Leaderboard
Popular Content
Showing content with the highest reputation since 07/14/2024 in all areas
-
83,268 downloads
A collection of tutorials aimed particularly for newbie reverse engineers. 01. Olly + assembler + patching a basic reverseme 02. Keyfiling the reverseme + assembler 03. Basic nag removal + header problems 04. Basic + aesthetic patching 05. Comparing on changes in cond jumps, animate over/in, breakpoints 06. "The plain stupid patching method", searching for textstrings 07. Intermediate level patching, Kanal in PEiD 08. Debugging with W32Dasm, RVA, VA and offset, using LordPE as a hexeditor 09. Explaining the Visual Basic concept, introduction to SmartCheck and configuration 10. Continued reversing techniques in VB, use of decompilers and a basic anti-anti-trick 11. Intermediate patching using Olly's "pane window" 12. Guiding a program by multiple patching. 13. The use of API's in software, avoiding doublechecking tricks 14. More difficult schemes and an introduction to inline patching 15. How to study behaviour in the code, continued inlining using a pointer 16. Reversing using resources 17. Insights and practice in basic (self)keygenning 18. Diversion code, encryption/decryption, selfmodifying code and polymorphism 19. Debugger detected and anti-anti-techniques 20. Packers and protectors : an introduction 21. Imports rebuilding 22. API Redirection 23. Stolen bytes 24. Patching at runtime using loaders from lena151 original 25. Continued patching at runtime & unpacking armadillo standard protection 26. Machine specific loaders, unpacking & debugging armadillo 27. tElock + advanced patching 28. Bypassing & killing server checks 29. Killing & inlining a more difficult server check 30. SFX, Run Trace & more advanced string searching 31. Delphi in Olly & DeDe 32. Author tricks, HIEW & approaches in inline patching 33. The FPU, integrity checks & loader versus patcher 34. Reversing techniques in packed software & a S&R loader for ASProtect 35. Inlining inside polymorphic code 36. Keygenning 37. In-depth unpacking & anti-anti-debugging a combination packer / protector 38. Unpacking continued & debugger detection by DLL's and TLS 39. Inlining a blowfish scheme in a packed & CRC protected dll + unpacking Asprotect SKE 2.2 40. Obfuscation and algorithm hiding11 points -
TitanHide has been updated to support the latest VMProtect v3.9.4 changes. The service name is now used as the device name, as well, so the check for \\.\TitanHide will fail if you name the service the differently. Latest version (v0019) download link10 points
-
You will find the source code for aspr_ide.dll, a dynamic link library used in software licensing and protection, specifically for applications protected by AsProtect. This DLL simulates various functions related to license validation, registration, trial period management, and hardware ID checks. With ❤️ aspr_ide.dpr10 points
-
My writeups are live now: https://washi1337.github.io/ctf-writeups/writeups/flare-on/2024/10 points
-
Hi all, this is my analysis of GanDiao.sys, an ancient kernel driver based malware. It only works in WinXP as it is unsigned. This driver was used by various malware families and it allowed any userland application to kill other protected processes. This doc also includes a custom userland app source code to use GanDiao and test its capabilities. ENGLiSH VERSiON: http://lucadamico.dev/papers/malware_analysis/GanDiao.pdf iTALiAN VERSiON: https://www.lucadamico.dev/papers/malware_analysis/GanDiao_ITA.pdf As usual, I'm also attaching both PDF files here, just in case. Enjoy. GanDiao.pdf GanDiao_ITA.pdf8 points
-
Version v0.7 FIXED FINAL
297 downloads
============================ AT4RE Power Loader v0.1 (Release Date: 26/03/2025) ============================ [+] Console interface [+] Loader Coded in C++ with CRT (big Size: 85 KB when compressed about 190 KB uncompressed). [+] Supports patching single or multiple Relative Virtual Addresses (RVAs). Root Folder Contents: [+] ATPL.EXE (AT4RE Power Loader) [+] Version History.txt ============================ AT4RE Power Loader v0.2 (Release Date: 16/04/2025) ============================ The most powerful loader against strong and hard protectors. It also works with medium-level protectors, packers, compressors, and even unprotected executable files. Main Features: [+] GUI Coded in Borland Delphi 7 [+] From the GUI, you can browse to select the target file (maximum filename length is 255 characters). [+] You can also copy and paste the file name into the input field. [+] Choose between x32 and x64 loader versions. [+] Loader data can be entered only in the format shown in filed or in the screenshot. [+] Set a base timeout in