Reverse Engineering - iExploit

Small crack me challenge, C++

Mr. P-teo — Thu, 06 Sep 2012 18:31:37 -0400

So i made a crack me, i don't think it will be too difficult. Let us know what you think. Try to get the real password if you can.

[BROKEN LINK] <= will repost soon.

if you're worried about the file size it's because i used a number of include files from which i used like 1 function :/. and as for a virus scan, do it your self if you don't trust me lol, they can easily be faked.

Bypassing Anti-Reflector etc. Help

Mr. P-teo — Sat, 11 Aug 2012 14:56:02 -0400

So i need some help, in my spare time i like reflecting .net apps, but some have like anti .Net Reflector or anti simple assembly explorer. So anyway is there a way i can remove this?

need help

cyberpirate — Sat, 12 May 2012 06:14:03 -0400

I want to learn reverse engineering.But don't know from where to start can anybody help... please..

Any DLE Autoposter Cracked.

Bl00dy — Sun, 25 Mar 2012 23:26:12 -0400

hello all well im new here and learning to crack. but for the moment i need any dle autoposter for my site

one of these pls : thema poster
post news from this site : www.postnews.info
or the multiposter 5 by jayfella

pls if someone can crack these would appreciate it a lot :))

thanks to all

btw great community.

How to Reverse a Keylogger VIA Hex

PsYil0CY.bin — Thu, 01 Sep 2011 07:23:24 -0400

[video=youtube]

Cracking Audio Editor Pro Vers.2.9.5

schumbag — Sun, 14 Aug 2011 20:47:55 -0400

http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack1.jpg
About Software

Audio Editor Pro 2.95 is a multifunctional audio editor application that can perform a variety of
editing on your audio files. There are a number of interesting functions presented in this application, including
filtering, audio effects, format conversion and more. The application also has more than 20 sound
interesting effects and 6 filters.

Site: http://www.mightsoft.com/
Price: US$ 39.95
OS: Win 98/ME/2000/XP/2003/Vista

Lifetime & protection software

This software is packed with protection:
[-] The life span is 30 days.
[-] Register form which will appear on if not registered within 30 days.
[-] If the lifetime has expired, then the software must be registered by entering the code
true. Software could not be used if the key does not match filled.
[-] Software is encrypted with a Packer.
[-] Software CONVERT and ripping only allow a maximum of 4 files for non-register
If the protection is removed, then the user can use this software as been registered.

Reversing Steps

Previously, Crackers Kit Prepare the following first:
[-] Peid v.0.94
[-] DilloDIE v.1.6
[-] PE Explorer V1.99
[-] SND Olly v.1.10
[-] Trial Reset v.3.0

Step 1. Looking for information protection / Packer
[tools: Peid v.0.94]

http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack2.jpg
[-] Open PeiD, then Drag & Drop
areditor.exe Packer who was detected by PEiD
[-] Software is protected by
Armadillo 3.78 - 4.xx

Step 2. Unpacking the process [Tool: dilloDIE v.1.6]
As a reference of In my experience,
software that is protected
by Armadillo
should be unpacked
before passing the
permitted use.

Let us direct Unpack
this software.

With dilloDIE v.1.6,
"Unpack" the fourth
program execution
contained in the directory http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack3.jpg

C: \ Program Files \ Mightsoft \ Audio Editor Pro before the registration period runs out.
[-] Areditor.exe
[-] Areditor16.exe
[-] Arconverter.exe
[-] Arripper.exe

C: \ Program Files \ Mightsoft \ Audio Editor Pro before the registration period runs out.
[-] Areditor.exe
[-] Areditor16.exe
[-] Arconverter.exe
[-] Arripper.exe

Unpacking by dilloDie results will be save in the same directory with the name
[-] Areditor.exe.dDIE.exe
[-] Areditor16.exe.dDIE.exe
[-] Arconverter.exe.dDIE.exe
[-] Arripper.exe.dDIE.exe

Kempat file at the top will crack it one by one.

