Leaderboard

Here we go, after the above step with slayer - Decrypt Methods unckecked; // Token: 0x0600081D RID: 2077 RVA: 0x0006E2E8 File Offset: 0x0006C4E8 [MethodImpl(MethodImplOptions.NoInlining)] internal unsafe static void qp1d5IbOJ() { Just fill at 006C4E8 with 062A so will change the body of method qp1d5IbOJ to a simple ret. after that we have a working file and we can deobfuscate with BabelDeobfuscator. Here is working unpacked file: https://workupload.com/file/3JqMck9ZtYR

Language : C/C++ Platform : Windows x32 OS Version : ( Windows 7,10) Packer / Protector : None Description : Goal : Find correct key. Enter key in textbox and click OK button then you see result . Screenshot : crackme_release.exe

Very nice crackme Salin! Noticed couple of things and gave it a try,its using a recrusive function that looked like Fbonacci but with a twist - when n equals 8 it returns the first character of my input XORed with 0x78 instead of the normal Fibonacci value. Code computes fib(14) and compares it against specific values in a switch statement. I knew standard fib(14) is 377 which equals 0x179. Working backwards since fib(8) gets replaced with char[0] ^ 0x78 , i needed to figure out what value makes the sequance land on 377. Turns out fib(8) needs to be 21 for this to work. So char[0] ^ 0x78 = 21 which means char[0] = 21 ^ 0x78 = 0x6D = 'm' There's a loop that validates characters 3 through 9 using a table at byte_411BFC. The validation formula : fib(i+8) - fib(i+6) == byte_411BFC[i] ^ char[3+i] Just rearranged it to solve for each character and u get : a, m, b, i, q, u, e. Now characters 1 and 2 were trickier. Character 1 determines a value dl through another Fibonacci call and character 2 gets XORed with that. There's a secondary check involving fib(17) that needs to equal 1597. After some trial and error found that char[1] = 'o' gives the right Fibonacci value, and char[2] = 'z' satisfies the XOR constraint. And if we finally put it all together we get a valid serial for this amazing crackme which is : mozambique I ran it through checksum calculation and got 0x12D4. Some code where it compares : 0040134B | 893D 20434100 | mov dword ptr ds:[414320],edi | 00401351 | 81FF D4120000 | cmp edi,12D4 |

https://limewire.com/d/ms51G#Mpzupr348q https://fileroy.com/M2BGwO2XGj40/file https://zippyshare.day/EbxBhxDZZZbrlIH/file

My previous video link is dead. Here below you can watch how to use my plugin.

Sir i created those tools. And took some references from JitUnpacker https://github.com/wwh1004/JitUnpacker-Framework

😀😁 UnpackMe.Dumped.exe UnpackMe.Unpacked.exe

Found this last week when I was looking for gen9 bios/firmwares http://dl.mobinhost.com/Firmware/HP/iLO/ @kao Yes, gen10 is iLO5. It might be the same check on both generations, so maybe checking old iLO4 would also work... @Niutish Can the memory be programmed by soft or it can only be done via hw? Does CH341A works for this? PS: I have never reversed fw/bios, but I guess it can be backtraced from here? LDR R3, [R10,#0x10] MOV R2, R5 ADD R0, SP, #0x194+var_64 MOV R1, #0x40 ; '@' BL 0x3EEFFE0 LDR R2, [SP,#0x194+var_178] ADR R1, aMemoryModuleIs ; "Memory module is HP SmartMemory"EDIT: According to this pdf https://www.cpi.co.jp/wp/wp-content/uploads/2025/01/Understanding-DDR4-SPD-Table-by-CST.pdf bytes 0x143-0x144 are the manufacturing date. CRC should be at 0x17E-0x17F

To avoid blind guessing, I suggest you to get old iLO firmware packages and analyze them. See what conditions must be fulfilled in order to get the "SmartMemory" status. If my google-fu is working, Gen10 servers use iLO5, here is it's general spec: https://www.hpe.com/us/en/collaterals/collateral.c04154343.html, and here are the download links https://support.hpe.com/connect/s/softwaredetails?language=en_US&collectionId=MTX-2dc80c4ae4b943fa. It would appear that older firmware packages didn't use any encryption, just some (trivial) compression, making the job so much easier.

Hi! This is my first post on tuts4 you I hope that this is the right section, if not, please delete this post! Ok so... Few months ago I have made public my internal project called REDasm on GitHub. Basically it's a cross platform disassembler with an interactive listing (but it's still far, if compared to IDA's one) and it can be extended with its API in order to support new formats, assemblers and analyzers. Currently it supports: Portable Executable VB5/6 decompilation . It can detect Delphi executables, a decompiler is WIP. .NET support is WIP. Debug symbols are displayed, if available. ELF Executables Debug symbols are displayd, if available. DEX Executables Debug symbols are displayed, if available. x86 and x86_64 is supported. MIPS is supported and partially emulated. ARM support is implemented but still WIP. Dalvik assembler is supported. Most common assemblers are implemented by using Capstone library, Dalvik assembler is written manually and even the upcoming MSIL/CIL assembler will be implemented manually. The entire project is written in C++ and its UI is implemented with Qt5, internally, the disassembler is separated in two parts: LibREDasm and UI. LibREDasm doesn't contains any UI related dependencies, it's just pure C++, one day I will split it in two separate projects. Some links with source code, nightlies and wiki: Source Code: https://github.com/REDasmOrg/REDasm Nightly Builds (for Windows and Linux): https://github.com/REDasmOrg/REDasm-Builds Wiki: https://github.com/REDasmOrg/REDasm/wiki And some screenshots:

Someone please share zero 2 automated reversing course. Thank you.

Why? I don't depend on anyone.

https://www.youtube.com/watch?v=4G9jc5zD6K0

Double checked your icon and it looks to be head banging... Ted.