milliseconds (Minimum: 00, Maximum: 9999 — i.e., 9.99 seconds). [+] Set 1-byte opcodes in the Opcode field using HEX characters (Opcode is the Original First Byte of RVA1). [+] Configure Opcode Timeout in milliseconds (Minimum: 00, Maximum: 9999 — i.e., 9.99 seconds). [+] Set the Loader Timer Delay in microseconds (Min: 00, Max: 9,999,999 — i.e., 9.99 seconds). [+] Configure the loader to start as Administrator. [+] Directly pack the loader with UPX. [+] Generate Loader.exe [+] Save or open projects for future use from File menu. [+] Set the GUI to "most on top" from the View menu. [+] Access the official website, report bugs, and find more information via about in the Help menu. Loader Details: [+] Coded in C++ using the Windows Pure API. [+] Loader size is 10 KB uncompressed, and 5 KB when compressed. [+] Supports Windows 7, 8, 10, and 11 (both x32 and x64). Features include: [+] Anti-ASLR [+] Anti-Anti-Debug [+] Anti-CRC Check [+] Automatically detects the base address. [+] Detects when the protector unpacks code into memory. [+] Can apply temporary patches after a specified delay in microseconds (Patch and restor original bytes). [+] Can apply permanent patches only with 00 Flag [+] Supports patching single or multiple Relative Virtual Addresses (RVAs). [+] Capable of patching up to 2048 bytes. [+] Can run as Administrator or Normal user mode. Root Folder Contents: [+] Project folder (Save or open projects for future use) [+] UPX folder (includes upx32.exe and upx64.exe) [+] ATPL.EXE (AT4RE Power Loader) [+] Version History.txt ============================ AT4RE Power Loader v0.3 (Release Date: 10/05/2025) ============================ The most powerful loader against strong and hard protectors. It also works with medium-level protectors, packers, compressors, and even unprotected executable files. Main Features: [+] Added Support Patching DLLs (Only DLLs Loaded by Target.exe). [+] Added Drag Drop Feature: For .EXE, .REG, .ICO Files. [+] Added Insert Loader Data feature (For Respect the Correct Format). [+] Added Registry Keys Manager (Max size: 1 KB / 1024 characters). [+] Added Delete Files feature (Max size: 1 KB / 1024 characters). [+] Added Icon Changer. [+] Added New Project option from File menu (Clears all fields). [+] Added Commands Shortcut Ctrl+N, Ctrl+O, Ctrl+S in File menu. [+] Added Contact Us section from Help menu. [+] Updated About from Help menu from box to a form. [+] Updated display fonts for Loader Data, Registry, and Files. [-] Removed "My Target run as admin". Loader Details: [+] Size is now 17 KB uncompressed, 7 KB when compressed. [+] Loader now Support Patching DLLs (Only DLLs Loaded by Target.exe). [+] Loader can now add or delete registry keys. [+] Loader can delete files. [+] Automatically requests Run as Administrator when needed (e.g.,Target need administrator privilege, modifying registry or deleting files from protected folders). [+] Icon support added. Root Folder Contents: [+] Icons folder (includes 5 icons). [+] Lib folder (includes bass.dll). [+] Project folder (Save or open projects for future use). [+] ResH folder (includes ResHacker.exe). [+] UPX folder (includes upx32.exe and upx64.exe). [+] ATPL.EXE (AT4RE Power Loader). [+] Version History.txt ============================ AT4RE Power Loader v0.4 (Release Date: 16/05/2025) ============================ The most powerful loader against strong and hard protectors. It also works with medium-level protectors, packers, compressors, and even unprotected executable files. Main Features: [+] Added Import menu. [+] Added Support .1337 patch files exported by x64dbg. [+] Set Opcode automatically when Load .1337 file. [+] Added OpenDialog when Double Click on: - Target Name field. - Loader Data field. - Registry field. - Custom icon field. Loader Details: [+] Fixed bug with registry feature. [+] Default icon changed. [+] Compressed Loader with Default icon 8 KB. Root Folder Contents: [+] Icons folder (includes 5 icons). [+] Lib folder (includes bass.dll). [+] Project folder (Save or open projects for future use). [+] ResH folder (includes ResHacker.exe). [+] UPX folder (includes upx32.exe and upx64.exe). [+] ATPL.EXE (AT4RE Power Loader). [+] Version History.txt8 points -