Step 3. Rid of protection [Tool: PE Explorer V1.99, SND Olly v.1.10]
Once unpacked, the software still displays the Nag Screen, this protection - it is, etc.. It is very
sucks. Let us remove one by one.

Eliminate Nag Screen - Registration Form on areditor.exe.dDIE.exe & areditor16.exe.dDIE.exe
Open areditor.exe.dDIE.exe or areditor16.exe.dDIE.exe with PE Explorer V1.99, do the
below:

[-] Click the image, / Ctrl + R to open RESOURCE EDITOR.
[-] You will find on the Registration Form found on the RESOURCE dialog.158
DIRECTORY "Dialogue".
[-] Right-click and choose Delete above dialog.158 Resource / Shift + Ctrl + D.
[-] Save the file has been modified, for example with the name and open the file areditorCrack.exe
execution.
[-] PE Explorer is not only able to dispose of unwanted form, but can also
change the icons, images, and text labels.
Listen
Read phonetically
Rate translation

http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack4.jpg
OK, Registration Form has been lost. There are two problems again.

Protection eliminates restrictions and ripping CONVERT
If the software is not registered properly then the user can only perform CONVERT and
Ripping a maximum of 4 files
http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack5.jpg
Both the audio converter and CD ripper to limit the maximum file number = 4

This protection can be found on arconverter.exe.dDIE.exe and arripper.exe.dDIE.exe

A. With SND Olly change program flow arconverter.exe.dDIE.exe
- Double-click the address that was originally JNZ short 004014C1 004014D1 004014D1 change to jmp short
- Double-click the address originally 0040499E JNZ short change to jmp short 00,404,980 00,404,980
- Right-click Copy to executable> All modifications> Copy All.
- Right click and select Save Backup> data to the file. Save the crack becomes arconverter.exe
http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack6.jpg
B. With SND Olly change lanes arripper.exe program dDIE.exe
- Double-click the address of the original 00406611 00406621 JNZ short turn into short jmp 00406621
- Double-click the address originally 004084FF change 0040851D JNZ short a short jmp 0040851D
- Right-click Copy to executable> All modifications> Copy All.
- Right click and select Save Backup> data to the file. Save the crack becomes arripper.exe
http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack7.jpg
see???No More NAG SCREEN, No more Track limit

http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack8.jpg
Additional Notes About Armadillo Protection

Armadillo Software also protect the Windows system registry. He will create a registry string
the registry database. If the trial period runs out before the unpacked with dilloDIE, then you will
quite complicated with the registration request under this
http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack9.jpg
If the message above has appeared
http://i786.photobucket.com/albums/yy144/chempreng/cakill_crack10.jpg
unpacker dilloDIE also can not
do much. There are ways to
scanning of
this protection and eliminate it,
ie with TRIAL RESET tool.

Here I use the Trial Reset 3.0.
[-] Select and Click Armadillo protection
"SCAN"
[-] Once detected, select protective
to delete and click
right and "CLEAR KEY"
[-] Scan Repeat again for
ensure all protection Armadillo in the registry database had been deleted.

FINISHED!!!

Original Posting From :
http://devilzc0de.org/forum/thread-1581.html
(indonesian version language)

NOTE for LiquidPoison
who had met me in the irc.evilzone.org channel #iExploit
I want to see yourskill Do not be arrogant, because science is not as widespread as you think.

Assembly command cheat sheet

chroniccommand — Wed, 09 Mar 2011 21:18:32 -0500

Here is a cheat sheet I made up of Assembly commands. Simple ones such as PUSH, POP etc. I will be using intel syntax.

