Jump to content
Tuts 4 You

Leaderboard

  1. CodeExplorer

    CodeExplorer

    Team Member


    • Points

      21

    • Posts

      4,260


  2. whoknows

    whoknows

    Full Member+


    • Points

      12

    • Posts

      1,927


  3. jackyjask

    jackyjask

    Full Member+


    • Points

      8

    • Posts

      1,513


  4. ra1n

    ra1n

    Full Member


    • Points

      6

    • Posts

      84


Popular Content

Showing content with the highest reputation since 07/16/2025 in all areas

  1. Hey guys! I’m iced, a passionate student from Bosnia who’s really into reverse engineering. I decided to join Tuts4You to expand my knowledge and trade insights with people who are way better than me.Im also a friend of @0xret2win and he suggested me to join site and try to tackle couple of nice crackmes posted here. Also i dont think the guy who made this applied full protection settings. Anyways upon investigating this target i found two interesting calls: ( Not entierly sure if i should do step-by-step since if you follow "MessageBoxA" in ret and stack you will eventually get to same place i got ) "vmp-licensing-test.vmp.exe"+A19CAE - E8 B9CB60FF - call "vmp-licensing-test.vmp.exe"+2686C This is upon hitting "VMProtectGetCurrentHWID". RAX => 29 "vmp-licensing-test.vmp.exe"+A19C9C - E8 2550ABFF - call "vmp-licensing-test.vmp.exe"+4CECC6 This is upon hitting on "VMProtectSetSerialNumber". RAX => 20 Using x64dbg : 00007FF665759CAE | E8 B9CB60FF | call vmp-licensing-test.vmp.7FF664D6686C | -> VMProtectGetCurrentHWID 00007FF665759C9C | E8 2550ABFF | call vmp-licensing-test.vmp.7FF66520ECC6 | -> VMProtectSetSerialNumber
    5 points
  2. Finally dotnet_UnPkd.7z
    1 point
  3. I am stuck and need help Things I have found 1. de4dot-mobile46 Debug the de4dot Here I found the decrytion key from header: K‡Îë7tÃHPË{ü0€ and the decryption uses only the first 4 bytes Got key uint array key0: 88836046, key1: 3946280131, key2: 1213203403key3: 2080125056 for SigType.pro In ParseMethodBody2 throws an exception because the first byte of the reader is 101. which not he tight value for the "&" can anyone points me in the right direction Thank you
    1 point
  4. Resolve field with declaring type containing generic parameter FieldDef dnlibfield = instructions[i].Operand as FieldDef; if (!dnlibfield.DeclaringType.ContainsGenericParameter) field = assembly.ManifestModule.ResolveField(dnlibfield.MDToken.ToInt32()); else { // here is the problem: Type declType = assembly.ManifestModule.ResolveType(dnlibfield.DeclaringType.MDToken.ToInt32()); } So how do use dnlib to resolve declaring type containing generic parameter ??? public virtual System.Reflection.FieldInfo? ResolveField(int metadataToken, Type[]? genericTypeArguments, Type[]? genericMethodArguments); https://learn.microsoft.com/en-us/dotnet/api/system.reflection.module.resolvefield?view=net-9.0#system-reflection-module-resolvefield(system-int32-system-type()-system-type())
    1 point
  5. 83,578 downloads

    A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding
    1 point
  6. Your crackme seems to have multiple solutions. Not sure if this was intended: Some example passwords: Approach:
    1 point
  7. View File VMProtect v3.5.1 Hi all, This is a protected with the TRIAL edition... Mutation / Virtualization w/ the built in VMProtect license system. VMProtect Debugger detection - disabled. (apparently some C# lines added) VMProtect Trial limitation : user has to patch the file to run to his machine. There are 2 enter serial dialogs, once you solve the 1st, drives you to 2nd, when a valid serial entered exporting a file... If a valid serial entered on 1st form, is saved to license.diz file. Submitter whoknows Submitted 10/07/2021 Category UnPackMe (.NET)  
    1 point
  8. WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar
    1 point
  9. de4vmp - VMProtect unvirtualizer: https://github.com/chickenienRE/de4vmp Demutation https://github.com/xlfj5211/DeMutation For MSIL decryption SMD_for_agile can be used. I didn't complete yet the challenge.
    1 point
  10. @Hadits follower dn 473kb @: https://download.ru/files/wzwPRCwM made by : VMProtect Ultimate v3.5.0.1213-WEB0DAY VMProtect Ultimate v3.5.1.1399-crk
    1 point
  11. Serial: TGlmZSBpcyBCZWF1dGlmdWw4MWEzNzBjOS03MzU2LTQzNWEtODhlNi1mY2VhNDJjMzQ2MGQ In short: var str = String.Concat("Life is Beautiful","81a370c9-7356-435a-88e6-fcea42c3460d"); var b = Encoding.GetBytes(str); var b64 = ToBase64String(b); var serial = b64.Replace("=",""); Thank you, whoknows! - Rift
    1 point
  12. 230 downloads

    Hooking is the practice of re-directing the flow of a program causing it to execute a code-cave or function in an injected module in place of another piece of code. In this tutorial, I will cover a method of hooking known as IAT (Import Address Table) Hooking. IAT Hooking is a 4 step process (I assume you are able to manage to inject the attacking DLL on your own).
    1 point
  13. [unpackme] Agile.NET unpack me Agile.NET 6.2.0.16 AgileNETUnpackMe.zip
    1 point
  14. It works with the following code, thanks! static int GetRVA(MethodBase mb) { var mdInfo = MetadataInfo.GetMetadataInfo(mb.Module); int table = mb.MetadataToken >> 24; int rid = mb.MetadataToken & 0xffffff; mdInfo.MetaDataTables.GetRow((uint)table, (uint)rid, out var ppRow); return *(int*)ppRow; }
    1 point
×
×
  • Create New...