Tutorial On modding Level 0 For beginners

[dEEpEst]

The antivirus software uses two methods to protect our PC: 1 - Analyze the files comparing them with the database of malicious software (Signatures) would be like a police reconnaissance wheel or when trying to identify a criminal with a photo: The antivirus compares each file on the hard drive with a "dictionary" of known viruses. If any piece of code (signatures) in a file on the hard drive matches the virus known in the dictionary, the antivirus software comes into play and 2 the constant monitoring of the behavior of files that may be infected. 


For example 

Seeing it from Binary, let's suppose that for Avast this code is a virus signature "12 55 40 05" when analyzing the binary and find this: 

Hidden Content

Give reaction to this post to see the hidden content.

Automatically Skip as a virus 


Av Fucker Method 

With this method we will look for the signature and we will change its code so that Avast or any antivirus does not recognize it anymore 


Code detected as virus 

Hidden Content

Give reaction to this post to see the hidden content.

Modified code indented 

Hidden Content

Give reaction to this post to see the hidden content.

It's simple right? the issue is that when we modify one of those numbers (offset) it has to be functional 


Let's see it Step by step 


Step 1 tools 

Undetectable offset locator 2.6 (is that I use but can be any locator) 
Hex Workshop 
This Crypter: LVL23 Crypter
I used this little ball: LVL23 Ball

Step 2 

We grab the crypter and encrypt a small ball 

Step 3 


We open in offset locator and in "file" we choose the ball and in "directory" the folder where we will create the offsets (Create a new folder and call it offsets) in initial bytes we put "100" and fill in the number "90" 

Hidden Content

Give reaction to this post to see the hidden content.

It would have to stay more or less ASi 

Hidden Content

Give reaction to this post to see the hidden content.

We start and wait for it to finish creating the offset ... When finished we scan the offset folder with Avast and delete the detected ones 

Step 4 

Let's show offset 

Hidden Content

Give reaction to this post to see the hidden content.

and we double click on the range that appears 2370 - 2410 

now the locator will stay like this 

Hidden Content

Give reaction to this post to see the hidden content.

 

[dEEpEst]

We delete all the files in the offsets folder and we give it again to start then we scan with Avast the offsets folders delete the detected ones and we would have these offsets 

Hidden Content

Give reaction to this post to see the hidden content.

We click to show offsets again 

Hidden Content

Give reaction to this post to see the hidden content.

And we chose the rank 2370 - 2410 

the locator will remain like this: 

Hidden Content

Give reaction to this post to see the hidden content.

We delete the files of the offset press and start again ... scan with avast ... we delete the detected ones 

and we have these offsets 

Hidden Content

Give reaction to this post to see the hidden content.

When we are 1 byte 

we must try what works ... 

We open the first 2380 

And ... Perfect works 

Hidden Content

Give reaction to this post to see the hidden content.

How do we know if it works? if you have to open the little ball that we encrypt ... 

Step 5 

We open the hex workshop 
We open the stub 
Right button 
Goto 
offset 
and we put the one that was functional 2380 

Hidden Content

Give reaction to this post to see the hidden content.

We change the number that appears in that offset by the number that we put in "fill in" 

Hidden Content

Give reaction to this post to see the hidden content.

Hidden Content

Give reaction to this post to see the hidden content.

And we save File Save as ... 

Stub modifica.exe 

We scanned the stub and .... 

Hidden Content

Give reaction to this post to see the hidden content.

Well this is the most basic if you have questions ask ... in a few days we move ...