Comments for Reverse Engineering Team Blog http://www.reteam.org/blog Sat, 17 May 2008 06:55:18 +0000 http://wordpress.org/?v=2.1 Comment on VB6 Self-Modifying Code by C0113c70r http://www.reteam.org/blog/2005/03/17/vb6-self-modifying-code/#comment-37 C0113c70r Mon, 12 Mar 2007 05:12:13 +0000 http://www.reteam.org/blog/2005/03/17/vb6-self-modifying-code/#comment-37 Nice article, but where's the file? Your link is dead. Nice article, but where’s the file? Your link is dead.

]]> Comment on Trading Security for Convenience by Andreas http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-23 Andreas Thu, 08 Feb 2007 16:53:02 +0000 http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-23 Hi! I've tried unwand and it's a great tool. But I've a question: is there any possibillity to have commandline options? Or is a source code avaliable? Thanks and regards Andreas PS: The link above isn't working. I had to download over a russian website. PPS.: Mail wold be great... Hi!

I’ve tried unwand and it’s a great tool. But I’ve a question: is there any possibillity to have commandline options? Or is a source code avaliable?

Thanks and regards
Andreas

PS: The link above isn’t working. I had to download over a russian website.
PPS.: Mail wold be great…

]]> Comment on Cogito ergo sum by junior http://www.reteam.org/blog/2005/08/21/cogito-ergo-sum/#comment-22 junior Sat, 03 Feb 2007 16:30:51 +0000 http://www.reteam.org/blog/2005/08/21/cogito-ergo-sum/#comment-22 "It is impossible for a computer to compute a continuous space." Sorry Andrea, but this isn't true wink You can sweep a polyhedron over the time-domain to compute a continous space razz You can't store it (i don't know of a way at least), but you can test against it. “It is impossible for a computer to compute a continuous space.”

Sorry Andrea, but this isn’t true wink You can sweep a polyhedron over the time-domain to compute a continous space razz You can’t store it (i don’t know of a way at least), but you can test against it.

]]> Comment on Nice TheMida tutorial by Devine9 http://www.reteam.org/blog/2005/06/28/nice-themida-tutorial/#comment-21 Devine9 Sat, 03 Feb 2007 16:28:38 +0000 http://www.reteam.org/blog/2005/06/28/nice-themida-tutorial/#comment-21 For anyone who wasn't able to follow up on this.. this is what was posted after someone on the rce forums emailed the author of the tutorial.. (spanish) --- cut --- This is the response of akira: Hola Ricardo, perdona el trabajo extra que te estoy dandoEl hecho de que haya varias combinaciones es porque el mismo codigo lo utilice para varios programas, pero hay varias que estan quitadas. Supongo que la duda surge porque la explicacion que esta en el tuto anterior de xprotector esta en español... Lo que tiene que hacer es buscar con Olly o con lo que sea la funcion ZwTerminateProcess (logicamente en cada ordenar las direcciones seran distintas y cada uno tiene que buscarlas para hacer uso de este trazador) Un ejemplo de ZwTerminateProcess en mi Pc : Con Olly abro cualquier crackme y doy a search->all names busco ZwTerminateProcess y doy a intro Ahora en la foto podemos ver la funcion , hay que sacar dos direcciones : DWORD * NtAllocateVirtualMemory1=(DWORD *)0x77F66644; DWORD * NtAllocateVirtualMemory2=(DWORD *)0x77F6664A; La Memory2 apunta al "retn 8" como podeis ver en la foto y la Memory1 apunta a la constante 7ffe0300 , osea que hay que pillar la direccion de mov edx,7ffe0300 y sumarle uno(estas direcciones solo sirven para mi PC, cada uno debe buscar las suyas antes de compilar)La idea es que en vez de llamar a la funcion 7ffe0300 llame a nuestra funcion gancho Y ahora ya, se compila ( yo recomiendo compilar sobre visual c++ 6.0 porque es la plataforma donde yo he calculado los offset sobre este compilador. Compilarlo en otro puede dar resultados impredecibles) Un saludo y perdona de nuevo por el trabajo extra, si no quieres tener que estar posteando diles que me escriban al email de contacto del tuto y conforme tenga tiempo ire contestando. the mail of akira is akira_cracker@yahoo.com.ar cheers.. For anyone who wasn’t able to follow up on this.. this is what was posted after someone on the rce forums emailed the author of the tutorial.. (spanish)

— cut —

This is the response of akira:

