All Activity

This stream auto-updates   

  1. Today
  2. Hi

    Welcome to the forum, why not tell us more about yourself and what you are interested in. kind regards.
  3. Hi

    Hello to the members of this forum.
  4. Yesterday
  5. Welcome to the forums, tell us a bit about yourself, Programmer? hardware hacker? youtuber etc?
  6. Hey, Was this post meant for another thread? I tend to disagree, there are people thinking for themselves and developing stuff in private giving the impression of "deadness". The scene is less open now days with the more knowledgeable members not being as keen to help/share/support newer users, forgetting they were once in the same situation. But also new members are potentially younger or less motivated to self development. You can say that people have to help themselves out which is true, reading books and self study is good to a certain point and is only part of the big picture. You need discussions and sharing of proof of concepts/ ideas to get innovation started.
  7. Ok so, I read a lot of old posts and I came to the same thought. You ALL recycle the SAME idea. Not one person comes up with a new idea about anything. lol. And you wonder why the board is dead. You want an active board, try something different. Set yourself apart from the 50 other boards about the same crap. Get new ideas, try them, like. Send a binary function over the wire to a server that runs it, And sends the results back as pure data the API gave. It works, try it.. :] My point is, this scene isn't dead cause of the botnet buy/sellers. It's dead cause no one thinks for themselves anymore.
  8. Hello icode. I'm a long time coder, not so much on the walware end. But I figure I can learn some coding tricks. Plus I think I can teach you too. ;]
  9. Earlier
  10. I'm new to coding,is there a junk code generator somewhere? Or how do I make a junk code? Please help Want to learn
  11. It's SSL encrypted, I have found the domain urls, but the code looks for the certificate if I remember correctly. Maybe if OP patches this function and downgrade SSL so all traffic becomes plain text. But this will only work if the server runs the same application on a ''unsecure'' http 80 service).
  12. Have you tried wiresharking the protocol and attempting to reverse it?
  13. Try to patch the old swf file that worked, remove the version check.. And test if the protocol is still the same. Maybe it's server sided now? Look in login.as class. All other code is indeed "obfuscated" (variables names just randomized) but still understandable but it just takes a lot of time. Maybe if you enable debug flag in the swf file it will show hints, because I see a lot of debugging shit in the release version lol. hmm lol.... final public static function checkHack() : void { var _loc_2:Array = null; var _loc_3:int = 0; var _loc_1:int = 0; var _loc_4:int = 0; var _loc_5:* = obfuscatedName0DBE; for each(_loc_2 in _loc_5) { var _loc_6:int = 0; var _loc_7:* = _loc_2; for each(_loc_3 in _loc_7) { _loc_1 = _loc_1 + _loc_3; } } if(_loc_1 != obfuscatedName6078) { _log.logRemote("HACK.FORTIFICATION.checkHack", "Fortification CheckHack Fail! received:" + _loc_1 + ", expected:" + obfuscatedName6078); xxx600e46adacee48ffb1816c683a3764fe.errorMessage(xxxd399f2469a5545a79b09c650b7bf6d74.getString(xxxbb08d94205de4063a96903ed910c6360.MAIN, "fortification_error_unexpected_message"), "FORTIFICATION.checkHack", true); } }
  14. Strange, on android 4.4.4 the folder containing those files did not needed chmodding, but on Android 7 it must be chmodded. That was the actual problem.
  15. I have made a simple app. It uses the imports: process and apache.commons.io (FileUtils). When the user runs the app, it does set the permission using supersu (this works). But when it tries to delete a file or open it with FileUtils It will go to my catch function so it fails (while the code works on my android 4.4.4 phone). It should only catch if permissions are wrong, and if the file isn't in the file-system. Both are not the case. This is confusing, because this points to a root problem (not properly rooted device), but why would the permission runtime.exec for su work?! Any of you had similar problems? By the way It's LineageOS nightly build Maybe it's a bug.
  16. 4:14 P Reverse Engineering ActionScript 3 Adobe Flex Adobe Flash Game Ok the reverse engineering job... yes..its a game from kixeye.com..called battle pirates... now basically we r creating mods for the game, which we supply to our clients... now until about 6 months ago.. were able to do all mods, including ship related ones...eg.ship builds, and ship repairs...then they did a big update, and put an json_p server call on the ship stuff, which gets checked via an salted hash... or so im told... wseve been strugling to get it working for th past few months, and had about 8 developers failing already...mostly cause of abfuscation of files and lack of understanding the action script... i can supply link to game...game accounts for use...and our current modded swf files we basically need a mod on the swf file or other method viable to make ship builds and repairs viable again... https://www.kixeye.com/game/battlepirate Regards
  17. Gooday im Morg and new here Need some help THX
  18. Use the built-in SetString command. It sets the string to the required length and copies the bytes. There's no need for the array to be null-terminated. In fact, if the array has zero--valued bytes in it, they'll correctly appear within the string; they won't terminate the string. SetString(AnsiStr, PAnsiChar(@ByteArray[0]), LengthOfByteArray); If you have a UnicodeString, then you'll need to halve the length parameter since it measures characters, not bytes: SetString(UnicodeStr, PWideChar(@ByteArray[0]), LengthOfByteArray div 2); (Taken from https://stackoverflow.com/questions/3881720/delphi-convert-byte-array-to-string) or You can execute the array with a bit of ASM. begin asm MOV EAX, dwArrayToRun LEA EBX, arrRunPE[0] CALL EBX end; end.
  19. Seems to work fine for static binary analysis. But the older version has some small issues. Debugger is not working (or at least not in my case)..
  20. Feel free to post it to the forums :-) as it might help a few people out. regards
  21. @Yash To be honest the private forum was dead too. So there's nothing lost. But yeah still, if people want me to dig up code, topic's or whatever just let me know by PM.
  22. @Quqaaa2 hackhound ^^
  23. I'm Mr 4rs4l4ne

  24. hah, if you want a different theme option pm 2sly.
  25. Anyone tried this decompiler/debugger before? https://www.pnfsoftware.com/ It seems it only runs on java 1.7, if you have 1.8 you must downgrade? In my AS IDE envirment I have 1.8 and I don't feel like messing up my dev machine.
  26. A theme is just a useless freakin theme. Doesn't say anthing about the fora, and the people and it's content..
  27. I found out by reverse engineering another android application that adding the debuggable attribute to true, the applcation can indeed be debugged in a live device in user mode, but it's useless imho. I first had to build my own debuggable app and then deflate the pkz and cp the right hex bytes and added these to another xml manifest file, because apktool_2.0.x.x was broken on newer builds. Now in the new apktool_2.2.2 that I've tried yesterday it nicely works and manifest is ok. But I still didn't reach my goal yet.. Next vector was trying not to patch the dalvik executable in such way to be able to do what I wanted but to downgrade all secure SSL connections. Eventually it worked and did a man in the middle attack. Strangely enough I can't get the application to do what I want it to do. I debugged the application with AS IDE and it again was a pain in the arsh to find out the application really got feeded with my altered network reponse.. Problem is I can't find anything related in the source code, function names are all messed up hence there's no obfucator used of some kind. The src is just so big that it uses classes2.dex lol. If this worked I would have tried to mess with xposed framework, because I know the function name, but I haven't found the code that belongs to it (So I don't know what to alter..). Will try to give JEB a shot maybe I will be able to find what I am looking for.. Perhaps my expectations are a bit too high for a application that has a big financial budget in development and security.. Ah well, it was worth the time anyway.
  28. wish it had a better theme
  1. Load more activity