I finally managed to get the new releases added to Tuts 4 You. I apologies for the time frame between this update and the last and also an apology to those people who sent in and were asking me when I was going to get around to adding their work on the site. Unfortunately I have had a torrid time with internet connection which prevented me from visiting web pages let alone start uploading and adding releases to the site.
There has been a lot of updates added to the site today, around 52 releases on last count. The Latest Downloads menu on the left will not show all those new releases so you may want to consider looking for the updated arrow icon under the main category page to see what other releases have been added. Main Category Index
I am hoping the next site update will contain some new unpackme's as there is a lot to be done...
A couple of weeks ago I decided to silently disable new registrations to the site. The reason behind this was because I have allowed Guests to post on the site with comments. This was really the only reason why anyone needed to register before since at that time Guest commenting was disabled.
I am still allowing currently registered members to login but any accounts which have not been accessed (logged in) within a 60 day period will automatically be deleted. If sometime in the future you come back to this site and login but can't and you have read or are reading this that will be the reason.
Hopefully I will now get a few less emails about signups...
I find it frustrating when I see comments posted on this website about files for download "containing" virus' and trojans. It is obvious people do not bother to take the time to read the F.A.Q. page or have no idea how to interpret a false positive.
I have included a nice message during the download of a file which I hope gets the message across. I will from now on delete comments posted about files containing virus' and trojans.
It should be obvious this is an RCE website and more than likely contains files which will seem dubious to anti-virus software (usually poor anti-virus software). I can tell you for a fact a lot of files compressed with certain file packers will wake up anti-virus software because that signature has more often than not been associated with malicious software.
I would also like to make it clear that I do check files before upload to the site. If a download does contain a harmful attachment, as can be found in (very few) analysis papers of malicious software, it will be clearly mentioned in the file description. The malicious file will also be contained within a passworded archive.
After recently reading some of the comments posted about "dangerous files" I am surprised these people even feel safe enough to turn their computers on...
I have created a new area specifically for Interactive Disassembler or as many of you commonly know it, as IDA. It was something I was going to do a few months back prior to a big upheaval in my private life. Today I started creating the repository which, will simply be something similar to how the Olly and Immunity repositories look.
I know there exist a lot more files for IDA out there but I am only going to focus the site on releases that effect versions of IDA starting from 4.9 but preferably 5.x and on-wards. Old and out-dated releases are probably of little interest to anyone.
Of course if any of you would like to contribute work you have done regarding IDA I would really appreciate it, just as I appreciate contributions for OllyDbg and any other articles and files I receive for the site.
If you have any suggestions, ideas or criticisms for the Interactive Disassembler area please comment here or post about it on the Community Forums.
Some of you may already have noticed during the past couple of days the board has been populated with new forums. I would like to take the opportunity to explain why these are here and what they do.
The whole purpose of these forums is to analyse, break down and discuss a piece of malicious software. Let me make it perfectly clear now these forums are not and will not be used for the construction and distribution of malicious software.
Malicious software is used in these forums as a term to describe; malware, virus', trojans, spyware and any other software that either destroys, monitors, steals and in some way be harmful either to a computer system or a computer user.
Why study malicious software? Simple reason is most malicious software these days are either packed, protected, crypted or use methods to try and hide itself from detection. A lot of people here are skilled at unpacking, debugging, analysing, documenting and as a result of this a genuine interest in reverse code engineering. They are willing to discuss and share their knowledge of the schemes and implementations used in code. The subjects have been overlapping for many years.
Here is a brief explanation of the forums (names are clickable):
Latest Threats - This is a forum to post known threats that could be interesting to reverse. Please post a threat and if possible a link to the target.
Malicious Software Analysis - If you are interested in studying and breaking down a target and would like to discuss it with others as-well-as being provided with help if required this is the place to do it.
Digital Forensics - A forum to discuss new techniques and methods for analysing a target in a safe and proper manner or used to find best methods and practices.
Seminars and Conferences - I think this should be self-explanatory. Used to announce an interesting seminar, conference or meeting taking place. Can also be used to let people know you will be attending a particular function and hopefully meet up with some of the other members on this board.
All these forum areas are not set in stone and could be changed or modified over time depending on the interest taking place. Of course if you have any suggestions or criticisms about the new areas we would like to know about it.
I hope these forums will be of interest to members here and will be used wisely! Enjoy...
