Is the z3 ptthon api fast? I use it but it kinda slow. Wonder how to use Z3 with C or C++
@samsunga69272 ай бұрын
Really nice vid! I am a scientist and coder w/ little experience auditing... was wondering about auditing Signal or any app for its security claims... searched how to audit code in general and saw ur vid... insightful approach. I am also reminded that what is intended (and therefore possibly claimed) in programming is not necessarily what follows, intentional or not, lol!❤
@Nillaes3 ай бұрын
It's literally my first comment ever. But i have to say this channel is criminally underrated. This series is absolute gold.
@peterlee44103 ай бұрын
Im good at PHP where should i start the auďiting?
@distortions4 ай бұрын
where did you go @HackOvert
@inmodreal97704 ай бұрын
All I was looking for 😅😅
@turanbirligi69697 ай бұрын
hello please respond is there abyy way to actually convert this game files and view them.Like i am trying to get game files but they are in specific extensions like rdf bundle extensions can i convert them into mp3 jpg or anything
@RobertJohnson-lb3qz8 ай бұрын
Looks like you have great content. Please dial up the volume some, can’t hear it...
@moviesynopsis0019 ай бұрын
Hey HackOvert, what can I do if the program I am trying to debug instantly crashes when attaching a debugger? Do i freeze the process and try and disable all of these anti debug detections then just patch the binary?
@AboKaff311 ай бұрын
just dont steal @nightosphere Logo
@HackOvert5 ай бұрын
Whoa weird. I had no idea who or what nightosphere is. This "logo" is just the capital "O" from a font called "Street Soul" - I just added a cross to connect the quote and make it look like an H for Hack Overt. Thanks for the heads up.
@Cygnus0lor Жыл бұрын
Absolutely high-tier tutorial. You should have tons more subscribers. Thank you man! Keep it up. <3
@chidam333 Жыл бұрын
interesting but can we reduce tsp or 0/1 knapsack to sat prblm ? It's so cool though
@dengan699 Жыл бұрын
Your python sucks, but thanks for the intro!
@HackOvert Жыл бұрын
Well, we can’t all be masters at everything like you Denis, but thanks for the comment!
how am I the only one who has stumbled upon your vids? These are great!
@BipinOli90 Жыл бұрын
At 12:45, why do both x and y must not be the previous value? There could be another satisfiable state with the same x but a different y, so or would make more sense. Looking at the code it does look like the or case. Maybe while saying this you made a mistake 🤔
@diegoporras7769 Жыл бұрын
I’m assuming that if you don’t have the source code you’d do the same but patching the binary, right?
@HackOvert Жыл бұрын
Yep, exactly! Depending on what we're doing, we may either patch the binary, or write a debugger script to automate pausing the processes, modifying memory, and continuing execution rather than patching the binary itself. It's not too common, but software can hash code segments to verify instructions haven't been patched. So in certain cases patching instructions can bite you. I would only ever be cautious of that when dealing with malware that I know employs anti-debugging or I'm working on anti-tamper or DRM targets.
@diegoporras7769 Жыл бұрын
How come this video doesn’t have thousands of views? This is gold man ❤ thanks
@mugiwara-no-luffy Жыл бұрын
thanks for going over this topic!
@timurtimak6372 Жыл бұрын
Is it true that the hardness of the hashing algorithms: SHA-2, SHA-3 relies on the SAT problem?
@NXTangl10 ай бұрын
Kinda, basically if there exists an algorithm to efficiently invert a hash function or find collisions, the security properties are compromised. So if finding solutions to sha(x) = [known input] or sha(x) = sha(y) is something a SAT-solver can do efficiently, then sha is broken, meaning that if P=NP and we define "can do efficiently" as "can solve in polynomial time," then no hash function is safe (SAT is NP-complete).
@larrybird3729 Жыл бұрын
WOW!!! incredible explanation, the only reason you didn't get more views is because you didn't fill your house up with jello and scream at everyone that "you are filling your house up with jello", then change your camera angles every 2 seconds with the added random noises from manga characters.
@HackOvert Жыл бұрын
Thanks, I appreciate it!
@rahulvramesh2 жыл бұрын
hi @hackovert, what do you think about sonarqube ? thanks for the video :)
@HackOvert2 жыл бұрын
I don’t use it often - but have used it as a part of our CI process in the past on a development team. It was pretty great. Set up is easy, it’s fast, and it helps catch some silly issues. If you’re looking to help minimize technical debt it’s really nice.
