1. Trang chủ
  2. » Công Nghệ Thông Tin

Cracker Handbook 1.0 part 6 docx

7 401 2

Đang tải... (xem toàn văn)

THÔNG TIN TÀI LIỆU

Thông tin cơ bản

Định dạng
Số trang 7
Dung lượng 68,38 KB

Nội dung

Quote: The aPE is a patcher program that can be used to patch packed/protected executable files. This is done by code insertion in packer/protector code so that the program can be patched normaly without the unpacking of the packed file. This means that you can now make smaller patches for packed executables [but you will still need to unpack the target and find bytes you want to patch]. There is no more need for distribution of larger unpacked files The aPE can patch them while they are still packed! (readme) 18- FSG Quote: FSG is perfect compressor for small exes, eg. 4k,64kb intros, asm appz etc.(upx sux). FSG means: F[ast] S[mall] G[ood] (readme) 19- ICE Licsence Quote: ICE License v2.0 is a new & innovative licensing protection solution designed to provide a high level of security. ICE License protects your application the executable file by code encryption to provide a strong protection, ICE License add high security level to turn your software in Full Version, user need ActiveKey to unlock it, else nobody can unlock. With ICE License it's easy to turn your application in "try-before-you-buy" versions with little effort, offering everything to guarantee a maximum protection. If you want to protect your investiments ICE License is designed specifically for you. The software developer looking for powerful, flexible protection, license management tools to get your software product into the hands of customers. (readme) 20- yoda's Crypter Quote: This is a small PE crypter with some nice protection options. (readme) 21- Yoda's Protector Quote: Yoda's Protector is an EXE packer and protector with some special features for Microsoft Windows?. It also supports Dynamic Link Libraries (DLL), OLE- ActiveX Controls (OCX), Screen Savers (SCR). It is based on assembly source of yoda's Crypter by Danilo Bzdok. It packs sections of portable executable file by compression source from LZO library by Markus F.X.J. Oberhumer& L?l??ln?/A> and aPLib compression library by Joergen Ibsen (readme) 22- OllyScript Quote: OllyScript is a plugin for OllyDbg, which is, in my opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. OllyScript is a plugin meant to let you automate OllyDbg by writing scripts in an assembly-like language. Many tasks involve a lot of repetitive work just to get to some point in the debugged application. (readme) 23- RSA Quote: In 1976 three researchers at M.I.T. (Ron Rivest, Adi Shamir and Les Adleman) introduced this public key cryptosystem, prior to this only private key cryptosystems had been used. The RSA cryptosystem is based on modular exponentiation modulo the product of 2 large primes. Each individual has an encrypting key consisting of a modulus n = pq, where p & q are large primes, say with 200 digits each, and an exponent e that is relatively prime to (p-1)(q-1). To produce a usable key, 2 large primes must be found (this can be done quickly on a computer using probabilistic primality tests). However the product of these primes n = pq, with approximately 400 digits, cannot be factored in a reasonable length of time. (In a RSA tut that has unknown author) 24- MD5 Quote: Developed in 1994, MD5 is a one-way hash algorithm that takes any length of data and produces a 128 bit "fingerprint" or "message digest". This fingerprint is "non- reversible", it is computationally infeasible to determine the file based on the fingerprint. This means someone cannot figure out your data based on its MD5 fingerprint. (Tut by Lance Spitzner) 25- SmartCheck Quote: SmartCheck (SC) is a program for Automatic Run-Time Error Diagnosis for Visual Basic programs. With other words, SC is a tool for VB debugging and, if it is properly configured, for reversing of VB appz. (Tut by Palaryel) 26- Opcode Quote: Opcodes are the instructions for the processor. Opcodes are actually "readable text"-versions of the raw hex codes. Because of this, assembler is the lowest level of programming languages, everything in asm is directly converted to hexcodes. In other words, you don't have a compiler-fase that converts a high-level language to low-level, the assembler only converts assembler codes to raw data. (Tut by Mad Wizard - Thomas Bleeker) 27- Assembly Quote: Assembly language is created as replacement for the raw binary code that the processor understands. A long time ago, when there were no high-level programming languages yet, programs were created in assembly. Assembly codes directly represent instructions the processor can execute. (Tut by Mad Wizard - Thomas Bleeker) 28- API Quote: The fundamental of programming in windows lies in the windows API, Application Programming Interface. This is a set of functies supplied by the operating system. Every windows program uses these functions. These functions are in the system dll's like kernel, user, gdi, shell, advapi, etc. (Tut by Mad Wizard - Thomas Bleeker) 29 - Stack Quote: The Stack is a part in memory where you can store different things for later use. See t as a pile of books in a chest where the last put in is the first to grab out. Or imagine the stack as a paper basket where you put in sheets. The basket is the stack and a sheet is a memory address (indicated by the stack pointer) in that stack segment. Remember following rule: the last sheet of paper you put in the stack, is the first one you'll take out! The command 'push' saves the contents of a register onto the stack. The command 'pop' grabs the last saved contents of a register from the stack and puts it in a specific register. (Tut by lena) 30- Flag Quote: Flags are single bits which indicate the status of something. The flag register on modern 32bit CPUs is 32bit large. There are 32 different flags, but don't worry. You will mostly only need 3 of them in reversing. The Z-Flag, the O-Flag and the C-Flag. For reversing you need to know these flags to understand if a jump is executed or not. This register is in fact a collection