Is there a place you know to share about specific target ?

[tusk]

Hello there,

 

I was wondering if is it of a common practice to be able to talk about a specific program and share one's findings.

Something like : giving the target name, Url, and then sharing the protection scheme, VA's like serial verification routines and stuff... untill we achieve our goal (exemple: keygening a real app).

 

Or is it forbidden / too dangerous ?

 

I didnt find anything about this in the general rules..

Thanks if you can help, or if you can advise me a place where this is common practice (if it ever exists!)

 

-tusk-

[kao]

Just to clarify - have you done the research and want to publish it, or you'd like to post program download link and then wait for someone to do all the hard work for you?

 

If you're the one doing the research, here's one example that's on a borderline but still OK - caracrypt. All references to software authors name had to be removed from title & text but obscure references still remain.

If you post a crack request - no, that's not welcome here.

[mrexodia]

I started http://noprotection.tk for this purpose. You can post stuff the application is protected with and maybe some extra comments. There is no discussion though.

Edited June 7, 2015 by Mr. eXoDia

[tusk]

Hi,

 

No it is for making "crack request" at all

Actually, the contrary. I'm trying to get better at reversing, thus trying to fill them from time to time (with easy targets). I would say I'm beginner / intermediate, and when I get stucked, I feel like I could benefit from advance reversers who could tell me if I'm on the correct path or not.

 

For instance, right now I have one target which I spent quite a long time on it. I I found a lot about it, but slowly begin to get stucked now (the serial verification routine is a bit complicated to me in this program). Maybe an advanced user would finish the job in minutes, and then could tell me what I missed

 

Something like this.

 

 

 

Kao> It would not really be a thread like the one you showed me, more something like :

 

"#0076A512 > this is where the prog pushes the result of the verification routine onto the stack ; but i cant access the original location cause the VA adress it's pulling it from changes all the time... how do I go back up one level"

 

You see the idea ? There would be lots of detail on the protection scheme etc..

 

 

 

Mr. eXoDia > This is quite interesting !. Thanks for your work again. So if I understand well, people can post their first findings on a specific target, so that other members can have a look and try to continue right? Until the target gets solved and then it's beeing removed from the list ?

 

 

 

Thanks very much

-tusk-

[kao]

"#0076A512 > this is where the prog pushes the result of the verification routine onto the stack ; but i cant access the original location cause the VA adress it's pulling it from changes all the time... how do I go back up one level"

Well, you can still do that - without *publicly* naming the target or giving a DL link. 

 

If you provide enough information in your post (important parts of disassembled code, screenshots, script output, etc.), "advanced users" will be able to help you. And should they need the EXE file, they can always ask you to PM them a download link, etc.

 

Generic answer to that question - in Olly you can press View->Call Stack and choose how many levels you need to go up. Or just examine stack contents & register values to locate return address.

[tusk]

Thanks for your answer

 

Meantime I figured out it will be better to go to the request forum instead of tuts4you forum for this purpose 

 

I can then open a crack request, and directly put all my findings. Then talents might come and give it a try, and hopefully tell me where to continue.

I will keep tuts4you for 'general' questions

[mrexodia]

@tusk: Just to clarify, noProtection is meant to provide information about programs, most probably all the programs in the list got cracked. The idea is that people can check out noProtection to find out the initial things about a target, but obviously the database is far too small to accomplish that

So no, it is just a database, there is no interaction between users, just users posting information (more specifically information about the protection) for whoever is interested.

Edited June 8, 2015 by Mr. eXoDia

[tusk]

Thanks Mr eXoDia.
I'm not really of a big help then on the database since I'm only learning. I wouldnt post anything wrong, it will have to wait
 
I hope in the request section I can get some info about how the talents finish where I was stucked
exemple *DELETED*Have a great day

-tusk-

Edited June 9, 2015 by Teddy Rogers