[[Release]DNDetector]

 

This tool can be used to detect any app compiled with dotnet framework during runtime even if it was packed.

As said in the vid , Most of the packers/obfuscators just adds your PE to their stub and executes in memoy . It's pretty easy to unpack most of them if you know what you are doing.

 

Credits :

me

ollydbg for letting me know about mscoree

 

Link : http://forum.ghbsys.net/index.php?/files/file/2192-dndetector/

Scan : http://www.virustotal.com/file-scan/report.html?id=6648ce56363d648d4b498a0315797085257d66230f95e50f4d150df025736c4d-1321632923

[[Release]Header fixer]

DownloadLink is not working because you must add the whatever to our DownloadSystem

 

Sorry , didn't know about this system . I'm a newbie

Fixed for all my threads and sorry again.

[[Release][OpenSource]HWID Login System]

I can't think of a point posting this here but well this might help people like sergemorel and dethblaze hiding sensitive data from NM. Also for people who is planing to code a login system

 

 

The only way i might think of people getting the right hwid is bruteforce otherwise only patching , the rest is on you saving your a--

As i said in the vid , you can add a database or whatever i just made it for the tut,

 

Link : http://forum.ghbsys.net/index.php?/files/file/2190-opensrc-hwid-login-system-sample/

Scan : http://www.virustotal.com/file-scan/report.html?id=63a15ce2818864b7588e16c49ecdbcaeb01c58cb94531d831b87b3cd03f90a1c-1320088432

 

phpaysafecardript code

<<?php

if ( $_SERVER['HTTP_USER_AGENT'] != "Furious rocks")
{
echo "your are not welcomed here";
exit;
}

class Foo {
 protected $mcrypt_cipher = MCRYPT_RIJNDAEL_128;
 protected $mcrypt_mode = MCRYPT_MODE_CBC;

 public function decrypt($key, $iv, $encrypted)
 {
   $iv_utf = mb_convert_encoding($iv, 'UTF-8');
   return mcrypt_decrypt($this->mcrypt_cipher, $key, base64_decode($encrypted), $this->mcrypt_mode, $iv_utf);
 }
}



$encrypted = $_POST['1asd91'];
$key = $_POST['1asd92'];
$iv = "@1B2c3D4e5F6g7H8";

$foo = new Foo;
$pos= strpos(  $foo->decrypt($key, $iv, $encrypted), "5C26E50B" );
if ( $pos !== false)
{
echo "LOGGED IN *****";
}
else
{
echo "LOGIN FAILED";
}

?>

Credits :

me for coding from 0 to this masterpiece /sarcasm

@Brickzel much thanks for him for helping me and getting me to know a lot about http

Unkown for the rijndael encryption in c#

[[Release]Header fixer]

 

Some skids use some packers which mods some bytes of the header to make it unreadable , that's why .net reflctor can't decompile it.

Decided to code this simple application which fixes it for you.

Only packed to decrease size if you want the sourcecode anyone you can pm me

But it is really easy to guess the code as most of modded headers just change the byte at the offset 0xF3

 

Link : http://forum.ghbsys.net/index.php?/files/file/2191-header-fixer/

Scan : http://www.virustotal.com/file-scan/report.html?id=0dfef1a19b4ad03e995a01e7f02289049c19486ddaa9330b7dac062130b6d66a-1320243736

 

Written in C# , enjoy.

[[Release]Anti PEiD for dotnet]

 

I finally managed to do it after many attempts , it's just about writing bytes around the file offset . but gl getting the offset.

Was going to use this for my obfuscator but since I stopped working on it i decided to release this

I can't give to my self much credits to this as most of the credits go to:

Brickzel

Whoever created CFF explorer

0xneff.eu

 

Link : http://forum.ghbsys.net/index.php?/files/file/2189-anti-peid/

Scan : http://www.virustotal.com/file-scan/report.html?id=4346dc39b702d4173014a10be43ea405ba31f03e6c95756d903337545643e927-1320921129

 

Written in C# enjoy.

[From: CrossFire Public V2]

rep

[Release! GSYS & GHB's OFFICILA CA MOD!]

wow this is cool

i have seen alot but this is the best