Archive for February, 2009

ARTeam: A Tales of Reversing & Keygenning Two MD5 Registration Schemas

Hi all,
this is a nice release, a twofold tutorial about reversing and keygenning an MD5 based registration schema. The tutorial as I said is twofold because it’s the union of two tutorials made by 2KAD and Nieylana.

The result is quite interesting because tutorials describing the complete process of reversing and keygenning an MD5 based registration schema are not so common, of are rather old.

Least but not last the sources (delphi and ASM) of the keygens are added to the distribution so as you’ll be able to look at them also. What do you want more?

Another fine release from ARTeam!

Get it here:

ExeCryptor Internals : Tutorials + Tools
Author : Zool@nder of AT4RE
This package is intended to fill the vacuousness that turns around
the great ExeCryptor.
It’s was born as an essay to understand EC internals and how it
greatly do its job.
This whole project was initiated by a dummy-extremely important
article about the PRN generating and tools coding. (I’ll not go out
of any one’s way by my chitchat so just forget this).

Ok, now the turn of interesting things, The whole stuff will a
series, and will be divided to 3 or 4 parts due to time impediments.
And I’ll publish in each part what I accomplish and comment.

You will find in this package the following files:
+ EC LDE : EC length disasm internal engine.
+ EC_LIB_API_PROCS : Various procedures used by EC to protect API
and LIBS use. It contains:
– EC_GETKERNEL32HANDLE -> The way it grabs kernel32 lib image
– EC_GETPROCADDRESS -> The way it gets API addresses.
– EC_REDIR_BP_CHECKER -> The technique it uses to check API BP
and redir.
+ EC_VIRTUAL_MACHINE : The MUST, it’s EC Virtual Machine Engine and
some tools to reverse it.
+ STRINGS DECRYP-RECRYPTER : EC method to not leave string traces
in code.

With every project you will find tutorial, source code, and tools
so you can study what you want.

Download here:

Author : Jason Raber + Brian Krumheuer
Author website :

For a Reverse Engineer, rebuilding a large Import Address Table (IAT) can be a very time-consuming and tedious process. When the IAT has been sufficiently hashed or munged and current IAT rebuilders fail to resolve any of the calls, there is little other choice than to rebuild it by hand. Depending on the size, it can take days or even weeks. Also, doing anything by hand is prone to mistakes. QuietRIATT is an IDA Pro plug-in which automates the process of rebuilding the IAT when it can’t be done by current IAT tools. Not only can it greatly reduce the amount of time spent rebuilding by hand, it also removes the element of human error.

Download here:

Decompilers and Beyond

Author : Ilfak Guilfanov
Author website :

Disassemblers and debuggers are the two tools that allow reverse engineers to examine binary applications. Without them, binary codes are just sequences of hexadecimal numbers. Since humans are notoriously bad with digits, only superficial analysis can be done without these tools.

Basically, the job of a disassembler is very simple: it just maps hexadecimal numbers to instruction mnemonics. The output of such a basic disassembler is a listing with instructions. While this mapping is a big step forward and allows the user to decipher the logic of simple programs, it does not scale well. Analysis of any file bigger than a few kilobytes is problematic because instruction mnemonics are not enough to hold higher level information: labels and comments are needed, as well as facilities to change the representation on the fly.

Download here:

Best Regards

Once again, it’s that time of the year… The Remote Exploit Dev team are working hard on BackTrack 4 … and it will be released in the very near future…

We have taken huge conceptual leaps with BackTrack 4, and have some new and exciting features.The most significant of these changes is our expansion from the realm of a Pentesting LiveCD to a full blown “Distribution”.Now based on Debian core packages and utilizing the Ubuntu software repositories, BackTrack 4 can be used both as a Live CD, or installed on hard disk as a full distribution. By syncing with our BackTrack repositories, you will regularly get security tool updates soon after they are released.


The BackTrack kernel is now in sync with upstream kernels – so you always get the latest hardware support.Kernel upgrades including the latest hardware support will be periodically available.

Working out of the box:

* Native support for Pico e12 and e16 cards is now fully functional, making BackTrack the first pentesting distro to fully utilize these awesome tiny machines.

* Support for PXE Boot – Boot BackTrack over the network with PXE supported cards!

* SAINT EXPLOIT – kindly provided by SAINT corporation for our users with a limited number of free IPs.

* MALTEGO – The guys over at Paterva did outstanding work with Maltego 2.0.2 – which is featured in BackTrack as a community edition.

* The latest mac80211 wireless injection pacthes are applied, with several custom patches for rtl8187 injection speed enhancements. Wireless injection support has never been so broad and functional.

* Unicornscan – Fully functional with postgress logging support and a web front end.

* RFID support (thanks to Adam Laurie)

* Possibly CUDA support…

* New and updated tools – the list is endless!


With all these changes, PLUS the usual goodies and surprises we have in BackTrack, we are truly excited about this new release.

More screenshots :

Maltego :

Unicornscan FE :

W3af :