Anti-Reverse Engineering Guide January 7, 2009
Posted by reversengineering in E-BOOK, RCE.2 comments
An individual reading this should have a solid understanding of ASM, how computers handle memory, the Win32 Debugging API, and at least some knowledge of Windows internals. This code most likely will not work on any *nix platform due to the fundamental differences of the Operating Systems. Any other knowledge in the field of reverse engineering is also a plus. One great thing about learning and implementing anti-debugging is that you also develop your reversing skills, which is a great plus to anyone interested in the field. Along with the other mentioned subjects, an interested reader should also be familiar with the tools used for binary application reversing such as OllyDBG, WinDBG, SoftICE, IDA Pro, and others.
http://vip-file.com/download/6e2909425819/Anti-Reverse-Engineering-Guide.rar.html
Trojan.Zhelatin.Pk Reverse Engineering November 19, 2008
Posted by reversengineering in RCE.add a comment
Trojan.Zhelatin.Pk Reverse Engineering
From Evilcry:
I’ve released a paper on Trojan.Zhelatin.pk RCE Analysis, that can be downloaded
Reverse Engineering: Smashing the Signature September 17, 2008
Posted by reversengineering in RCE.add a comment
Title: Reverse Engineering: Smashing the Signature
Date:
August 19th 2008
Author:
Nicolaou George
able of Contents
Introduction ……………………….3
Tools ………………3
Example Software ……………….3
Program Analysis ……………………..3
Source Code ……………3
User Interface ………………..6
Assembled Code………………..6
Binary Code Encryption ……………..8
Final Words ………………….19
SEH Overwrites Simplified v1.01th September 17, 2008
Posted by reversengineering in RCE.add a comment
Title: SEH Overwrites Simplified v1.01th
Date: October 29 2007
Author: Aelphaeis Mangarae
Table of Contents
Introduction
What Is The SEH Handler?
Pointer to Next SEH?
Microsoft Stack Abuse Protection Explained
Searching for Appropriate Addresses
Theory of SEH Overwrites & Exploitation
Theory of Windows XP SP2 & 2003 SP1 Exploitation
Windows XP SP2 & 2003 SP1 Exploitation
PLEASE READ
About The Author
Greetz To
Reverse Engineering:Anti-Cracking Techniques September 17, 2008
Posted by reversengineering in RCE.add a comment
Author:
Charalambous Glafkos
Date:
April 12th 2008
Table of Contents
Introduction…………………………….3
TODO………………….3
Reverse Engineering Tools………………………3
Reverse Engineering Approaches …………………..4
Example Software…………………….4
Program Analysis……………………………..4
Approach No1 (String References)………………………5
Suggestions (Approach No1)………………….7
Approach No2 (Breakpoint on windows API)……………………….8
Suggestions (Approach No2)……………9
Approach No3 (Stack Tracing)……………….10
Suggestions (Approach No3)…………………………….12
Binary Code Patching: …………………………….13
Approach No1 (Branch Patching)……………………….20
Approach No2 (Replace functions) ……………………..21
Serial Generating………………………..22
Code Reconstructing………………………22
Code Ripping………………………….23
Other …………………………..24
MS API function pointers hijacking September 17, 2008
Posted by reversengineering in RCE.add a comment
by: shinnai
In this paper I’ll demonstrate how to use some API functions pointers to execute
arbitrary code on a user’s pc. This is not a bug, but I consider it as a simply
security flaw.
Playing around with (old?)SEH September 17, 2008
Posted by reversengineering in RCE.2 comments
bY suN8Hclf aka crimsoN_Loyd9
08.06.2008
http://letitbit.net/download/ed2339869626/Playing-around-with–old–SEH.txt.html
edited
– and –!!
check it again
2 new tutorial from ARTeam September 16, 2008
Posted by reversengineering in NEWS, RCE.add a comment
-Inline Patching ActiveMark (AM) 6.3 Buy-Only Targets
Author: SSlEvIN
Buy Only ActiveMark 6.3 targets. These targets don’t offer any possibility to trial, just buying is possible. This can be arranged and the tutorial explains how. This is an audio and video tutorial.
-Bypassing TryGames Download Manager
Author: SSlEvIN
This short video tutorial shows how to get out of the trygames download manager, the full game download link. A simple method you can also use to code your own downloader tool.