OllyDbg 2.0 - Alpha 8 Author: Oleh Yuschuk OllyDbg is a 32-bit assembler level analysing debugger for Microsoft Windows. Emphasis on binary code analysis makes it particularly useful in cases where source is unavailable. OllyDbg is a shareware, but you can download and use it for free. Specia [more...] Date: 06 Sep : 06:01 Filesize: 764.2 kb Total Downloads: 2085
(IDA Pro Disassembler & Debugger:)
Hex-Rays Decompiler Video Demo for IDA Author: Network Solutions Center The Hex-Rays Decompiler converts executable programs into a human readable C-like pseudo code text. Date: 06 Sep : 05:57 Filesize: 10.23 mb Total Downloads: 106
(IDA Pro Disassembler & Debugger:)
IDA Pro Demo Video Author: Network Solutions Center This is a demo video for IDA. The video is an analysis of a dynamic link library on a system compromised by spyware. It goes through and explains how to use some of the key features found in IDA. Date: 06 Sep : 05:51 Filesize: 12.41 mb Total Downloads: 99
(IDA Plugins:)
PatchDiff 2.0.5 Author: Nicolas Pouvesle PatchDiff2 is a plugin for the Windows version of the IDA dissassembler that can analyze two IDB files and find the differences between both. PatchDiff2 is free and fully integrates with the latest version of IDA (5.2).
The plugin can perform the fo [more...] Date: 06 Sep : 05:47 Filesize: 92.86 kb Total Downloads: 73
(IDA Plugins:)
IDA Stealth 1.0 Beta2 Author: Jan Newger IDA Stealth is a plugin which aims to hide the IDA debugger from most common anti-debugging techniques. The plugin is composed of two files, the plugin itself and a dll which is injected into the debuggee as soon as the debugger attaches to the proce [more...] Date: 06 Sep : 05:45 Filesize: 194.35 kb Total Downloads: 88
(Immunity Plugins:)
Imm_VEHWalk 0.2 Author: 0x0c0d3 This plugin shows all installed vectored exception handlers in the program. Date: 06 Sep : 05:41 Filesize: 41.73 kb Total Downloads: 13
(Unpacking:)
AR Crypt Private (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking AR Crypt Private. Date: 06 Sep : 05:40 Filesize: 614.87 kb Total Downloads: 16
(Unpacking:)
AT4RE Protector 1.0 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking AT4RE Protector 1.0. Date: 06 Sep : 05:38 Filesize: 1.09 mb Total Downloads: 11
(Unpacking:)
DCrypt Private 0.9b (Unpacking 2) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking DCrypt Private 0.9b. Date: 06 Sep : 05:34 Filesize: 939.5 kb Total Downloads: 9
(Virtual Memory / Machines:)
Dealing with Virtualization Author: Boris Lau Theoretical research into ways of scanning through Virtualization obfuscators. Date: 06 Sep : 05:31 Filesize: 1.4 mb Total Downloads: 79
(IDA Pro Disassembler & Debugger:)
Debugging with IDA Author: Ricardo Narvaja The truth being a little discouraged, lets a little the idea follow with tutes that venia doing so far (the one of asprotect for example and to finish it) and so far to follow something but simple, for but ahead retaking but complex when it was a lit [more...] Date: 06 Sep : 05:28 Filesize: 527.75 kb Total Downloads: 89
(IDA Pro Disassembler & Debugger:)
Debugging with IDA Continued Author: Ricardo Narvaja We continued playing a little with IDA and in this part we will amuse a little with some commandos and we will see as they work. Date: 06 Sep : 05:26 Filesize: 330.62 kb Total Downloads: 70
(Keygenning Tools:)
ECCTool 1.04 Author: readyu main fuctions:
1.generate curvers, computer np/order;
2.trap small ecdlp (< 64 bits), using kangaroo method;
3.generate keypairs.
4.ECDSA/ECNR sign/verify.