-------------------------------
POP:
pop a memory address off the stack(Remember LIFO structure).
Usage:


pop [memory address]

Example:


pop eax ; Pop the eax register off the stack

--------------------------------
PUSH:
Push a memory address into the stack
Usage:


push [memory address]

Example:


push ebp ; Push ebp onto stack

--------------------------------
MOV:
Move memory addresses
Usage:


mov [memory address], [memory address]

Example:


mov esi,0x400e74 ; Move 0x400e74 into the value of esi

--------------------------------
JMP:
Set the EIP to a memory address
Usage:


jmp [memory address]

Example:


jmp eax ; Set EIP to current eax register

--------------------------------
CMP:
Compare memory addresses
Usage:


cmp [memory address], [memory address]

Example:


cmp eax, esp ; Compare eax register and esp register

--------------------------------
ADD:
Add source to destination
Usage:


add [destination], [source]

Example:


add esx, ebx ; Add ebx into esx

--------------------------------
INC:
Increment by one
Usage:


inc [memory address]

Example:


inc ebx ; Increment ebx by one

--------------------------------
Registers(basic ones. 32 bit):


eip
esp
eax
edx
ecx
edx
ebx
esi
ebp

Buffer Overflow Exploitation [Theory]

LiquidFusi0n — Sat, 23 Jul 2011 15:17:37 -0400

This is a series I am starting and it might not be 100% correct, if mistakes are spotted please comment and I will correct them.

I figure the best place to start with this series is to explain what a buffer overflow it is and how it can lead to someone compromising your system. This is just theory, as is all of this section of the series, there is a second half to this called [Practical] but because of time restraints I may be ahead on the theory but be a little bit behind on the practical.

So lets start.What is a buffer? Well a buffer is a section of memory that can be allocated either through programming or automatically. If poor programming practices have been used there may be a way for us to go beyond that set buffer and access other memory. Once in the other memory we can write our data to it in many ways, but this will be discussed later on. Basically when we overflow the buffer we have the ability to insert our own commands and using a thing called ShellCode we can establish a connection between us and the client.

Where do buffer overflows exist? This depends on whether our attack is remote or local. Generally a buffer is set wherever user input is taken, this is where most exploits lay. So lets take a remote attack as an example, to be remote simply means that this is an application that uses the Internet in someway allowing us to connect to it and attack remotely. An example of this is Kolibri Web Server, this web server sets a buffer for the HEAD section of the HTTP Request, so we have to craft our exploit into a HTTP Header and send it over port 80. This attack will overflow the buffer and create a connection (shell) to that machine. This specific attack uses SEH Exploitation which we will cover soon.

If it is local attack the user generally has to open a file that will have the payload inside it. For instance the software AutoPlay allows users to easily create the â€˜autoplay.iniâ€™ file that is present on a lot of CD and USB devices. The vulnerability exists in opening an â€˜autoplay.iniâ€™ file that has added information (ShellCode) allowing the user to spawn a shell. Why would this be used (I am thinking this myself) I can only imagine that this kind of attack could be used on a system that is on lock down. If you have gained access to a workstation on your clients network and their OS is locked down so no shell allowed, if the user has access to this program we could still spawn a shell on that computer through this method. Another reason could be to gain access remotely by using this technique in combination with social engineering and of course local exploits are great for privilage escalation. Take the recent Adobe Reader exploits, a user could craft a special PDF file and trick someone into downloading it, when they open it they see their normal PDF content but unbeknown to them a shell has been spawned on their machine.

You are likely to see the term â€˜PoCâ€™ quite a bit when we start researching other peoples exploits, this means Proof Of Concept. Basically the user will craft the exploit that works but instead of including ShellCode to spawn a shell they will simply perform a execution task such as start â€˜calc.exeâ€™ (Windows Calculator). This is generally used to deter script kiddies from just launching the exploit without understanding it. A lot of the time people who code Buffer Overflows will also put the wrong offset in so the attack will not work without some modification by the user, testing the knowledge and again deterring script kiddies. Sometimes a Proof of Concept can also simply be a file that successfully crashes the application, the rest of the work is normally left up to someone else to create.

A buffer overflow exploit can be coded in pretty much any language but I started in Python. And I find this easier than any other language (for me), I do not have really much programming experience but I do not feel it drastically important, you should still be able to follow along. It is essential to understand the basic concepts of programming though i.e. Variables, take user input, sockets, librariesâ€¦ This will all be explained in dumbed down terms in the Python section of the series.

