Tải bản đầy đủ (.pdf) (7 trang)

Cracker Handbook 1.0 part 6 docx

Bạn đang xem bản rút gọn của tài liệu. Xem và tải ngay bản đầy đủ của tài liệu tại đây (68.38 KB, 7 trang )

Quote:
The aPE is a patcher program that can be used to patch packed/protected
executable files. This is done by code insertion in packer/protector code so that the
program can be patched normaly without the unpacking of the packed file. This
means that you can now make smaller patches for packed executables [but you will
still need to unpack the target and find bytes you want to patch]. There is no more
need for distribution of larger unpacked files The aPE can patch them while they
are still packed!
(readme)
18- FSG
Quote:
FSG is perfect compressor for small exes, eg. 4k,64kb intros, asm appz etc.(upx
sux). FSG means:
F[ast]
S[mall]
G[ood]
(readme)
19- ICE Licsence
Quote:
ICE License v2.0 is a new & innovative licensing protection solution designed to
provide a high level of security. ICE License protects your application the
executable file by code encryption to provide a strong protection, ICE License add
high security level to turn your software in Full Version, user need ActiveKey to
unlock it, else nobody can unlock.
With ICE License it's easy to turn your application in "try-before-you-buy"
versions with little effort, offering everything to guarantee a maximum protection.
If you want to protect your investiments ICE License is designed specifically for
you. The software developer looking for powerful, flexible protection, license
management tools to get your software product into the hands of customers.
(readme)
20- yoda's Crypter


Quote:
This is a small PE crypter with some nice protection options.
(readme)
21- Yoda's Protector
Quote:
Yoda's Protector is an EXE packer and protector with some special features for
Microsoft Windows?. It also supports Dynamic Link Libraries (DLL), OLE-
ActiveX Controls (OCX), Screen Savers (SCR). It is based on assembly source of
yoda's Crypter by Danilo Bzdok. It packs sections of portable executable file by
compression source from LZO library by Markus F.X.J. Oberhumer& L?l??ln?/A>
and aPLib compression library by Joergen Ibsen
(readme)
22- OllyScript
Quote:
OllyScript is a plugin for OllyDbg, which is, in my opinion,
the best application-mode debugger out there. One of the best
features of this debugger is the plugin architecture which allows
users to extend its functionality. OllyScript is a plugin
meant to let you automate OllyDbg by writing scripts in an
assembly-like language. Many tasks involve a lot of repetitive
work just to get to some point in the debugged application.
(readme)
23- RSA
Quote:
In 1976 three researchers at M.I.T. (Ron Rivest, Adi Shamir and Les Adleman)
introduced this public key cryptosystem, prior to this only private key
cryptosystems had been used.
The RSA cryptosystem is based on modular exponentiation modulo the product of
2 large primes. Each individual has an encrypting key consisting of a modulus n =
pq, where p & q are large primes, say with 200 digits each, and an exponent e that

is relatively prime to (p-1)(q-1). To produce a usable key, 2 large primes must be
found (this can be done quickly on a computer using probabilistic primality tests).
However the product of these primes n = pq, with approximately 400 digits, cannot
be factored in a reasonable length of time.
(In a RSA tut that has unknown author)
24- MD5
Quote:
Developed in 1994, MD5 is a one-way hash algorithm that takes any length of data
and produces a 128 bit "fingerprint" or "message digest". This fingerprint is "non-
reversible", it is computationally infeasible to determine the file based on the
fingerprint. This means someone cannot figure out your data based on its MD5
fingerprint.
(Tut by Lance Spitzner)
25- SmartCheck
Quote:
SmartCheck (SC) is a program for Automatic Run-Time Error Diagnosis for
Visual Basic programs. With other words, SC is a tool for VB debugging and, if it
is properly configured, for reversing of VB appz.
(Tut by Palaryel)
26- Opcode
Quote:
Opcodes are the instructions for the processor. Opcodes are actually "readable
text"-versions of the raw hex codes. Because of this, assembler is the lowest level
of programming languages, everything in asm is directly converted to hexcodes. In
other words, you don't have a compiler-fase that converts a high-level language to
low-level, the assembler only converts assembler codes to raw data.
(Tut by Mad Wizard - Thomas Bleeker)
27- Assembly
Quote:
Assembly language is created as replacement for the raw binary code that the

processor understands. A long time ago, when there were no high-level
programming languages yet, programs were created in assembly. Assembly codes
directly represent instructions the processor can execute.
(Tut by Mad Wizard - Thomas Bleeker)
28- API
Quote:
The fundamental of programming in windows lies in the windows API,
Application Programming Interface. This is a set of functies supplied by the
operating system. Every windows program uses these functions. These functions
are in the system dll's like kernel, user, gdi, shell, advapi, etc.
(Tut by Mad Wizard - Thomas Bleeker)
29 - Stack
Quote:
The Stack is a part in memory where you can store different things for later use.
See t as a pile of books in a chest where the last put in is the first to grab out. Or
imagine the stack as a paper basket where you put in sheets. The basket is the stack
and a sheet is a memory address (indicated by the stack pointer) in that stack
segment. Remember following rule: the last sheet of paper you put in the stack, is
the first one you'll take out! The command 'push' saves the contents of a register
onto the stack. The command 'pop' grabs the last saved contents of a register from
the stack and puts it in a specific register.
(Tut by lena)
30- Flag
Quote:
Flags are single bits which indicate the status of something. The flag register on
modern 32bit CPUs is 32bit large. There are 32 different flags, but don't worry.
You will mostly only need 3 of them in reversing. The Z-Flag, the O-Flag and the
C-Flag. For reversing you need to know these flags to understand if a jump is
executed or not. This register is in fact a collection of different 1-bit flags. A flag is
a sign, just like a green light means: 'ok' and a red one 'not ok'. A flag can only be

'0' or '1', meaning 'not set' or 'set'.