WindowsFormsApplication4.vmp35.exe: 1. VMUnprotect.Dumper https://github.com/void-stack/VMUnprotect.Dumper/releases/tag/1.1.0.0 2. Unset "IL Only" Flag from .NET Directory with CFF Explorer 3. Demutation Tool https://forum.tuts4you.com/topic/45162-demutation-vmprotect-net https://forum.exetools.com/showthread.php?t=21105 4. de4dot Use --keep-names ntpfg while cleaning the file using de4dot Or use --dont-rename 5. VMP Killer by DarkBullNull Use Option 2 First and Fix CRC and Debug Check https://github.com/DarkBullNull/VMP.NET-Kill https://forum.tuts4you.com/topic/45179-vmpnet-kill/ https://forum.exetools.com/showthread.php?p=131964 6. Unset "IL Only" Flag from .NET Directory with CFF Explorer 7. Use VMProtectNoDelegates to clean delegates https://forum.exetools.com/showthread.php?t=21106 https://forum.tuts4you.com/topic/45163-vmprotectnodelegates-net The only thing left if unvirtualization. WindowsFormsApplication4.vmp35-decrypted-demutate-cleaned.justify_nodel.rar8 points
-
v1.0.0.4 https://github.com/mrfearless/MediaPlayer/releases/tag/1.0.0.4 Added /close command line option to close MediaPlayer once play ends (request from vitsoft on masm32 forum). Also added /minimized, /fullscreen and /volume:xx command line options. Add Ukrainian language menu resource (thanks to greenozon). Add Ukrainian language tooltips (thanks to greenozon). Add Persian language menu resources (thanks to Yashar Mahmoudnia). Add Persian language tooltips (thanks to Yashar Mahmoudnia). Add Right To Left Layout for Persian language selection (thanks to Yashar Mahmoudnia for testing). Changed play rate from slower/faster menu and buttons to a playback speed submenu and a button with a dropdown menu. Added audio stream switching via a submenu and a dropdown menu (from volume mute toggle button) (request from makson5 on github). Playback speed and audio stream menus are dynamically created when a media item is loaded. Otherwise menu will show a menu item showing "Unavailable". i button tooltip displays filename as well now. Holding CTRL whilst clicking on Help->About or i button will open folder containing MediaPlayer's ini file. Fixed menu items width on menus still showing very long widths after clearing MRU list. String resources are now compressed with rtlc in a block and are loaded and decompressed per language selection on first access. Removed some string resources, icons and bitmaps that are now redundant. MediaPlayer-x64.zip MediaPlayer-x86.zip8 points
-
Moved to a new server with better hardware and a new operating system. There is a short and long version as to why it took so long. Short version, it was initially planned to be only a few hours of downtime. Had it been successful most people would never know there was an outage. Unfortunately it turned to shit. Piecing together all the bullshit from the hosting company (and registrar for the primary domain) they had issues accessing and making changes to the domain to disable DNSSEC and point nameservers to the new server. When I purchased the domain decades ago, the hosting company was in its fledgling years and the domains have been held with a relic/ legacy product of theirs. It would seem between 10 months ago (when they last made similar changes for me) and last week they have either lost access or control to make changes to the domains. This is what I have pieced together after numerous calls and online chats with them to get it resolved... Ted.8 points
-
Hello! I am 14yoKID , and i have documented everything tothe best of my ability. If you have any questions, please feel free to reach out or respond to my solution. I appreciate any feedback or discussion. The first step is to look inside the crackme’s binary for any references to “Wrong key!” (the error message). We load the executable into a disassembler or debugger (IDA, x64dbg, or similar). A quick search reveals that “Wrong key! Try again.” is located around the following code: 00408C3E | A1 0CA34000 | mov eax, [0x40A30C] 00408C43 | BA D48C4000 | mov edx, 0x408CD4 ; "Wrong key! Try again." This is where program prints the "Wrong Key! message. Scrolling above that reference,we see : 00408C16 | A1 98B74000 | mov eax, [0x40B798] ; loads the user's computed key 00408C1B | 3B05 ACB74000 | cmp eax, [0x40B7AC] ; compares it to the correct key 00408C21 | 75 1B | jne 0x408C3E ; jump if not equal => "Wrong key!" This shows: The user’s input key is stored at [0x40B798]. The “correct” key resides at [0x40B7AC]. If these two values do not match, we jump to the code that prints “Wrong key! Try again.” If they do match, we take the path that prints “Correct key!, Now Try to Keygen ME !” Finding Where [0x40B7AC] Is Set : Quick look upword in disassembly reveals: 00408BB0 | E8 5BFEFFFF | call 0x408A10 00408BB5 | A3 ACB74000 | mov [0x40B7AC], eax So at address 0x00408BB0, we call a function (which we’ll refer to as sub_408A10). Right after that call, we store EAX into [0x40B7AC]. That means the function at 0x00408A10 produces the correct key in EAX. To finally find a key set a breakpoint at 0x00408BB0 or directly inside sub_408A10 at 0x00408A10. Run the program and break on that address,press F7 ( Step into ) the call to examine how