IDA Tutors by Ricardo Narvaja September 12, 2008
Posted by reversengineering in RCE.4 comments
First Steps in IDA
IDA and OllyDbg The Union
Debugging with IDA
Debugging with IDA Continued
http://letitbit.net/download/da84de623177/IDA-TOTURS-BY-R.N.rar.html
ALL ABOUT .net August 31, 2008
Posted by reversengineering in MUPS, other protectors and packers, RCE.add a comment
—-.NET Resources
A paper on resources and how they can be extracted from assemblies
—.NET PE
file structure a simple illustration for .NET PE File structure
—CodeVeil Manual
Unpacking Unpacking CodeVeil 1.3 dotNet protector with WinHex
—-Advanced Decoding
Extracting encrypted strings from an assembly protected with SmartAssembly protector
—-SmartAssembly Patching
Removing time limit from assemblies protected with SmartAssembly
—-SmartAssembly Patching Advanced
Removing time limit from assemblies protected with SmartAssembly using a Seek and Destroy patcher.
—-Cracking .NET
software Using Reflector and Ildasm to Crack WinXP Manager 5.1.2
—-Cracking Visual Studio Components #2
Removing a nag screen from managed DLLs.
—Byte by Byte
An in depth tutor that requires some PE file structure knowledge, It shows how you can rebuild assemblies protected with codeveil 1.2 protector from a memory dump.
—-Memory Optimization
How to implement memory optimization class in your .NET code to save memory and enhance performance
—Tools & OPCodes
First tutor in the .NET reversing Tips series, It will give you a basic introduction into .NET platform and how to reverse the managed code.
—Cracking Visual Studio
Components #1 Removing protection from managed DLLs.
—-Entry Point Method
The second tutor in .NET reversing Tips series, It discusses the first steps in reversing managed code.
—Introduction to .NET
cracking A comparison between native and managed code reversing methods and tools.
—.NET Basic Patching
The third tutor in .NET reversing Tips series, an introduction to patching in managed code.
— .NET CrackME #1
An introductory tutor that shows you in steps how to reverse a simple CrackME.
—Cracking Photo sorter
A Packed dotNET application. This is a new tutor on cracking a packed .NET application. I hope it’s useful.
—-Planner.net
A video tutor that shows in steps how to remove a nag string protection from a visual studio component, It explains patching using WinHex and Ildasm.
—Cracking Rebex.FTP Components
This is a new tutor on cracking managed DLLs
—-dotNET Tracer patching
thanks fly to Bl@ckStorm Team
http://letitbit.net/download/97bd8a399498/dotNET-Tracer-patching.rar.html
http://letitbit.net/download/308e8c113593/Introduction-to-.NET-cracking.rar.html
http://letitbit.net/download/b4a23b450840/EntryPoint.rar.html
http://letitbit.net/download/d40319153468/Cracking-Visual-Studio-Components–1.rar.html
http://letitbit.net/download/59151f609667/Cracking-Photo-sorter.rar.html
http://letitbit.net/download/b321cf182809/dotNET-PE-.NET-PE-file-structure-.rar.html
http://letitbit.net/download/d4031961878/Cracking-Visual-Studio-Components–1.rar.html
http://letitbit.net/download/280b44443991/Cracking-Rebex.FTP-Components.rar.html
http://letitbit.net/download/67b174497403/CodeVeil-Manual-Unpacking.rar.html
http://letitbit.net/download/8f648a796789/Cracking-.NET-software.rar.html
http://letitbit.net/download/f88bbd964249/Advaned-Decoding.rar.html
http://letitbit.net/download/19b54b331107/.NET-CrackME–1.rar.html
http://letitbit.net/download/afe011342552/.NET-Basic-Patching.rar.html
http://letitbit.net/download/274a5d960979/SmartAssembly-Patching.rar.html
http://letitbit.net/download/b47e21734740/SmartAssembly-Patching-2-Advanced-.rar.html
http://letitbit.net/download/267522159367/Managed-Resources–dotNET-Resources-.rar.html
http://letitbit.net/download/7a1de9818675/Memory-Optimization.rar.html
or
http://letitbit.net/download/755953323647/all-about-.NET.rar.html
Reverse engineering techniques to find security bugs: A case study of the ANI August 31, 2008
Posted by reversengineering in NEWS, RCE.add a comment
Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them.