The Z-Flag:
The Z-Flag (zero flag) is the most useful flag for cracking. It is used in about 90%
of all cases. It can be set (status: 1) or cleared (status: 0) by several opcodes when
the last instruction that was performed has 0 as result. You might wonder why
"CMP" (more on this later) could set the zero flag, because it compares something
- how can the result of the comparison be 0? The answer on this comes later ;)

The O-Flag:
The O-Flag (overflow flag) is used in about 4% of all cracking attempts. It is set
(status: 1) when the last operation changed the highest bit of the register that gets
the result of an operation. For example: EAX holds the value 7FFFFFFF. If you
use an operation now, which increases EAX by 1 the O-Flag would be set, because
the operation changed the highest bit of EAX (which is not set in 7FFFFFFF, but
set in 80000000 - use calc.exe to convert hexadecimal values to binary values).
Another need for the O-Flag to be set, is that the value of the destination register is
neither 0 before the instruction nor after it.

The C-Flag:
The C-Flag (Carry flag) is used in about 1% of all cracking attempts. It is set, if
you add a value to a register, so that it gets bigger than FFFFFFFF or if you
subtract a value, so that the register value gets smaller than 0.
(Tut by lena)

31- REA
Quote:
REA (Reverse Engineer Association) is a name of a famous cracker team in
Vietnam. Founded in March 2004 with many lalent cracker such as hacnho,
Computer Angel, Zombie, RCA, Moonbaby, benina

Their homepage: www.reaonline.net
(my idead)
32- Cracker
Quote:
Cracker is a person who illegally finds a way of looking at or stealing information
on sb else’s computer system
(Oxford dic)
33- Newbie
Quote:
Newbie is a person who is new and has little experience in doing sth, especially in
using computers
{Oxford dic)
34- Patch
Quote:
[noun]
Patch is a small piece of code (= instructions that a computer can understand)
which can be added to a computer program to improve it or to correct a fault
[verb]
To repair sth especially in a temporary way by adding a new piece of material or a
patch
{Oxford dic)
35- PE
Quote:
PE stands for Portable Executable. It's the native file format of Win32. Its
specification is derived somewhat from the Unix Coff (common object file
format). The meaning of "portable executable" is that the file format is universal
across win32 platform: the PE loader of every win32 platform recognizes and uses
this file format even when Windows is running on CPU platforms other than Intel.
It doesn't mean your PE executables would be able to port to other CPU platforms
without change. Every win32 executable (except VxDs and 16-bit Dlls) uses PE

file format. Even NT's kernel mode drivers use PE file format.
(Tut of Iczelion)
36- Dongle
Quote:
Dongle is a device or code that is needed in order to use protected software
{Oxford dic)
37- SHA
Quote:
The SHA (Secure Hash Algorithm) family is a set of related cryptographic hash
functions. The most commonly used function in the family, SHA-1, is employed in
a large variety of popular security applications and protocols, including TLS, SSL,
PGP, SSH, S/MIME, and IPSec. SHA-1 is considered to be the successor to MD5,
an earlier, widely-used hash function. Both are reportedly compromised. In some
circles, it is suggested that SHA-256 or greater be used for critical technology. The
SHA algorithms were designed by the National Security Agency (NSA) and
published as a US government standard.
The first member of the family, published in 1993, is officially called SHA;
however, it is often called SHA-0 to avoid confusion with its successors. Two
years later, SHA-1, the first successor to SHA, was published. Four more variants
have since been issued with increased output ranges and a slightly different design:
SHA-224, SHA-256, SHA-384, and SHA-512 — sometimes collectively referred
to as SHA-2.
Attacks have been found for both SHA-0 and SHA-1. No attacks have yet been
reported on the SHA-2 variants, but since they are similar to SHA-1, researchers
are worried, and are developing candidates for a new, better hashing standard.
{
38- PRCEdit
Quote:
PRC edit is a HEX editor and Ascii viewer in one. You can open a PRC with
corresponding disassembled source file in the editor.

{readme)
39- Olly ToolBar Manager
Quote:
Olly ToolBar Manager is the plugin which allows you to add custom buttons on
Olly tool bar.
{readme)
40- NonaWrite
Quote:
NonaWrite is a plugin for OllyDbg that helps you write code injection.
{readme)
bài viết #1 của mrangelx

41-BIEW
Quote:
BIEW (Binary vIEW) is a free, portable, advanced file viewer with
built-in editor for binary, hexadecimal and disassembler modes.
(readme)
42-UPX
Quote:
UPX is a portable, extendable, high-performance executable packer for
several different executable formats. It achieves an excellent
compression ratio and offers **very** fast decompression. Your
executables suffer no memory overhead or other drawbacks for most of the
formats supported.
(readme)
43-ARM
Quote:
ARM Protector is a Windows Portable Executable (PE) file protector and cryptor
against reverse engineering (cracking, debugging and other illegal modifications).
It has some nice protection options (i'll keep adding them as much as i can)

(readme)
44-Upack

Tài liệu bạn tìm kiếm đã sẵn sàng tải về

Tải bản đầy đủ ngay
×