the function computes EAX. Inside sub_408A10, we notice: It reads a hard-coded byte 0x5A from [0x40A298] It loops exactly four times over bytes stored at [0x40A29C..0x40A29F] ( for instance , 0xA5 , 0x3C , 0xD7 , 0x82 ) Each iteration does some arithmetic: XOR , multiply by 12345 , add 0x6789, shift bits, etc. After finishing four iterations, it multiplies EAX by 0xDEADBEEF , does a final XOR and then returns EAX. Stepping through the entire function, we see that every run ends with a single final value: EAX = 0x8981B3E0 Then writes this to [0x40B7AC]. Therefore, the correct key is a constant number: 0x8981B3E0 ( OR IS IT?? ) Even though we know the internal number is 0x8981B3E0 , how do we type it so that crackme accepts it? By stepping into the function that processes (sub_4060A8 or sub_4045D4), or simply by trial and error, we learn: The crackme expects a leading '$' to interpret the rest of the text as hex. Typing XXXX1B3E0 ( dont want to spoil fun for others ) is interpreted as the hex value 0x8981B3E0. This matches the stored correct key, so the crackme prints : Correct key!, Now Try to Keygen ME ! But why $? In this particular crackme, the $ symbol is how the program’s input-parsing routine recognizes the user’s entry as a hexadecimal number. Without the '$' prefix, the code typically treats your input as decimal (or otherwise misreads it). Since the “correct key” is stored internally as the hexadecimal value 0x8981B3E0, the crackme will only accept a matching hex number—and it specifically wants you to indicate “hex mode” with '$'. That’s why typing 0x8981B3E0 or plain 8981B3E0 fails: the program doesn’t parse those formats as the same 32-bit value. Only '$8981B3E0' matches the exact hexadecimal integer 0x8981B3E0 the crackme expects. The final answer of mine and correct/valid key is :7 points
-
Hi @fearless, thanks for the new upload and the special AI podcast. I created a simple video with subtitle on it and attached another video with subtitle added as own track to have an better quality on reading. Just made for fun and for all who like reading at same time when hearing the podcast. Creating Controls In Assembler - Subtitle on Video.mp4 Below the attached video. Creating Controls In Assembler - Subtitle Track.7z greetz7 points
-
A basic media player application written in x86 and x64 assembler that utilizes the MFPlayer-Library - which consists of functions that wrap the MFPlay COM implementation of the IMFPMediaPlayer and IMFPMediaItem objects. https://github.com/mrfearless/MediaPlayer Features Supports audio and video media that is natively supported by the Microsoft Media Foundation API Player controls via toolbar buttons, menu or context menu: Play/Pause Toggle, Stop, Frame Step, Volume Mute/Unmute, Fullscreen toggle, About, Exit. Custom control for Volume slider. Custom control for Seekbar slider. Custom controls for Labels (for duration of media and current position). Fullscreen enter via toolbar button, menu, context menu or F11. Fullscreen exit via toolbar button, menu, context menu, F11 or Escape. Spacebar toggles play/pause. Open media via File menu, context menu, clicking screen logo, clicking play button or drag and drop. Uses the FileDialog-Library Download The latest releases can be downloaded at https://github.com/mrfearless/mediaplayer/releases Edit: Attached v1.0.0.5 releases. MediaPlayer-x64.zip MediaPlayer-x86.zip
7 points -
v1.0.0.1 https://github.com/mrfearless/MediaPlayer/releases/tag/1.0.0.1 Changed default codebase for x86 and x64 MediaPlayer to use wide/unicode for better handling and display of unicode filenames #2 #3. Ini file now is created with BOM to allow unicode - for MRU filenames. Ini file prepends a play/pause unicode glyph to its name (helps indicate that it is unicode perhaps?) Add clear recent files option (comment/wish from BOSCH on Tuts4you). Fix memory leak - missing DragFinish call #4. Fix transparent painting issue in about dialog box #1. Added use of ChangeWindowMessageFilter to better support drag and drop for UAC blocking drag and drop operations #4. Added play rate (slower/faster) buttons and menu items (request from Yashar Mahmoudnia on Tuts4you Telegram). Added step 10 seconds (backward/forward) buttons and menu items. Add additional accelerators for play rate and step 10 options. Add missing accelerator resource for x64 version (Thanks to jj2007). Combined toolbars to just one toolbar now. Edit: Fix small crash in x64 version when using slow/fast buttons or menu option - ebx instead of rbx in event notification callback - proper x64 version attached now MediaPlayer-x86.zip MediaPlayer-x64.zip7 points
-
You mean few dozens of morons asking to crack random vmprotected executable? 😁 Now that's a really valuable "comuunity"!7 points