IDA Plugin Writing Tutorial with examples(c++) August 27, 2008
Posted by reversengineering in RCE.2 comments
IDA Plugin Writing Tutorial with examples(c++)
http://letitbit.net/download/2a303581684/IDA-Plugin-Writing-Tutoria-l-with-examples.rar.html
Patch HWID Execryptor 2.4.1 August 23, 2008
Posted by reversengineering in execryptor, MUPS, RCE.4 comments
Patch HWID Execryptor 2.4.1
[Execryptor 2.4.1 Cracked Unpack.CN]
by Trickyboy
language: vietnamesse
http://letitbit.net/download/94b4e0663716/Patch-HWID-Execryptor-2.4.1.pdf.html
TiGa IDA series August 23, 2008
Posted by reversengineering in MUPS, other protectors and packers, RCE.add a comment
1-Visual Debugging with IDA – The Interactive Disassembler
2-Remote Debugging with IDA Pro
3-Debugging a faulty application with IDA Pro
4- How to Solve Crackmes for Dummies in Video
1 (Tutorial)
2 (Keygen Generation)
5- x64 Disassembling Primer and fixing obfuscated APIs
6- TLS-CallBacks and preventing debugger detection with IDA Pro
7- Unwrapping a Flash Video Executable (exe2swf)
8- Stop fishing and start keygenning!
1 (Tutorial)
2 (Keygen Generation)
9- Alien Autopsy rev. 2008
10- Unpacking deroko’s x64 UnpackMe
11- Solving pnluck’s x64 CrackMe
http://letitbit.net/download/b7a303144588/TiGa-vid11.zip.html
http://letitbit.net/download/a3dcc8225252/TiGa-vid10.zip.html
http://letitbit.net/download/0b67c3359108/TiGa-vid9.zip.html
http://letitbit.net/download/b37cdf156698/TiGa-vid8.zip.html
http://letitbit.net/download/3e1487657737/TiGa-vid7.zip.html
http://letitbit.net/download/89d475741677/TiGa-vid6.zip.html
http://letitbit.net/download/8b2a51850975/TiGa-vid5.zip.html
http://letitbit.net/download/5522c8421660/TiGa-vid4.zip.html
http://letitbit.net/download/13f2d0737318/TiGa-vid3.zip.html
http://letitbit.net/download/363191840277/TiGa-vid2.zip.html
http://letitbit.net/download/8b247f874427/TiGa-vid1.zip.html
OR
http://www.woodmann.com/TiGa/idaseries.html
thanx fly to TiGa
Cracking HASP Program August 15, 2008
Posted by reversengineering in RCE.2 comments
Cracking HASP Program By Koudelka
language:arabic/english
size:2.8mg
(multimedia)
http://letitbit.net/download/5126bd654436/Cracking-HASP.7z.html
Cracking .net Components August 14, 2008
Posted by reversengineering in RCE.1 comment so far
Cracking .net Components by Ufo-Pu55y & Kurapica
I want to dedicate this tutor and the next tutors for cracking Visual studio
components and I mean here the Libraries that your application uses to add
extra functionality, if you are an old timer then think of them as ActiveX
components.
Anyway this tutor and what will follow are not meant to be an introduction
for those newbies to .Net platform cracking, you must have some knowledge
on this topic or at least you must have read the previous tutors.
Part 1 : DevComponents.DotNetBar2.dll
Part 2 : Alvas.Audio.dll
How to Write Your Own Packer August 11, 2008
Posted by reversengineering in RCE.add a comment
How to Write Your Own Packer
by BigBoote
Vol. 1, No. 2, 2006
© CodeBreakers Journal
http://letitbit.net/download/7e8a6d978381/How-To-Write-Your-Own-Packer.rar.html
undetecteding a worm or… [old blog] August 2, 2008
Posted by reversengineering in RCE.6 comments
undetecteding a worm or…
Bypass Hardware Breakpoint Protection August 2, 2008
Posted by reversengineering in MUPS, RCE.1 comment so far
http://letitbit.net/download/1438ef782168/Bypass-Hardware-Breakpoint-Protection.pdf.html
ExeCryptor HWID Patching, Tutorial how to patch a other HWID permanently July 31, 2008
Posted by reversengineering in execryptor, MUPS, RCE.add a comment
Hello together,
today I have made a new flash tutorial about patching ExeCryptor´s HWID
permanently in a unpacked EC target to get a running file with also the valid
name,serial and HWID of course.
greetz
by LCF-AT
_http://rapidshare.com/files/133785363/ExeCryptor_HWID_Patching.rar
Summary of defects in Syser April 2, 2008
Posted by reversengineering in RCE.1 comment so far
Summary of defects in Syser
I’m using the Syser 1.96 trial version (1.96.1900.939) available since the 03/08/2008. My only goal is to help in the development of this product. Some complain of not having feedback, so here it is :
I would like to start by saying that Syser is evolving and despite this, it already offers a good quality.