support curves:
1. support curve bits: 32-1024;
2. support elliptic curve over GF( [more...] Date: 06 Sep : 05:25 Filesize: 276.21 kb Total Downloads: 169
(Unpacking:)
ElecKey 2.0 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking ElecKey 2.0. Date: 06 Sep : 05:24 Filesize: 2.29 mb Total Downloads: 14
Date: 06 Sep : 05:06 Filesize: 507 b Total Downloads: 12
(Unpacking:)
ExeCryptor 2.xx (HWID Patching) Author: LCF-AT A Shockwave Flash movie tutorial showing a method of patching ExeCryptor 2.xx to fake the hardware ID check. Date: 06 Sep : 05:02 Filesize: 1.95 mb Total Downloads: 54
(Unpacking:)
ExeStealth 3.16 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking ExeStealth 3.16. Date: 06 Sep : 05:00 Filesize: 1.39 mb Total Downloads: 21
(IDA Pro Disassembler & Debugger:)
First Steps in IDA Author: Ricardo Narvaja Many times we have heard that IDA is a better disassembler than Wdasm, and that it is the best disassembler that exists which is correct, and in spite of not using it frequently, we will see in this first example some tips for IDA, and some differenc [more...] Date: 06 Sep : 04:58 Filesize: 727.99 kb Total Downloads: 93
(Unpacking:)
HaLV Crypter (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking HaLV Crypter. Date: 06 Sep : 04:56 Filesize: 1.34 mb Total Downloads: 14
Date: 06 Sep : 04:55 Filesize: 497 b Total Downloads: 12
(IDA Pro Disassembler & Debugger:)
IDA and OllyDbg The Union Author: Ricardo Narvaja A paper on ways to successfully combine and better use IDA with OllyDbg. Date: 06 Sep : 04:53 Filesize: 453.75 kb Total Downloads: 72
(IDA Pro Disassembler & Debugger:)
IDA Pro for Newbiez Author: Medardus Normally one is the first Tools, with which a Newbie argues, W32DASM. This Tool is both easy to learn and simply serve. One hears somewhat later then of a Tool named “IDA pro”, which should be better viiieeeel than W32DASM. Fact is that W32DASM i [more...] Date: 06 Sep : 04:49 Filesize: 820.24 kb Total Downloads: 44
(Unpacking:)
Joker Protector 1.0.8 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Joker Protector 1.0.8. Date: 06 Sep : 04:48 Filesize: 2.57 mb Total Downloads: 9
(Unpacking:)
Joker Protector 1.1.3 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Joker Protector 1.1.3. Date: 06 Sep : 04:42 Filesize: 2.99 mb Total Downloads: 9
(Unpacking:)
KiAms Cryptor 1.4 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking KiAms Cryptor 1.4. Date: 06 Sep : 04:39 Filesize: 1.42 mb Total Downloads: 6
(Unpacking:)
Kkrunchy 0.23 OEP Finder v1.00 Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Kkrunchy 0.23. Date: 06 Sep : 04:35 Filesize: 1016 b Total Downloads: 12
(Unpacking:)
Kkrunchy 0.23 (Unpacking 2) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Kkrunchy 0.23. Date: 06 Sep : 04:33 Filesize: 2.43 mb Total Downloads: 10
(Unpacking:)
LARP Lite Edition 2.0 Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking LARP Lite Edition 2.0. Date: 06 Sep : 04:32 Filesize: 3.48 mb Total Downloads: 9
(Unpacking:)
Mal Packer 1.2 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Mal Packer 1.2. Date: 06 Sep : 04:30 Filesize: 1.31 mb Total Downloads: 7
(Unpacking:)
ModdedFog 1.1 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking ModdedFog 1.1. Date: 06 Sep : 04:29 Filesize: 2.57 mb Total Downloads: 9
(Keygenning Tools:)
Msieve 1.37 + GUI 1.1 Author: Jason Papadopoulos + Anogrganix Factoring is the study (half math, half engineering, half art form) of taking big numbers and expessing them as the product of smaller numbers. If I find out 15 = 3 * 5, I've performed an integer factorization on the number 15. As the number to [more...] Date: 06 Sep : 04:29 Filesize: 443.4 kb Total Downloads: 2336
(Unpacking:)
noX Crypt 1.1 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking noX Crypt 1.1. Date: 06 Sep : 04:26 Filesize: 1.36 mb Total Downloads: 8
(Unpacking:)
NTkrnl Secure Suite (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking NTkrnl Secure Suite. Date: 06 Sep : 04:25 Filesize: 2.07 mb Total Downloads: 12
OllySocketTrace 1.0 Author: Stephen Fewer OllySocketTrace is a plugin for OllyDbg (version 1.10) to trace the socket operations being performed by a process. It will record all buffers being sent and received. All parameters as well as return values are recorded and the trace is highlighted [more...] Date: 06 Sep : 04:16 Filesize: 56.38 kb Total Downloads: 33
(IAT & File Rebuilding:)
Overlay Tool 1.0 Author: steve10120 A tool to copy and merge an overlay from one file to another. Date: 06 Sep : 04:12 Filesize: 160.01 kb Total Downloads: 53
(Unpacking:)
Pain Crew Protector 1.1 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Pain Crew Protector 1.1. Date: 06 Sep : 04:11 Filesize: 1.03 mb Total Downloads: 8
(Unpacking:)
Pub Crypter (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Pub Crypter. Date: 06 Sep : 04:09 Filesize: 1 mb Total Downloads: 30
(Unpacking:)
Secure Shade 1.5 (Unpacking) Author: Joker Italy A Shockwave Flash movie tutorial showing a method of unpacking Secure Shade 1.5. Date: 06 Sep : 04:02 Filesize: 1.36 mb Total Downloads: 12
[ Tuts 4 You ]