-
Your crackme seems to have multiple solutions. Not sure if this was intended: Some example passwords: Approach:
6 points
-
I will be adding more courses https://pan.huang1111.cn/s/v8XwSE Pass:revteam.re
6 points
-
The tool created with love for all RCE community. If you have any feedback bug repport share it here...6 points
-
i may banter a lil in the opening, but that is how i was taught when i was in highschool learning ASM from the ukranians and russians, bootkits from the chinese You give a short shoutout or point to be made and ya write and code Here, i use the LCRN (LCG) from the GiantBlack Book of Viruses (Physicist Dr. Mark Ludwig) and his 16-bit many hoops and recreated it for x86 (32 bit) VXWriteUp.pdf6 points
-
Among the anti-debug techniques, there's an interesting one worth noting. A dummy thread is created and then it calls Sleep(0x32). (The goal is for the created thread to be detected by tools like x64dbg.) Then, it calls NtQueryObject with the ObjectBasicInformation class using the thread handle. If the returned HandleCount is greater than 1, it determines that debugging is in progress. void dummy() { Sleep(8000); } bool CheckCreateThreadHandleCount() { HANDLE hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)dummy, NULL, 0, NULL); if (hThread == NULL) { return false; } Sleep(0x32); PUBLIC_OBJECT_BASIC_INFORMATION objInfo; NTSTATUS status = NtQueryObject(hThread, ObjectBasicInformation, &objInfo, sizeof(objInfo), NULL); if (!NT_SUCCESS(status)) { CloseHandle(hThread); return false; } std::cout << "Handle Count: " << objInfo.HandleCount << std::endl; if (objInfo.HandleCount > 1) { CloseHandle(hThread); return true; } CloseHandle(hThread); return false; }6 points
-
Since @Washi provided the solution first, you may mark his answer as solved. However, I’d like to share my approach as well for reference. 1) Polynomial Coefficients and Matrix 1. Username - Polynomial Coeffs The code has a function that folds ASCII values into 8 coefficients ( size = 7 ). For "CHESSKING" , we take each character's ASCII and add it to slot in the array. 2. Matrix Build We then build 5 x 5 integer matrix from these 7 coefficients. Each entry is computed via this formula : mat(r,c) = ( coeffs ( r mod 7 ) x ( c + 1)) + ( r + 1 ) ---> All in paranthesses from start has to be to the power of 2. 3. Determinant ( mod 65521 ) We do a row-reduction to find the matrix's determinant, and then take /bmod 65521. 2) Toy Elliptic-Curve Step The code defines a small curve: y2 ≡ x3 +Ax+B (modp), p=1201, A=1,B =1. ( x3 here is actually x to the power of 3 ) We have a base point G = ( 5,116 ) this goes : finalPoint= ECSM (G,detMod) That is, we "add" G to itself ( detMod ) times in elliptic-curve arithmetic. The result is ( X , Y ) . Then we define it with this formula : curveSecret= X+ (Y≪16) 3) LFSR Shuffle We take 64 bits (lowest bits) from curveSecret and feed them into a Linear Feedback Shift Register for 64 rounds, producing a new 64-bit integer lfsrOutput. This step effectively scrambles the bits further. 4) BFS-Based Knight Path The code starts at square E5 on a 10×10 board labeled A..J (files) and 1..10 (ranks). Internally, E5 is (4,4) in 0-based coordinates. For each character in the username, we do: steps= (ASCII of char) mod 5 , then run a BFS for that many expansions. The BFS uses Knight moves (like (2,1), (1,2), etc.) with wrapping if we go off the board. We capture the last enqueued square after those BFS expansions, add that to our path, and repeat for the next character in the username. 5) “Check to the King” There is a King placed on G10 → (6,9) in 0-based coordinates. We look at the final square in our BFS path. If that final square is one knight’s move away from (6,9), we do an extra step: lfsrOutput = lfsrOutput⊕0xA5A5A5A5 For "CHESSKING" , the BFS path’s last square does or does not cause this XOR. In our run, it does cause the XOR (i.e., it’s in position to “check the King”). 6) Nibble → Weird SAN Moves We take the final integer (lfsrOutput) and break it into 12 consecutive 4-bit nibbles. For each nibble, we pick a “weird” standard algebraic notation (SAN) chess move from the code’s move table. This yields moves like e2e4, Na3xb5, Qd1h5, etc. 7) Final Serial Part A: The BFS squares (space-separated). A dash ( - ) Part B: The 12 SAN moves from the nibble-based table. Verifying everythin we gathered so far : For "CHESSKING" : E5 I3 C1 A7 G4 C1 C1 I8 E5 G4 After the code determines the King is in check, it XORs the LFSR output with 0xA5A5A5A5 Extract 12 nibbles → map to the weird SAN table. They all turned out to be mostly e2e4, with a couple of different ones in the middle (Bf1c4, d2d4) My final answer which is my Username and Serial Key is :6 points
