Leaderboard

Desi aceasta problema cu Crack-ul am raportat-o companiei nu credca au rezolvat problema. Acesta este un mic raport facut de mine si de littlewho pentru acesta companie. https://nutcrackerssecurity.github.io/crack.html

O mica explicatie a ce este PE Portable Executable File Format : https://nutcrackerssecurity.github.io/PE-file.html

Salut am zis sa postez si eu un articol de pe blog-ul meu, pentru ca multa lume a zis sa incerc sa refac acest exploit. Sper ca am explicat cat de bine am putut. https://nutcrackerssecurity.github.io/Windows7.html

Frumos, poti posta pe forum si celelalte blog posturi!

Proiectul tau pare sa fie mult mai complex decat crezi tu ca e. In primul rand faci confuzie intre modulatie(fm, am, wifi) si banda radio care sa masoara in MHz/GHz. In al 2-lea rand: Undele radio, in special la frecvente mici(sub-GHz), se comporta foarte bizar. Se reflecta de pereti si patrund prin materiale destul de groase. In plus o antena directionala, care iti poate spune 'de unde' vine semnalul radio e greu de construit. Majoritatea antenelor radio(aka un fir vertical) capteaza semnal din toate directiile. In practica ca sa aflii directia din care vine un semnal radio, cu o precizie rezonabila, se folosesc aparaturi mai complicate. In general(guvenele/armata/unii radioamatori mai bogati) folosesc un array de antene si compara fie faza semnaluluio radio, fie timpul in care semnalul radio ajunge la fiecare antena. Cunoscand viteza luminii, frecventa semnalului si distanta intre antene poti calcula directia din care vine semnalul. In practica aparatura e scumpa, voluminoasa si greu de instalat. https://en.wikipedia.org/wiki/Direction_finding Iti recomand sa incepi cu ceva mai simplu si sa dezvolti de acolo. uite niste proiecte care imi par interesante: https://youtu.be/kQRYIH2HwfY https://www.instructables.com/id/Arduino-Flashlight-Following-Robot/ https://create.arduino.cc/projecthub/lbf20012001/sound-location-finder-92e6b0 https://youtu.be/GkXH8ZeeIKY LE: daca esti interasat de direction finder un talk ft tare: https://youtu.be/ZuNOD3XWp4A?t=4464

Sursa: https://github.com/enkomio/shed/blob/master/README.md Shed is an application that allow to inspect the .NET runtime of a program in order to extract useful information. It can be used to inspect malicious applications in order to have a first general overview of which information are stored once that the malware is executed. Shed is able to: Inject a .NET Assembly in a remote process (both managed and un-managed) Extract all objects stored in the managed heap Print strings stored in memory Save the snapshot of the heap in a JSON format for post-processing Dump all modules that are loaded in memory Download Source code Download binary Using Shed Shed is a command line tool. To display all available options run: shed.exe --help Inspecting an already running application In order to inspect an already running process you have to pass the pid to Shed. Example: Shed.exe --pid 2356 Inspecting a binary In order to inspect a binary, Shed needs to execute it and to attach to it in order to inspect the runtime. Example: Shed.exe --exe malware.exe You can also specify the amount of time (in milliseconds) to wait before to suspend the process. This will allow the program to have the time to initialize its properties. Example: Shed.exe --timeout 2000 --exe malware.exe Injecting an Assembly in a remote process With Shed is possible to inject a .NET Assembly in a remote process thanks to the ManagedInjector Library. In order to do so, it is necessary to specify the pid of the process and the exe to inject. Once that the Assembly is injected is possible to activate it by invoking a specific method. The rules to identify the method are inherithed by the ManagedInjector project and are the following: You must specify the full method name to invoke (eg. this.is.my.namespace.class.method) You can inject an executable that defines an EntryPoint method to execute (like a Console project) You can define a method with the following signatue: <public|private> static void Inject() For example, to inject the Assembly InjectedAssembly into the process with pid 1234, you have the run Shed with the following command: shed.exe --pid 1234 --exe InjectedAssembly.dll --inject With the --method option you can specify a method, from InjectedAssembly.exe to invoke. Find below an example of execution: Dumping options By default Shed dump both the heap and the modules. If you want only one of that specify the --dump-heap option to dump only the objects in the heap or the --dump-modules to dump only the modules. Dumping the heap can produce a lot of information which are not strictly useful for the analysis. You can filter it by using two files: blacklist.txt this file contains the type names prefix that must not be logged whitelist.txt this file contains the type names prefix that must be logged even if blacklisted For example, if you want to filter all the System.IO namespace but you are interested in logging System.IO.MemoryStream, you can add the first value to blacklist.txt and the second one to whitelist.txt. Examples In the Examples folder you will find three different projects that you can use in order to test Shed. Example: Shed.exe --exe ..\Examples\ConfigurationSample\ConfigurationSample.exe When the analysis is completed, Shed will print where you can find the result, as shown below: [+] Result saved to C:\Shed\Result\7800 Build Shed If you have installed Visual Studio, just run the build.bat batch file, it will create a zip file inside the build folder. License information Copyright (C) 2017 Antonio Parata - @s4tan License: GNU General Public License, version 2 or later; see LICENSE included in this archive for details.