@MrRaPhIpHoP12 жыл бұрын
I mean what do you even recommend using it as an anti-debug? Combination of solutions? I'm trying to make an app that prevents debugging attach but from your examples everything seems too easy to bypass.
@HackOvert2 жыл бұрын
If you’re looking to prevent reverse engineering I would suggest looking into protectors like Themida or VMProtect and utilize a virtual machine layer.
@MrRaPhIpHoP12 жыл бұрын
@@HackOvert Yeah, more or less. I know it can't be fully protected but rather making it more difficult for fellow reverse engineers. Thanks for the hint on the VM layer, I'll do some research. Cheers.
@phantomBTD2 жыл бұрын
And all the useful info !
@phantomBTD2 жыл бұрын
Loved the video effects ! :D
@igobyharel87272 жыл бұрын
Excited to try this tool out, thank you for this video!
@lima49832 жыл бұрын
Error MSB8066 custom build for 'AntiDBG.asm' ended with code 1 I'm trying to compile on x64
@HackOvert2 жыл бұрын
Hey, what version of Visual Studio are you using to compile the project?
@lima49832 жыл бұрын
@@HackOvert Visual Studio 2022, I'm downloading Visual Studio 2019 version 16.11.11
@HackOvert2 жыл бұрын
Thanks for the info! I'm downloading 2022 now and will see if I can figure out the issue and update the repo to work with both 2019 and 2022. I just verified it builds on 2019.
@HackOvert2 жыл бұрын
Hey, I just setup VS 2022 (Desktop C/C++ install) loaded the solution file and was able to build debug and release versions for both 32 and 64-bit builds. I'll see if I can dig into your error more and get back to you with suggestions.
@newzukagt33922 жыл бұрын
Thank you very much and this information was very good! Great video
@abhishekchaudhary69752 жыл бұрын
Thanks man !!
@SpooFaR2 жыл бұрын
AMAZING!!! GREAT!!!
@fortniter66073 жыл бұрын
thank you
@guilhemedemassenaladario3 жыл бұрын
That's are an amazing project that you're doing, thanks for sharing your knowledge.
@yakumooomori57083 жыл бұрын
Did you get a chance to look into CodeQL? That should save you so much time instead of using tree-sitter. PHP is unfortunately not supported...
@HackOvert3 жыл бұрын
CodeQL looks so cool. I'm really hoping the future will bring additional language support to the platform. I just noticed their bug bounty program which rewards CodeQL queries that models vulnerabilities in open source software (details here securitylab.github.com/bounties/). Thanks for bringing this up, I think this would be a fun project to work on.
@yakumooomori57083 жыл бұрын
Great channel! ♡ I like the depth and the lightheartedness in your content, keep it up :D
@josh97613 жыл бұрын
Great video keep it up!
@s1dev3 жыл бұрын
can I use this with python? will I be able to attach gauntlet.cpp to my python file and then build it? I now use pyarmor to build my .py file to exe.
@HackOvert3 жыл бұрын
I've never used pyarmor, but I have dabbled a bit with pyinstaller. I imagine it might be possible to create some kind of Frankenstein's monster of a binary that includes these anti debugging methods. The problem is that if I wanted to reverse engineer a py-exe, I'd dump the compiled python code segment and use a Python bytecode decompiler to get the original Python - I wouldn't even mess with debugging the py-exe file as a native binary. I think that would just add too much complexity. You'll have to dig into pyarmor's API and see if there's a way to include binary files. For example, with Pyinstaller, there is the ability to load shared objects/dlls and make calls from the loaded library: pyinstaller.readthedocs.io/en/stable/spec-files.html#adding-binary-files - this might be the most direct path.
@s1dev3 жыл бұрын
Is there ways to include python in c/c# and the compile? in visual studio code.
@HackOvert3 жыл бұрын
I don't have any experience doing that, but it looks like SWIG and Boost.Python are two options that might be viable. Check out this StackOverflow question and related answer for some leads: stackoverflow.com/questions/9117978/use-python-code-in-c-c Good luck!
@s1dev3 жыл бұрын
@@HackOvert thanks, let me check that out. :)
@jairai27393 жыл бұрын
Man what amazing explanation should have 1 million views, thx a lot, and go ahead with channel
@therokdabatherokdaba92693 жыл бұрын
Great video! I love the way you explain things, keep it up!
