8.1 Ultra (Mutation + Virtualization) The target is an old software (from 2010) coded in c++, I just apply the VMP protection without any special code as I show in the two screenshots. All available protection features in VMProtect were used with this unpackme. Refer to the attached images for the specific protection settings used. Challenge is to unpack the file, providing an explanation and details on your methodology. File Information Submitter X0rby Submitted 04/17/2023 Category UnPackMe View File

.NET is kinda cool. Anyways AOB scan 0F 84 71 01 00 00 81 C6 then just flip JE -> JNE. 051B9F43 - 0F84 71010000 - je 051BA0BA in my case its on this address.

Based on your video, this might be another solution. It would be better if more details could be provided. e.g. How do you locate 7ED551h, etc.

Someone please share zero 2 automated reversing course. Thank you.

You can look for HydraDragonAntivirus/AutoNuitkaDecompiler: Get malware payload without dynamic analysis with this auto decompiler or my main project. I did with that. If you want dynamic analysis then Is Nuitka No Longer Secure? A Reverse Engineering Tool for Nuitka/Cython-Packed Applications — pymodhook | by qfcy | Medium (There more advanced special python code for pymodhook but it's closed source for vxnet and not made by me so I can't make it public) If you want both dynamic and static: Siradankullanici/nuitka-helper: Symbol Recovery Tool for Nuitka Binaries I did extract with stage1.py or nuitka-extractor extremecoders-re/nuitka-extractor: Tool to extract nuitka compiled executables (or just do dynamic analysis for extract and sometimes it can't extract or Nuitka compiles executable as dll so you need dll loader It seems like it becoming obsolete · Issue #15 · extremecoders-re/nuitka-extractor) my main project not stable but if he is become stable then he can detect is he nuitka and do auto extract with auto decompile and you get source code. Nuitka is actually hiding data in resources section in specia bytecode format. Actual source code starts from (u)python.exe or /python.exe (generally in broken executables) then you need look for <modulecode part for import recovery and Nuitka compiles with everything for obfuscation. So too many comment lines from file exists. You can detect junks by that line contains no u word. Which means this line is junk because u means go to next line in Nuitka bytecode. Nuitka is not obfuscated if he doesn't compile with everything otherwise it's obfuscated. You can improve my script by looking Nuitka bytecode source code. You can post to ay AI to recover code but Gemini is currently best for very long codes. Compared to other obfuscators you need pyarmor with Nuitka to make him more secure (or guardshield with pip install guardshield), otherwise it's easy task if there no too many imports. Rarely user disables compile everything even if the docs then your task much easier but in default Nuitka compiles everything. Nuitka clearly worser than Rust for some reason. 1) Antiviruses flags as malware because malware analysts can't understand Nuitka (even if they are too experinced they really don't know how to solve Nuitka) so you get false positives. 2) It's not good obfuscator and it's not creating millions of line hello world code via normal cython. I don't recommend python to use for avoid reverse engineering but you can still use it. If you want I can give all details which I know with tutorial or I can release my main project for auto Nuitka decomplication. My last words are don't use pyoxidizer, pyinstaller, cx_freeze if you want obfuscate your code because Nuitka is still best open source option for python. Nuitka can't remove python.h so the code must be pseudo python (Cython like style)

Seems like we have a winner! 👍

damn it! this is GENIOUS! (instead of WinAPI old dirty crap!!!) easy! just read the docs :) built a binary using that multi-precision lib: (left vs last build fom @Stuttered ) FileSizeCALC_0.0.11.zip

Update v0.0.10. Thx @jackyjask for pointing to the BigNumber library and assist. See attached. FileSizeCALC_v0.0.10.rar

Only because this is how the online app does it, I guess? this — PostimagesApp still needs some clean up, and the stretchable is fine. The internal VER I don't care about atm. Nice! I'll take a look at the changes.

not a bug just curiuos - why TB, PB lines are always showing e+-xxx scientific format? also would be nice to allow resizing the window as for big values one need to use scroller..... wow! why is that? :) nice to have - actual build -

Would yuo like send valid registration otherwise it's christmas day so I have free times for challenge this one for this last years? Merry Christmas day for everybody 🎂🍾🎉🎊😁🤭.

Antidebug is available in the final version

Sry, but super hyper antidebug,antihijack and etc. dosnt work also whit x64dbg .... You made the protection worse than ever, any cracker will break it. One jump and fake screen bye bye see my pic...

U use again some cheap trick heree but , u know result ..... Keep in mind that I cracked the latest dongles Guardant,Senselock and etc. this will that stop me? name: Mr.Leng key:B4HMR2CA76ACVESM2CL7A7X355RQ63RLGYYVW5VYEV48FWGJ8DZRJ44C78SFN3FF9PPF6UBUERAKCJUY9YJXGT3DXB9JX78A39YLBHUFUDGT @lengyue real hwid is here other vmp instruction u are add here on this target are bullshit rva:451904 Enigma shutdown.rar

let's give a try

Nice. How to do?

I need Tips on how to make enigma protector hard to bypass by check some boxes

Hi Short tutorial for bypass Safengine 2.4 HWID Regards. Safengine Short Tutorial.rar

Video_2024-02-12_112004.mp4 Regards. sean.

How to Unpack this VMProtect 3.5 Challenge - 2022/01/10 by @BlackHat Tutorial : Video Tutorial : Best Regards BlackHat awesome.vmp35_BH_unp.exe

Hi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quickly access API adresses (bp GetProcAddress) syntax highlighting, currently not customizable simple memory map (just addr+size+module+protection basically) The debugger has an easy GUI, for which we looked a lot at Olly Debug engine is TitanEngine, disassembler BeaEngine, icons are from various sources (see About dialog). We use QT for the GUI part. If you have a suggestion, a bug report, need more info, want to contribute, just post here or send me a private message. The latest public build + source can always be found on http://x64dbg.com (click 'Source'->'bin_public') to download the latest build. For now, you can also download the first 'alpha' here We would love to hear from you! Greetings, Mr. eXoDia & Sigma