-
-src -ARTeam.esfv -Thumbs.db -Weakness of the Windows API.Part1.pdf WeaknessoftheWindowsAPI.rar6 points
-
A simple Template in Delphi with only winapi Api_WindowWithControls.txt6 points
-
Today I fed the gitbook I created into NotebookLM to create a deep dive podcast. This was the summary it created: I uploaded the deep dive podcast so that it can be downloaded. Its a 43MB .wav file with a duration of about 15mins. There was about 3 or 4 instances where the podcast "hosts" reference something that they say they touched on or talked about previously, but hadn't actually done so, but other than that its actually pretty good I would say. Here is the download link for the Creating Controls In Assembler Deep Dive Podcast: https://github.com/mrfearless/creating-controls-in-assembler/releases/download/Gitbook/Creating.Controls.In.Assembler.-.NotebookLM.-.Deep.Dive.Podcast.zip?raw=true The original online gitbook is here for reference: https://fearless.gitbook.io/creating-controls-in-assembler and pdf and .epub downloads are attached or available here: https://github.com/mrfearless/creating-controls-in-assembler/releases Creating Controls In Assembler-epub.zip Creating Controls In Assembler-pdf.zip6 points
-
Fun and not too difficult challenge. I always like me some VM crackmes Valid keys: Had enough fun reversing this so I made a full writeup with disassembler and devirtualized code: https://blog.washi.dev/posts/binaryshield-vm-crackme/6 points
-
As in every update, We got rid of the old bugs and got a new list of bugs.6 points
-
...because cloning git repo, or just clicking on anonfiles.com_d1D7M7q9z4_vmpsrc.zip is so f*ing complicated. You don't need VMProtect sources. What you need is a basic understanding of this magical thing called "the internet".5 points
-
I can only wish you luck in your search 😄5 points
-
Hi! I took a look at it and shame that no one tried to solve it,here is my approach. Basic things i pulled: All four keys must differ. If any two keys are the same string, it shows “All keys must be different.” No key can contain "0@0". If you type a key like "0@0@something", it rejects it. “Erjey” can be used at most once, and if it appears, the fourth chunk of that key must be less than 6. That is, if a key has the substring "erjey", its format is X@Y@erjey@W, and W<6W < 6W<6. The third chunk in each key can be one of three strings: erjey kao tuts4you If you use something else, you get badboy error message. 2.2. Internally, a Linear Solver Digging deeper, i discovered a set of classes (d, e, j, etc.) that build a system of linear equations or inequalities. Each key of the form X@Y@{erjey|kao|tuts4you}@W is taken to mean X⋅x+Y⋅yRELWX , where the “relation” REL depends on the keyword: erjey → equality (=). kao → some inequality (≥ or ≤) depending on puzzle logic. tuts4you → the other inequality. From hints in the code and trial tests, we saw that: erjey is effectively “=”. For this puzzle’s code, kao ended up being “≥” and tuts4you was “≤” (the code flips them). Finally, after the solver ensures a feasible solution for (x, y), it calculates an “objective value” from the Name field, which must also be in the format A@B (two doubles). The code uses: objective=A×x+B×y If that objective is exactly 44 000, it shows: MessageBox.Show("Valid combination!"); That is the central condition: Ax+By=44000. 3. Constructing a Solution To guarantee the solver yields 44,000, we needed to pick (x, y) and (A,B) so that: A×x+B×y=44000. Additionally, we had exactly four constraints (the “Keys”) to pin down x and y. 3.1. The Simplest Trick: Set x=y One common approach: force x=y=c for some integer c < 6 (because the puzzle disallows “erjey@W” if W >= 6). Then we just need: (A+B)×c=44000 then this becomes A+B = 44000 / c Hence, pick any c in [1..5], and pick A + B = 44000 / c. 3.3. Example Name Then to satisfy (A+B) c=44000, choose a Name that splits as A@B with A+B=44000/c. For instance: Let c = 4. Then A+B must be 11000. We pick A = 5500 and B = 5500. So Name = "5500@5500". 3.4. Putting It All Together And if im right and if this is the keygen you have asked for : keygen.py5 points
-
I recommand the people to use this protection because it's very good. The protection is advanced like Pelock but very good. Only a real reserver can do it But it needs much times to be able handle it. UnpackMe.Obsidium.1.69b1.x86_unprotect.rar
5 points
-
Creating a scrolling starfield effect in Delphi. Starfield.rar5 points
-