3 жыл бұрын
thank you so much :) this explanation really helped me to get a basic intuition for using z3. I'm working on a thesis which deals with tree-structured test data generation and my first strategy was to use smt solvers like z3 to drive the generating process, but I got a bit lost while trying to understand the smt-lib format.
@icryo3 жыл бұрын
@hackovert your content is excellent, keep it up!
@HackOvert3 жыл бұрын
Hey, thanks!
@DickSvensson3 жыл бұрын
Great walkthrough, very good explanation of the though process and great pointers. Really nice to see the hands on parts with BN's head-less and API parts. Thanks for sharing!
@HackOvert3 жыл бұрын
Absolutely, thanks so much for the feedback, I really appreciate it!
@FlashbackTeam3 жыл бұрын
Hey! Thanks for doing this video. This is an awesome script, and it's much more complex than ours. Ours simply decompiles all the functions and then greps them. But yours has much more potential!
@HackOvert3 жыл бұрын
OK, aaannnd looks like my print out of your comment is complete. Be right back... It's now hanging on my refrigerator for everyone to see! Thanks! :D
![[001] RE Sessions - Angry Robot](/img/d.gif)
Пікірлер
Is the z3 ptthon api fast? I use it but it kinda slow. Wonder how to use Z3 with C or C++
Really nice vid! I am a scientist and coder w/ little experience auditing... was wondering about auditing Signal or any app for its security claims... searched how to audit code in general and saw ur vid... insightful approach. I am also reminded that what is intended (and therefore possibly claimed) in programming is not necessarily what follows, intentional or not, lol!❤
It's literally my first comment ever. But i have to say this channel is criminally underrated. This series is absolute gold.
Im good at PHP where should i start the auďiting?
where did you go @HackOvert
All I was looking for 😅😅
hello please respond is there abyy way to actually convert this game files and view them.Like i am trying to get game files but they are in specific extensions like rdf bundle extensions can i convert them into mp3 jpg or anything
Looks like you have great content. Please dial up the volume some, can’t hear it...
Hey HackOvert, what can I do if the program I am trying to debug instantly crashes when attaching a debugger? Do i freeze the process and try and disable all of these anti debug detections then just patch the binary?
just dont steal @nightosphere Logo
Whoa weird. I had no idea who or what nightosphere is. This "logo" is just the capital "O" from a font called "Street Soul" - I just added a cross to connect the quote and make it look like an H for Hack Overt. Thanks for the heads up.
Absolutely high-tier tutorial. You should have tons more subscribers. Thank you man! Keep it up. <3
interesting but can we reduce tsp or 0/1 knapsack to sat prblm ? It's so cool though
Your python sucks, but thanks for the intro!
Well, we can’t all be masters at everything like you Denis, but thanks for the comment!
good
thx
Very nice
videoların devamını bekliyorum TÜRKİYEDEN SELAMLAR!!!
how am I the only one who has stumbled upon your vids? These are great!
At 12:45, why do both x and y must not be the previous value? There could be another satisfiable state with the same x but a different y, so or would make more sense. Looking at the code it does look like the or case. Maybe while saying this you made a mistake 🤔
I’m assuming that if you don’t have the source code you’d do the same but patching the binary, right?
Yep, exactly! Depending on what we're doing, we may either patch the binary, or write a debugger script to automate pausing the processes, modifying memory, and continuing execution rather than patching the binary itself. It's not too common, but software can hash code segments to verify instructions haven't been patched. So in certain cases patching instructions can bite you. I would only ever be cautious of that when dealing with malware that I know employs anti-debugging or I'm working on anti-tamper or DRM targets.
How come this video doesn’t have thousands of views? This is gold man ❤ thanks
thanks for going over this topic!
Is it true that the hardness of the hashing algorithms: SHA-2, SHA-3 relies on the SAT problem?
Kinda, basically if there exists an algorithm to efficiently invert a hash function or find collisions, the security properties are compromised. So if finding solutions to sha(x) = [known input] or sha(x) = sha(y) is something a SAT-solver can do efficiently, then sha is broken, meaning that if P=NP and we define "can do efficiently" as "can solve in polynomial time," then no hash function is safe (SAT is NP-complete).
WOW!!! incredible explanation, the only reason you didn't get more views is because you didn't fill your house up with jello and scream at everyone that "you are filling your house up with jello", then change your camera angles every 2 seconds with the added random noises from manga characters.