1) No support for “azerty” keyboards
Users come to use it anyway, but it’s not very comfortable.
2) Can’t trace INTxx. Syser doesn’t emulate this case
Not practical when hooking IDTs with dispatches everywhere.
3) No real time display of 64-bit MMX registers
there’s a “static” possibility with the “wf1″ command but a real time display would be a plus.
4) No real time display of the active processor
You must type each time the “cpu” command in the command window. This isn’t practical when you are in a system information loop scan with a KeSetAffinityThread in the loop.
A real time display would be a plus.
5) Sofware keyboard
The colon punctuation sign (‘:’) is missing and you need therefor to type it on the keyboard.
Slash (‘/’) and backslash (‘\’) are inverted.
A truly effective soft keyboard would solve the first point (azerty keyboard).
6) The CodeView window doesn’t display modification in real time.
db cs : offset … and you change this or that opcode by hand, the “code” window doesn’t display the modification in real time. You need to issue a “one_step” command to see the modification or redo a “u cs:eip”. Same thing apply to the “zap” command and the replacing “nop”.
No real time feedback in the “code” window.
7) The “pointed content” window is ineffective.
On the top right in the task bar, there’s a little and narrow window preceded by a question mark (“?”).
This window lets you view the “pointed content”.
Example:
Mov eax, [ebx + 08] —–> you’ll have the actual content of ds: [ebx +08] in the window… For example: 0044001Ah
This content is displayed during a “step by step”. But if you are doing other things, it doesn’t work.
If you change manually (through a db cs: eip), the “+08″, in a “+xx”, the window fails to refresh.
You could redo a “u cs: eip”, or whatever you want, … Nothing happens!
You will have to manually issue a “dd ds: x” to see your new “pointed content” !
Incidentally, we have changed manually one “opcode”! … The “[ebx + 8] in [ebx + XX]
There’s no update in the opcode! you necessary need to scroll the “code window” to force the update!
There’s too many “real time” and “update” problems in Syser.
8 ) Scrolling problem in the “System explorer” window.
In the “system explorer” window, type “IDT”. The IDT vector list of the active processor is then displayed. This list has 0xFF vectors, so the window has to scroll, but the window only displays the last 64 vectors and even if you scroll up, it stops at 0xC0 !
A complete display is possible in the “Command Console” window, but not in the “System explorer” window. The main problem is that you are currently working in the “System Explorer” window !
Identical bug for the “GDT” and “MSR” commands
The Reverse Code Engineering Video (ida) October 28, 2007
Posted by reversengineering in NEWS, RCE.1 comment so far
hi
1-Visual Debugging with IDA – The Interactive Disassembler
2-Remote Debugging with IDA Pro
3-Debugging a buggy Application with IDA Pro
4-How to solve Crackmes for Dummies in Video
Author: TiGa [+Sign Student]
link:
http://rapidshare.com/files/65528665/TiGa-vid1.zip
http://rapidshare.com/files/65528639/TiGa-vid2.zip
http://rapidshare.com/files/65528629/TiGa-vid3.zip
http://rapidshare.com/files/65528612/TiGa-vid4.zip
all tuts by sina_dir (my friend in UnReal-rce Team) October 26, 2007
Posted by reversengineering in MUPS, other protectors and packers, RCE.add a comment
| Tutorial Name | Language | Download | Size | |
| How To Make a Trainer For Resident Evil 3 (New) | Farsi-Persian | Download Now | 582.1 KB | |
| Manual Unpacking WinUpack 0.3x | English | Download Now | 675.9 KB | |
| Manual Unpacking ExeShield 3.8.5.2 | English | Download Now | 1.47 MB | |
| Removing Yahoo! Games NagScreen & TimeTrial | Farsi-Persian | Download Now | 297.8 KB | |
| Manual Unpacking ACProtector 1.41 | English | Download Now | 561.4 KB | |
| Manual Unpacking AntiCrack Protector 1.0 | English | Download Now | 457.1 KB | |
| Manual Unpacking SLVc0deProtector 1.12 | English | Download Now | 577.8 KB | |
| Manual Unpacking SLVc0deProtector 1.12 | Farsi-Persian | Download Now | 544.4 KB | |
| Manual Unpacking MEW11 SE 1.2 | Farsi-Persian | Download Now | 925.9 KB | |
| Manual UnPacking SPLayer 0.08 | Farsi-Persian | Download Now | 670.9 KB | |
serial tuts August 7, 2007
Posted by reversengineering in RCE.1 comment so far
HI
another collection
THANX FLY OUT TO krobar
link:
cd tuts August 7, 2007
Posted by reversengineering in RCE.add a comment
HI
another tutors about cd cracking !!!