A complete version of the web site has been converted into a Windows executable. It looks and behaves like the site, but with the added benefits of : No adverts Search facility for finding Run Time Library entries and .Net Methods. Fast access to 1,000+ pages of tutorial/reference pages - the full site and more System.Drawing.Graphics .Net class pages - 44 methods each with examples illustrated with graphical output Printing of pages precisely to any paper size or format RTL lists printable by letter, function, unit or category History drop-down of recent and popular RTL pages Database tutorials, not available on this web site Copy full text copy is enabled at last (the secret revealed by a user) Delphi Basics Offline 7.3.zip Serial.txt5 points
-
i used an old tool 😁 PatchMe_PROCESS_WRITE_by_terco.txt5 points
-
i made a video for unpacking with tools .... asprotect_unpack_by_terco.txt5 points
-
1. get your fasm 2. open .asm in FASMW.EXE and build it (CTRL+F9) we done
5 points
-
4n4lDetector 3.0.0 Download: https://github.com/4n0nym0us/4n4lDetector/releases/tag/v3.0 [+] The function search code for "Import Table" and "Call Api By Name" has been optimized. [+] A general optimization has been performed with one of the largest buffers in memory, this positively affects the stability and speed of the general analysis. [+] The size of the file to be analyzed has been increased by default to 50MB. [+] An optimization has been made in the search engine for the "Show Offsets" option and in the handling of buffers. [+] Searches for generic malware terms, different types of exploitation, APTs and terminologies that may affect the State in "4n4l.Rules" have been included. [+] A cleaning of null bytes 0x00 is performed in the variable where the report is stored to avoid bugs in the output of the text box of the main form. [+] The tool interface takes on a darker base tone. [+] A donation button via (PAYPAL) has been included since I have finally decided to continue with the project publicly for everyone. [+] A bug was fixed in which false functions could be included in the "Export Table" list by carving. [+] The Interest's Words module includes new internal words for the tool, for ansi and unicode. [+] A bug in the web view was fixed that could aesthetically affect the view of the Interest's Words module statement. [+] Optimizations were made in the Known IP/Domains module for ansi and unicode. [+] New search syntaxes were included in the "Intelligent Strings" module to increase interesting results. -> Internal cleanup syntaxes were added to show more stylized results. -> An optimization has been made with a direct impact on the variables used in this module. [+] A more selective cleaning of the extracted URLs is performed: -> URLs with extensions in the context of PKI digital certificates are reconstructed. -> Htm extensions are reconstructed. -> ".com" domain endings are cleaned. -> Possible HTML code cleaning is performed. [+] A progression system based on medals has been included. -> Brown Padawan Medal, Bronze Medal, Silver Medal, Gold Medal and Platinum Medal. -> The process can be slow, don't despair... because it's worth it. -> These medals will be earned as you use the tool over the course of days, weeks, months and consequently their functionality will also increase progressively. -> The medals will only work on the work machine on which they have been earned, if you want to make it work on another machine of yours try it yourself (You're a hacker, right?). -> The features or surprises that come with leveling up are not included in this file, although you can review them in the "Settings" section of the tool.5 points -
I have already conducted testing before, and if you compile the 32-bit plugin according to the original source code provided here (https://bbs.kanxue.com/thread-282244.htm). Original 32-bit (Imperfect Version).zip This plugin is effective on Win7 x64 SP1; But it fails in Win10/11 x64. e.g. VMP_3.8.7_x86_32-bit.vmp.exe Win7 x64 SP1 √ Win10 x64 × Win11 x64 × By recompiling the 32-bit plugin according to the modified code provided by karan, the above issue has been resolved. The revised and recompiled complete version is now uploaded as follows, and has been tested to be effective in Win7/10/11 x64. ScyllaHide_2024_x86_x64_v0.002.zip5 points
-
I suggest you think about this long and hard. What could possibly go wrong? I'll take the bonus points..4 points
-
@boot How to bypass the x64 target like you had done? Regards. sean.4 points
-
@Sh4DoVV How to bypass x64 version of enigma constant used target? Do we have to change CRCs and then change hwid to the given one like changing x86 version of it's hwid using @CodeExplorer's EnigmaHardwareID Tool and scripts for x86 targets? Many thanks in advance. Regards. sean.4 points
-