Thanks, I appreciate it!
hi @hackovert, what do you think about sonarqube ? thanks for the video :)
I don’t use it often - but have used it as a part of our CI process in the past on a development team. It was pretty great. Set up is easy, it’s fast, and it helps catch some silly issues. If you’re looking to help minimize technical debt it’s really nice.
I mean what do you even recommend using it as an anti-debug? Combination of solutions? I'm trying to make an app that prevents debugging attach but from your examples everything seems too easy to bypass.
If you’re looking to prevent reverse engineering I would suggest looking into protectors like Themida or VMProtect and utilize a virtual machine layer.
@@HackOvert Yeah, more or less. I know it can't be fully protected but rather making it more difficult for fellow reverse engineers. Thanks for the hint on the VM layer, I'll do some research. Cheers.
And all the useful info !
Loved the video effects ! :D
Excited to try this tool out, thank you for this video!
Error MSB8066 custom build for 'AntiDBG.asm' ended with code 1 I'm trying to compile on x64
Hey, what version of Visual Studio are you using to compile the project?
@@HackOvert Visual Studio 2022, I'm downloading Visual Studio 2019 version 16.11.11
Thanks for the info! I'm downloading 2022 now and will see if I can figure out the issue and update the repo to work with both 2019 and 2022. I just verified it builds on 2019.
Hey, I just setup VS 2022 (Desktop C/C++ install) loaded the solution file and was able to build debug and release versions for both 32 and 64-bit builds. I'll see if I can dig into your error more and get back to you with suggestions.
Thank you very much and this information was very good! Great video
Thanks man !!
AMAZING!!! GREAT!!!
thank you
That's are an amazing project that you're doing, thanks for sharing your knowledge.
Did you get a chance to look into CodeQL? That should save you so much time instead of using tree-sitter. PHP is unfortunately not supported...
CodeQL looks so cool. I'm really hoping the future will bring additional language support to the platform. I just noticed their bug bounty program which rewards CodeQL queries that models vulnerabilities in open source software (details here securitylab.github.com/bounties/). Thanks for bringing this up, I think this would be a fun project to work on.
Great channel! ♡ I like the depth and the lightheartedness in your content, keep it up :D
Great video keep it up!
can I use this with python? will I be able to attach gauntlet.cpp to my python file and then build it? I now use pyarmor to build my .py file to exe.
I've never used pyarmor, but I have dabbled a bit with pyinstaller. I imagine it might be possible to create some kind of Frankenstein's monster of a binary that includes these anti debugging methods. The problem is that if I wanted to reverse engineer a py-exe, I'd dump the compiled python code segment and use a Python bytecode decompiler to get the original Python - I wouldn't even mess with debugging the py-exe file as a native binary. I think that would just add too much complexity. You'll have to dig into pyarmor's API and see if there's a way to include binary files. For example, with Pyinstaller, there is the ability to load shared objects/dlls and make calls from the loaded library: pyinstaller.readthedocs.io/en/stable/spec-files.html#adding-binary-files - this might be the most direct path.
Is there ways to include python in c/c# and the compile? in visual studio code.
I don't have any experience doing that, but it looks like SWIG and Boost.Python are two options that might be viable. Check out this StackOverflow question and related answer for some leads: stackoverflow.com/questions/9117978/use-python-code-in-c-c Good luck!
@@HackOvert thanks, let me check that out. :)
Man what amazing explanation should have 1 million views, thx a lot, and go ahead with channel
Great video! I love the way you explain things, keep it up!
thank you so much :) this explanation really helped me to get a basic intuition for using z3. I'm working on a thesis which deals with tree-structured test data generation and my first strategy was to use smt solvers like z3 to drive the generating process, but I got a bit lost while trying to understand the smt-lib format.
@hackovert your content is excellent, keep it up!
Hey, thanks!
Great walkthrough, very good explanation of the though process and great pointers. Really nice to see the hands on parts with BN's head-less and API parts. Thanks for sharing!
Absolutely, thanks so much for the feedback, I really appreciate it!
Hey! Thanks for doing this video. This is an awesome script, and it's much more complex than ours. Ours simply decompiles all the functions and then greps them. But yours has much more potential!
OK, aaannnd looks like my print out of your comment is complete. Be right back... It's now hanging on my refrigerator for everyone to see! Thanks! :D