Leaderboard
-
CodeExplorer
Team Member38Points4,418Posts -
Little Rookie
Junior+7Points25Posts -
Kurapica
Full Member+7Points1,127Posts -
GautamGreat
Full Member3Points214Posts
Popular Content
Showing content with the highest reputation since 11/07/2025 in all areas
-
3 pointsNo, the above script won't work due to Themida anti-debug tricks, even if program starts with the debugger. I got to say: Themida is great protector. Too bad about antivirus detections like https://www.malwarebytes.com/blog/detections/riskware-patcher-themida I made some new updates to Unlicense: - fixed winlicense v3 detection for the above https://storage.custos.dev/ResourceCryptor_latest.7z - fixed imports for winlicense v3 x64 OEP still needs to be fixed as currently stops before real OEP; You could try --force_oep: --force_oep=0x0115E 0x0115E = OEP rva; as long as you know OEP rva. unlicenseFixed2.rar3 points
-
1 pointOnly a moderator or the author can mark as solved. I have removed solved status for this challenge. If there are posts incorrectly marked as solved please report or send me a PM... Ted.1 point -
1 point -
Hi unfortunately you can't find correct hwid from license key1 point -
1 pointHi guys, I've been working on an Appfuscator string decryptor which I used on a malware called Gremlin Stealer ( https://bazaar.abuse.ch/sample/d21c8a005125a27c49343e7b5b612fc51160b6ae9eefa0a0620f67fa4d0a30f6/ ). I used the AsmResolver library. It still needs two things: replace variables by their value and patch ternary operators to decrypt all the strings. I guess I need to look at the control flow graph for that. You can take a look and even contribute or give suggestions on how to approach the problems. GitHubGitHub - lowlevel01/deGremlin: Decrypt and Patch strings...Decrypt and Patch strings obfuscated with Appfuscator. Tested on Gremlin Stealer. - lowlevel01/deGremlin1 point -
1 pointThe target has a license server that collects minimal, anonymized information about the launch. Information about debugger detections, code integrity violations, launches in virtual environment, etc. is also transmitted to the license server. Most likely, you simply did not reach the point where the application would display a MessageBox with a message about detecting a debugger. The debugger was detected by 3 out of 3 methods, ScyllaHide was unable to deceive any of them. The screenshot shows the log of your last target launch.
1 point -
rar file is password protected1 point -
1 point"THEMIDA OPTION_ADVANCED_OEP_IAT_SCRAMBLE" refers to a specific, advanced protection option within the Themida software protection tool. It is a setting that scrambles the Import Address Table (IAT) to make it harder for attackers to analyze the application's functions at the Original Entry Point (OEP), a key target for software cracking What it is: It's a Themida protection feature that modifies the Import Address Table (IAT). How it works: By scrambling the IAT, the option makes it significantly more difficult for attackers to identify and analyze the functions the program uses at its Original Entry Point (OEP). Purpose: The goal is to enhance the security of the application by complicating reverse-engineering and cracking attempts that often rely on manipulating the OEP and IAT. OPTION_ADVANCED_OEP_IAT_SCRAMBLE VALUE YES1 point
-
1 point
-
1 pointAnd here is my first fix: fixed jmp dword ptr [import thunk] on old version was wrongly fixed by call dword ptr. imports_fixed1.rar1 point
-
Hi Short tutorial for bypass Safengine 2.4 HWID Regards. Safengine Short Tutorial.rar1 point
-
1 point -
I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. So the tutorial [videos + text tutorial] is very long and has a run-time of more than three hours and of course it will be necessary that you also read the text parts I made at the same time if possible but if you are already a advanced user then you will have it easier than a newbie. So I hope that you have enough patience to work through the whole tutorial. So the main attention I set on all things which happen after normal unpacking so the unpack process is the simplest part and all what comes after is the most interesting part and how to deal with all problems that happen. It's more or less like a live unpack session. I also wrote some small basic little helper scripts which you can also use for other targets to get valuable information if you need. Short summation: Unpacking Exception analysing VM analysing with UV plugin AntiDump's find & fixing & redirecting "after fix method" Testing on other OS My Special Thanks goes to Lostin who made this unpackme and others + OS's tests. (I want to send a thank you to Deathway again for creating this very handy and helpfully UV plugin). So this is all I have to say about the tutorial so far, just watch and read and then try it by yourself. Oh! and by the way I record ten videos and not only one. If something does not work or you have any problems with this tutorial, etc. then ask in the support topic only. Don't send me tons of PM's, OK! Thank you in advance. PS: Oh! and before someone has again something to complain because of my tutorial style [goes to quickly or is bad or whatever] then I just want to say, maybe you're right so normally I don't like to create and write tutorials. This is really not my thing so keep this in your mind.1 point
-
I remember a previous conversation where CodeCracker asked for something related to Eazfuscator, but I can't recall the specific question. However, I do remember that you provided a solution but I'm surprised that you didn't share your tool, as most beginners nowadays use CodeCracker's tools. He's a humble person who sets a good example for the community. What have you contributed so far? The previous generation loved to share knowledge, but now the well-known reversers keep things private. I understand that some people still copy-paste for profit, but there are also genuine individuals who want to dive deep into the field. Unfortunately, many people have quit, because it's a struggle to learn more without a master. It's hard to find one these days. Ra1n, I know you're skilled, and I'm sorry for what I said, but it's the truth. The reversing community is dying. I miss the good old days when the best were humble and shared their knowledge.1 point -
1 pointConsole example x64plgmnrc.exe -G "C:\x64dbg_root" // Set root path for x64dbg x64plgmnrc.exe -U // Update list from server x64plgmnrc.exe -S // Show list of plugins x64plgmnrc.exe -i x64core // Install last version of x64dbg x64plgmnrc.exe -i AdvancedScript // install AdvancedScript https://github.com/horsicq/x64dbg-Plugin-Manager1 point -
1 pointHi everyone, Maybe some of you heard it already, but Sigma and I are working on an x32/x64 debugger for Windows for a few months now... The debugger currently has the following features: variables, currently command-based only basic calculations, can be used in the goto window and in the register edit window. Example: var*@401000+(.45^4A) software breakpoints (INT3, LONG INT3, UD2), currently command-only (just type 'bp addr') hardware breakpoints (access, write, execute), also command-only stepping (over, into, out, n instructions), can be done with buttons/shortcuts memory allocation/deallocation inside the debuggee quickly access API adresses (bp GetProcAddress) syntax highlighting, currently not customizable simple memory map (just addr+size+module+protection basically) The debugger has an easy GUI, for which we looked a lot at Olly Debug engine is TitanEngine, disassembler BeaEngine, icons are from various sources (see About dialog). We use QT for the GUI part. If you have a suggestion, a bug report, need more info, want to contribute, just post here or send me a private message. The latest public build + source can always be found on http://x64dbg.com (click 'Source'->'bin_public') to download the latest build. For now, you can also download the first 'alpha' here We would love to hear from you! Greetings, Mr. eXoDia & Sigma1 point