Good websites to look at Buffer Overflow code.

http://www.exploit-db.com â€“ Awesome resource, I believe owned by the extremely skilled hacker Muts.

http://nvd.nist.gov/ â€“ Another great resource, one of the best ways to learn is to look at other code.

http://osvdb.org/

So I hope you now know what Buffer Overflows and what some of the results can be of the attack. We will learn a lot more when we progress into the actual attacks, but it is essential to have a firm understanding in basic concepts.

If you believe anything should be added to this post (I will likely make revisions on my own as well) send me an email at admin [at] hackinghq [dot] com

â€“LiquidFusi0n

I might...

D0WNGRADE — Tue, 14 Sep 2010 22:39:44 -0400

[align=center]D0WNGRADE[/align]

Hello fellow crackers! After I do my video tutorial series I might be making a Reverse Engineering video tutorial series. I am going through that phase where cracking is just this repetitive thing, so I've been programming. I'm saying "might" because I'm fairly certain that I'll be interested again soon...but you never know.

Thanks!
~D0WNGRADE

IDA Pro Advanced 6.1

s1n4 — Sun, 26 Jun 2011 18:32:03 -0400

IDA Pro Advanced 6.1

http://depositfiles.com/files/1j50bw69y
http://letitbit.net/download/37680.3d78 ... E.rar.html
http://www8.zippyshare.com/v/20656668/file.html

Password: rl-team.net

Unpack UPX [Any Version]

DeadLine — Thu, 26 May 2011 04:08:52 -0400

http://www.youtube.com/watch?v=TY-EuiBejhQ
made this a while ago, was gonna do a cracking series but got busy with school work. ill start it up in the summer(:

Bypassing Anti Debugging Filters?

Xin — Tue, 08 Mar 2011 19:11:58 -0500

A lot of popular software now will kill the process if you attempt to open it in a debugger or use it with a network analyser to prevent cracking, do you guys know of any ways to block this?

I know there are some olly plugins that can try make it invisible but not all of them work.

Reverse Engineering of Proprietary Protocols, Tools and Techniques !

mandi — Thu, 10 Mar 2011 20:03:34 -0500

This talk is about reverse engineering a proprietary network protocol, and then creating my own implementation.

The talk will cover the tools used to take binary data apart, capture the data, and techniques I use for decoding unknown formats. The protocol covered is the RTMP protocol used by Adobe flash, and this new implementation is part of the Gnash project.

Download Complete Video :


http://www.filesonic.com/file/125296291/reverse.xvid.avi
or
http://www.fileserve.com/file/jWNATyJ/reverse.xvid.avi
WMV3 1024x768 | MP3 48 Kbps | 183 MB

source:


Reverse Engineering of Proprietary Protocols, Tools and Techniques ! : The Hacker News ~ http://www.thehackernews.com/2011/03/reverse-engineering-of-proprietary.html

hope you guys like it....

Cracking with D0WNGRADE (1)

D0WNGRADE — Tue, 21 Sep 2010 00:53:43 -0400

[align=center]D0WNGRADE[/align]

[align=center]Lesson One ~ Introduction[/align]

What is Cracking?
Cracking is modifying software in some way to remove or add "features".

How do I do this magic?!
Whoa there young grasshopper. There are some things you'll need to know before doing this "magic". :)

Grab a debugger. (I recommend GDB. It comes with most *NIX systems) Now we're going to crack our first program! I've created a simple C file that you can view here. Open a terminal and compile it to a file called "test":

gcc vulnerable_code.c -fno-stack-protector -o test

Then run the file:

./test

You should see:

::D0WNGRADE's Cracking Test::
Usage: ./test [arg 1]

So we see it takes one argument. In this program, the argument is stored into a buffer variable that is 20 bytes. So, inputting something more than 20 bytes long will overflow that buffer. We normally wouldn't know how big the buffer is without some testing, but more on that later.