NOTE:
If you wanna use my cd.html index then do this:
Just unzip this zip: “cdtuts.zip”, and click on cd.html to have an index of all the cd tuts I had at Jan 2002….
krobar
link:
over 146 tuts about NAG August 7, 2007
Posted by reversengineering in RCE.add a comment
hi
another collection from krobar’s website
note:
If you wanna use my nags.html index then do this:
Just unzip this zip: “nagtuts.zip”, and click on nags.html to have an index of all the nag/timetrial tuts I had at Jan 2002….
link:
vb tutors from krobar August 7, 2007
Posted by reversengineering in RCE.add a comment
hi
this collection is very good from old website http://zor.org/krobar…..
its usefull for newbie ppl in reversing 
note:
If you wanna use my visualbasic.html index then do this:
Just unzip this zip: “vbtuts.zip”, and click on vb.html to have an index of all the vb tuts I had at Jan 2002….
krobar
link:
Cracking code August 5, 2007
Posted by reversengineering in RCE.1 comment so far
HI
Cracking code – Introduction
from this link:
http://www.atrevido.net/blog/PermaLink.aspx?guid=73204548-5970-46db-b7cf-76cd4c22c3b9
To defend, you must have some idea of what you’re defending, and who and what you’re defending against, specifically, which attacks. Failure do understand and know these things means that your defense will most likely not be effective, and could in fact decrease your security. Here’s an example:
Near where I live, thieves were stealing cars that people parked in the street. The neighbourhood committee decided that they’d stop this. The solution they implemented was to put gates at all entrances and exits of their area, and have guards that only allow cars with a particular sticker get through. This makes people FEEL more secure. However, for the cost (guardhouses and gates construction, guard salaries), it’s not as effective as it could be. A thief can still walk in just as easily (gates only block roads), and when driving a stolen car out, the guards will see the car and sticker, recognize it, and let them leave. If they had thought about how thieves operated, then they would have realised this and done something more effective, perhaps hiring the same number of guards, but setting them on a patrol, instead of just sitting at their posts. With unlimited resources, they could do both things, and give each member a special remote key-code to unlock the gate when they are driving. However, the tradeoff in cost and convenience is too high for them.
This is how security is, in the physical and electronic worlds. We have many possibilities, each with their tradeoffs. Deciding which measures to implement requires us to understand how our opponent is going to operate, as well as the details of how exactly our defenses work.
In this series, I’m going to show you how to crack simple code. I’m going to make a series of samples to try this out on (to avoid DMCA problems with real code), so as to get a feel of what crackers do to code. It is not going to be in-depth or show how to become a master cracker. Just enough so that we could attack a simple Windows/.NET program’s licensing key system, which is a common theme in software protection.
Continue to Part 1, where we’ll crack some simple code…
Cracking code – Part 1
http://www.atrevido.net/blog/PermaLink.aspx?guid=ec99e239-8917-48e3-bd4f-af866b730150
Cracking code – Part 2: Other simple attacks
http://www.atrevido.net/blog/PermaLink.aspx?guid=f2b7825e-1a8b-4beb-adf0-215011fd89e0
Cracking code 3: Cracking an obfuscated .NET assembly
http://www.atrevido.net/blog/PermaLink.aspx?guid=8315fa01-0286-47ce-a20b-fcc15eb297c3
Cracking Code 4: Replacing a strong name
http://www.atrevido.net/blog/PermaLink.aspx?guid=f772c18a-f389-4c28-bd6a-a30f4ccc84f5
Cracking code 5.1: Increasing your configuration
http://www.atrevido.net/blog/PermaLink.aspx?guid=92b5d25e-e53a-459c-b2c1-77aa26544880
Primer On Reversing Symbian S60 Applications v1.4 August 1, 2007
Posted by reversengineering in RCE.add a comment
hi
Tutorial: Primer On Reversing Symbian S60 Applications Author: Shub-Nigurrath A very long and detailed primer on reversing Symbian S60 applications, covering required tools, examples, references and links to other tutorials (Version 1.4)
LINK:
http://arteam.accessroot.com/tutorials.html?fid=194
or
http://rapidshare.com/files/45122699/dl.php_id_194
rename to *.rar
and tools:
http://rapidshare.com/files/37166743/symbian_rce_help_tools.rar