of different 1-bit flags. A flag is a sign, just like a green light means: 'ok' and a red one 'not ok'. A flag can only be '0' or '1', meaning 'not set' or 'set'. The Z-Flag: The Z-Flag (zero flag) is the most useful flag for cracking. It is used in about 90% of all cases. It can be set (status: 1) or cleared (status: 0) by several opcodes when the last instruction that was performed has 0 as result. You might wonder why "CMP" (more on this later) could set the zero flag, because it compares something - how can the result of the comparison be 0? The answer on this comes later ;) The O-Flag: The O-Flag (overflow flag) is used in about 4% of all cracking attempts. It is set (status: 1) when the last operation changed the highest bit of the register that gets the result of an operation. For example: EAX holds the value 7FFFFFFF. If you use an operation now, which increases EAX by 1 the O-Flag would be set, because the operation changed the highest bit of EAX (which is not set in 7FFFFFFF, but set in 80000000 - use calc.exe to convert hexadecimal values to binary values). Another need for the O-Flag to be set, is that the value of the destination register is neither 0 before the instruction nor after it. The C-Flag: The C-Flag (Carry flag) is used in about 1% of all cracking attempts. It is set, if you add a value to a register, so that it gets bigger than FFFFFFFF or if you subtract a value, so that the register value gets smaller than 0. (Tut by lena) 31- REA Quote: REA (Reverse Engineer Association) is a name of a famous cracker team in Vietnam. Founded in March 2004 with many lalent cracker such as hacnho, Computer Angel, Zombie, RCA, Moonbaby, benina Their homepage: www.reaonline.net (my idead) 32- Cracker Quote: Cracker is a person who illegally finds a way of looking at or stealing information on sb else’s computer system (Oxford dic) 33- Newbie Quote: Newbie is a person who is new and has little experience in doing sth, especially in using computers {Oxford dic) 34- Patch Quote: [noun] Patch is a small piece of code (= instructions that a computer can understand) which can be added to a computer program to improve it or to correct a fault [verb] To repair sth especially in a temporary way by adding a new piece of material or a patch {Oxford dic) 35- PE Quote: PE stands for Portable Executable. It's the native file format of Win32. Its specification is derived somewhat from the Unix Coff (common object file format). The meaning of "portable executable" is that the file format is universal across win32 platform: the PE loader of every win32 platform recognizes and uses this file format even when Windows is running on CPU platforms other than Intel. It doesn't mean your PE executables would be able to port to other CPU platforms without change. Every win32 executable (except VxDs and 16-bit Dlls) uses PE file format. Even NT's kernel mode drivers use PE file format. (Tut of Iczelion) 36- Dongle Quote: Dongle is a device or code that is needed in order to use protected software {Oxford dic) 37- SHA Quote: The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash functions. The most commonly used function in the family, SHA-1, is employed in a large variety of popular security applications and protocols, including TLS, SSL, PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5, an earlier, widely-used hash function. Both are reportedly compromised. In some circles, it is suggested that SHA-256 or greater be used for critical technology. The SHA algorithms were designed by the National Security Agency (NSA) and published as a US government standard. The first member of the family, published in 1993, is officially called SHA; however, it is often called SHA-0 to avoid confusion with its successors. Two years later, SHA-1, the first successor to SHA, was published. Four more variants have since been issued with increased output ranges and a slightly different design: SHA-224, SHA-256, SHA-384, and SHA-512 — sometimes collectively referred to as SHA-2. Attacks have been found for both SHA-0 and SHA-1. No attacks have yet been reported on the SHA-2 variants, but since they are similar to SHA-1, researchers are worried, and are developing candidates for a new, better hashing standard. {http://en.wikipedia.org/wiki/SHA) 38- PRCEdit Quote: PRC edit is a HEX editor and Ascii viewer in one. You can open a PRC with corresponding disassembled source file in the editor. {readme) 39- Olly ToolBar Manager Quote: Olly ToolBar Manager is the plugin which allows you to add custom buttons on Olly tool bar. {readme) 40- NonaWrite Quote: NonaWrite is a plugin for OllyDbg that helps you write code injection. {readme) bài viết #1 của mrangelx 41-BIEW Quote: BIEW (Binary vIEW) is a free, portable, advanced file viewer with built-in editor for binary, hexadecimal and disassembler modes. (readme) 42-UPX Quote: UPX is a portable, extendable, high-performance executable packer for several different executable formats. It achieves an excellent compression ratio and offers **very** fast decompression. Your executables suffer no memory overhead or other drawbacks for most of the formats supported. (readme) 43-ARM Quote: ARM Protector is a Windows Portable Executable (PE) file protector and cryptor against reverse engineering (cracking, debugging and other illegal modifications). It has some nice protection options (i'll keep adding them as much as i can) (readme) 44-Upack . operation now, which increases EAX by 1 the O-Flag would be set, because the operation changed the highest bit of EAX (which is not set in 7FFFFFFF, but set in 800 000 00 - use calc.exe to convert hexadecimal. gets smaller than 0. (Tut by lena) 31- REA Quote: REA (Reverse Engineer Association) is a name of a famous cracker team in Vietnam. Founded in March 200 4 with many lalent cracker such as. modulus n = pq, where p & q are large primes, say with 200 digits each, and an exponent e that is relatively prime to (p -1) (q -1) . To produce a usable key, 2 large primes must be found (this

Ngày đăng: 03/07/2014, 17:20

TỪ KHÓA LIÊN QUAN

TÀI LIỆU CÙNG NGƯỜI DÙNG

TÀI LIỆU LIÊN QUAN