./test AAAAAAAAAAAAAAAAAAAAA
(there is 21 'A's)

This should produce a "Segmentation Fault". This basically means there was an error that caused the program to crash. That means we've found out how to crack it! Now, we could attach GDB to the process while ./test is running...but sometimes when it crashes the memory addresses can change during debugging. (due to the debugger attaching to the process) So, we'll enable something called "core dumps" (AKA cores). Cores are basically a "crash report" that GDB can read. So, to enable core dumps, type the following:

ulimit -c unlimited

That enables core dumps that can be an unlimited size. Now run ./test again, you should see: Segmentation Fault (core dumped)
Now, in the directory you have ./test in, use the "ls" command and you should see a file named "core"! Now, we can run that in GDB like so:

gdb --core core

(where the second "core" is the name of the core file)

In the next tutorial we'll look over how to write an exploit using the information from GDB!

Thanks for reading!
~D0WNGRADE

Reverse Engineering .net Applications - Stealing Source

Xin — Wed, 22 Sep 2010 20:49:27 -0400

http://www.youtube.com/watch?v=yhlsDBuDG7A

Reverse Engineering .net Applications - Cracking Pixel Rat

Xin — Wed, 22 Sep 2010 19:30:11 -0400

http://www.youtube.com/watch?v=bKp7Zj8r4Io

Just me pwning the poorly protected pixel rat

Exploitation Boot Camp:: Basic Disassembly

Xin — Wed, 25 Aug 2010 00:37:03 -0400

Exploitation Boot Camp: Basic Disassembly

Step 1:: Simple Hello World

Requirements:
Unix System
C or C++ Syntax Knowledge
Basic Assembly Knowledge
Basic Linux Knowledge of commands

First of all before you begin exploitation you must have a good understanding of programming, in particular C and C++. It also helps to have an understanding of assembly language however i will go over the basics here, the most essential thing however, is the ability to think outside the box.

Lets start by writing a simple Hello world app in C.

http://www.iexploit.org/images/tutorials/helloworld.png

The code you write in here does not matter, it is simple an example to show basic disassembly. Lets now compile it using whatever compiler you use, i recommend GCC for linux, or GCPP for C++, to compile enter the following code,

http://www.iexploit.org/images/tutorials/compile.png

You will also see how to execute the binary if you really dont know how.

Step 2:: Examining Compiled Binaries

We will now take a look how the compiled binary looks using a program called objdump, showing each byte in hexadecimal or hex as you may know it as. I also recommend familirising youself with Hexadecimal number system. The hex numbers represent the memory addresses, which is just places in the memory (temporary storage).

http://www.iexploit.org/images/tutorials/objdumpsmall.png

Step 3::Debugging

We will now debug the program we created to show the processor registers at certain points in the program, we will do this by entering breakpoints to pause the program. To do this enter the following code, we will use a program called gdb which should be installed as default on most linux systems i believe.

http://www.iexploit.org/images/tutorials/gdbsmall.png

You can see the registers
RAX - accumulator
RCX - counter
RDX - data
RBX - base

These are known as general purpose registers, named above, these are basically variables for the CPU the next four registers
RSP - Stack Pointer
RBP - Base Pointer
RSI - Source Index
RDI - Destination index
These are also general purpose, the pointers store 32 bit addresses pointing to locations in the memoery.

The RIP register is the instruction point register that points to the current instruction being read, this is a very important register.

Thanks for reading
Xinapse
Hope you enjoyed

Reverse Engineering .net Applications - NOP

Xin — Wed, 22 Sep 2010 19:29:19 -0400

http://www.youtube.com/watch?v=m9MCvCfYmZ8

Hope you enjoy! :), this is part 2 of the series

Reverse Engineering .net Applications Decompiling

Xin — Wed, 22 Sep 2010 19:28:10 -0400

http://www.youtube.com/watch?v=7lLCFxBX1HA

Really basic, but im doing a series on it so we gotta start somewhere :)