Hola Ricardo, perdona el trabajo extra que te estoy dandoEl hecho de que haya varias combinaciones es porque el mismo codigo lo utilice para varios programas, pero hay varias que estan quitadas. Supongo que la duda surge porque la explicacion que esta en el tuto anterior de xprotector esta en español… Lo que tiene que hacer es buscar con Olly o con lo que sea la funcion ZwTerminateProcess (logicamente en cada ordenar las direcciones seran distintas y cada uno tiene que buscarlas para hacer uso de este trazador) Un ejemplo de ZwTerminateProcess en mi Pc : Con Olly abro cualquier crackme y doy a search->all names busco ZwTerminateProcess y doy a intro Ahora en la foto podemos ver la funcion , hay que sacar dos direcciones : DWORD * NtAllocateVirtualMemory1=(DWORD *)0×77F66644;
DWORD * NtAllocateVirtualMemory2=(DWORD *)0×77F6664A;
La Memory2 apunta al “retn 8″ como podeis ver en la foto y la Memory1 apunta a la constante 7ffe0300 , osea que hay que pillar la direccion de mov edx,7ffe0300 y sumarle uno(estas direcciones solo sirven para mi PC, cada uno debe buscar las suyas antes de compilar)La idea es que en vez de llamar a la funcion 7ffe0300 llame a nuestra funcion gancho Y ahora ya, se compila ( yo recomiendo compilar sobre visual c++ 6.0 porque es la plataforma donde yo he calculado los offset sobre este compilador. Compilarlo en otro puede dar resultados impredecibles) Un saludo y perdona de nuevo por el trabajo extra, si no quieres tener que estar posteando diles que me escriban al email de contacto del tuto y conforme tenga tiempo ire contestando.

the mail of akira is akira_cracker@yahoo.com.ar

cheers..

]]> Comment on Strongbit Execryptor Hardkey License Manager by Matias http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-20 Matias Sat, 03 Feb 2007 16:26:56 +0000 http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-20 hi i have a .exe protected by themida 1.0.0.5 o xprotector im run xprotectorsrtipper but not unprotect the file sad please anybody helpme thanks hi i have a .exe protected by themida 1.0.0.5 o xprotector im run xprotectorsrtipper but not unprotect the file sad please anybody helpme thanks

]]> Comment on Strongbit Execryptor Hardkey License Manager by Xacker http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-19 Xacker Sat, 03 Feb 2007 16:26:36 +0000 http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-19 is there any current information about reversing (deprotecting!) execryptor? is there any current information about reversing (deprotecting!) execryptor?

]]> Comment on Strongbit Execryptor Hardkey License Manager by swed http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-18 swed Sat, 03 Feb 2007 16:26:14 +0000 http://www.reteam.org/blog/2005/06/08/strongbit-execryptor-hardkey-license-manager/#comment-18 At work we bought a new retail prog RETAIL PRO with a hardkey protection. Before we had our activation kode I kopied the hole program and pasted it in my comp at home... and it works except it won't update the date... but if I copy all the .dat, .ix, and other files at work the date works again for a while... could u plz direct me to more knowledge about this issue... At work we bought a new retail prog RETAIL PRO with a hardkey protection. Before we had our activation kode I kopied the hole program and pasted it in my comp at home… and it works except it won’t update the date… but if I copy all the .dat, .ix, and other files at work the date works again for a while… could u plz direct me to more knowledge about this issue…

]]> Comment on What The Hack event in danger of cancellation by Devine9 http://www.reteam.org/blog/2005/05/29/what-the-hack-event-in-danger-of-cancellation/#comment-17 Devine9 Sat, 03 Feb 2007 16:24:21 +0000 http://www.reteam.org/blog/2005/05/29/what-the-hack-event-in-danger-of-cancellation/#comment-17 The What the Hack permit has been reconsidered and is unofficially going to be granted to the event for all of you wondering what is to become of it. Read more on the subject at: http://www.whatthehack.org The What the Hack permit has been reconsidered and is unofficially going to be granted to the event for all of you wondering what is to become of it. Read more on the subject at: http://www.whatthehack.org

]]> Comment on Trading Security for Convenience by Brian http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-16 Brian Sat, 03 Feb 2007 16:20:56 +0000 http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-16 What version of Opera are you using? I have ver 8 and all I get for output is 0x3d9e9b 0x3d9eef 0x3d9f1b for outpout. What version of Opera are you using? I have ver 8 and all I get for output is
0×3d9e9b
0×3d9eef
0×3d9f1b
for outpout.

]]> Comment on Trading Security for Convenience by Brian http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-15 Brian Sat, 03 Feb 2007 16:20:35 +0000 http://www.reteam.org/blog/2005/04/05/trading-security-for-convenience/#comment-15 Please explain how it should be compiled with openssl. I thought it should be compiled with gpp? Please explain how it should be compiled with openssl. I thought it should be compiled with gpp?

]]>