I've made real progress: ulong ledi1 = (ulong)selfEH.ToInt64(); // ulong leax1 = *(ulong*)(ledi1+0x58); ulong valueZero = *(ulong*)(leax1+0x28); ulong Pointer = leax1+0x28; MessageBox.Show(valueZero.ToString("X8")); When valueZero is zero method has no exception handers; So I've found add that EHCount from info->EHcount from CORINFO_METHOD_INFO_Fr4_x64 has invalid value; mainly the function was called for methods with no Exception Handlers.4 points
-
WaterEffect_Src.rar
4 points
-
After having some free Times, I do some steps and don't find anything new. As always there are no change from it. Attach key and name to decrypt the section may be I will send a full tutorial for unpacking and patching enigma. May be the Author will know how their protection works and how to deal wit it. Have nice day
4 points
-
82 downloads
This is an example program I used to shell The Enigma 7.7. You can shell it, bypass it, PatchHWID, KeyGen to make it run normally. Of course, it would be best if the shell could be peeled off.Have fun! https://workupload.com/file/EGgppWamMA6 Cracked:4 points -
Merci, Frérot Steven.K (Xyl2k) MASM32-graphical-effects4 points
-
The easy way with "CodeDoctor" plugin ==>> Unpack Asprotect .... & you just need to add aspr_ide.dll file
4 points
-
v1.0.0.5 https://github.com/mrfearless/MediaPlayer/releases/tag/1.0.0.5 Moved Spacebar play/pause toggle to accelerator table instead of WM_KEYDOWN. Set focus on media player video window on enter fullscreen to allow Escape key to exit fullscreen. Hide controls and cursor after 3 seconds in fullscreen mode, show controls and cursor on WM_MOUSEMOVE or exit of fullscreen. Controls do not hide if fullscreen and an audio track is loaded. MediaPlayer-x64.zip MediaPlayer-x86.zip4 points
-
Unpacked, but I don't generate a valid license since asymmetric algorithm. Unpacked By CreateAndInject.7z
4 points
-
I think its just ResHacker showing a generic icon in place of a SS_ICON style static control, as the icon hasnt been loaded/set into the static yet. There is another one on the main dialog as well, which I should remove as its no longer used and is disabled/not visible by default.4 points
-
Lack of any explanation whatsoever, likely the author just ripped code directly from the source of the original program; which they clearly have access to given the details of the post. For those of you seeking guidance, I'd look elsewhere (old but gold).4 points
-
6,542 downloads
I want to release a new tutorial about the popular theme Themida - WinLicense. So I see there seems to be still some open questions mostly if my older unpack script does not work anymore and the unpacked files to, etc. So this time I decided to create a little video series on how to unpack and deal with a newer protected Themida target manually where my older public script does fail. A friend of mine did protect unpackme's for this and in the tutorial you will see all steps from A-Z to get this unpackme successfully manually unpacked but this is only one example how you can do it, of course. So the tutorial [videos + text tutorial] is very long and has a run-time of more than three hours and of course it will be necessary that you also read the text parts I made at the same time if possible but if you are already a advanced user then you will have it easier than a newbie. So I hope that you have enough patience to work through the whole tutorial. So the main attention I set on all things which happen after normal unpacking so the unpack process is the simplest part and all what comes after is the most interesting part and how to deal with all problems that happen. It's more or less like a live unpack session. I also wrote some small basic little helper scripts which you can also use for other targets to get valuable information if you need. Short summation: Unpacking Exception analysing VM analysing with UV plugin AntiDump's find & fixing & redirecting "after fix method" Testing on other OS My Special Thanks goes to Lostin who made this unpackme and others + OS's tests. (I want to send a thank you to Deathway again for creating this very handy and helpfully UV plugin). So this is all I have to say about the tutorial so far, just watch and read and then try it by yourself. Oh! and by the way I record ten videos and not only one. If something does not work or you have any problems with this tutorial, etc. then ask in the support topic only. Don't send me tons of PM's, OK! Thank you in advance. PS: Oh! and before someone has again something to complain because of my tutorial style [goes to quickly or is bad or whatever] then I just want to say, maybe you're right so normally I don't like to create and write tutorials. This is really not my thing so keep this in your mind.4 points
