About
Setup in 2003 Tuts 4 You is a non-commercial, independent community dedicated to the sharing of knowledge and information on reverse code engineering in many of the subject areas it spans, across the many different operating systems, platforms, hardware and devices that exist today.
Tuts 4 You takes pride in knowing that it has been able, for over a decade, in uniting talented people from all corners of the reverse engineering community and enabling them to develop their skills, share ideas, promote and kickstart projects that have helped to shape the reverse engineering community. It's with this knowledge that Tuts 4 You continually strives to be used as a conduit to push the reverse engineering community to new heights and new goals.
Tuts 4 You invites all visitors in to our community, to browse and download files from the site and to participate or ask questions on any aspect of reverse code engineering in the community forums.
We encourage those people who have written a paper, dissertation or essay and who would like to see it published on Tuts 4 You to click through to the Submissions menu to forward it on to us.
Tuts 4 You takes pride in knowing that it has been able, for over a decade, in uniting talented people from all corners of the reverse engineering community and enabling them to develop their skills, share ideas, promote and kickstart projects that have helped to shape the reverse engineering community. It's with this knowledge that Tuts 4 You continually strives to be used as a conduit to push the reverse engineering community to new heights and new goals.
Tuts 4 You invites all visitors in to our community, to browse and download files from the site and to participate or ask questions on any aspect of reverse code engineering in the community forums.
We encourage those people who have written a paper, dissertation or essay and who would like to see it published on Tuts 4 You to click through to the Submissions menu to forward it on to us.
Latest Downloads
(Cryptography / Algorithms:)
A Practical Cryptanalysis of the Telegram Messaging ProtocolAuthor: Jakob Bjerre Jakobsen
The number one rule for cryptography is never create your own crypto. Instant messaging application Telegram has disregarded this rule and decided to create an original message encryption protocol. In this work we have done a thorough cryptanalysis o [more...]
Date: 16 May 2016 - 19:44
Filesize: 1.06 mb
Total Downloads: 351
(Hardware Hacking:)
A Proposal For a Stateless LaptopAuthor: Joanna Rutkowska
Modern Intel x86-based endpoint systems, such as laptops, are plagued by a number of security-related problems. Additionally, with the recent introduction of Intel Management Engine (ME) microcontroller into all new Intel processors, the trustworthin [more...]
Date: 16 May 2016 - 19:40
Filesize: 287.08 kb
Total Downloads: 84
(Software Testing and Binary Static Analysis:)
Characterizing Loops in Android ApplicationsAuthor: Yanick Fratantonio, Aravind Machiry, Antonio Bianchi, Christopher Kruegel, Giovanni Vigna
When performing program analysis, loops are one of the most important aspects that needs to be taken into account. In the past, many approaches have been proposed to analyze loops to perform different tasks, ranging from compiler optimizations to Wor [more...]
Date: 16 May 2016 - 19:38
Filesize: 335.6 kb
Total Downloads: 69
(Obfuscation / Deobfuscation:)
Context-Sensitive Analysis of Obfuscated x86 ExecutablesAuthor: Arun Lakhotia, Davidson R. Boccardo, Anshuman Singh, Aleardo Manacero Jr.
A method for context-sensitive analysis of binaries that may have obfuscated procedure call and return operations is presented. Such binaries may use operators to directly manipulate stack instead of using native call and ret instructions to achieve [more...]
Date: 16 May 2016 - 19:37
Filesize: 245.4 kb
Total Downloads: 91
(Software Testing and Binary Static Analysis:)
Control Flow Graph Based Multiclass Malware Detection Using Bi-normal SeparationAuthor: Akshay Kapoor, Sunita Dhavale
Control flow graphs (CFG) and OpCodes extracted from disassembled executable files are widely used for malware detection. Most of the research in static analysis is focused on binary class malware detection which only classifies an executable as beni [more...]
Date: 16 May 2016 - 19:35
Filesize: 657.41 kb
Total Downloads: 84
(Software Testing and Binary Static Analysis:)
De-anonymizing Programmers via Code StylometryAuthor: [ Various Authors ]
Source code authorship attribution is a significant privacy threat to anonymous code contributors. However, it may also enable attribution of successful attacks from code left behind on an infected system, or aid in resolving copyright, copyleft, and [more...]
Date: 16 May 2016 - 19:33
Filesize: 426.42 kb
Total Downloads: 53
(Cryptography / Algorithms:)
Factoring RSA Keys With TLS Perfect Forward SecrecyAuthor: Florian Weimer
This report describes the successful factorization of RSA moduli, by connecting to faulty TLS servers which enable forward secrecy and which use an insufficiently hardened RSA-CRT implementation. The history of this particular RSA-CRT implementation [more...]
Date: 16 May 2016 - 19:32
Filesize: 195.01 kb
Total Downloads: 97
(Disassembling:)
GPU-Disasm - A GPU-based x86 DisassemblerAuthor: [ Various Authors ]
Static binary code analysis and reverse engineering are crucial operations for malware analysis, binary-level software protections, debugging, and patching, among many other tasks. Faster binary code analysis tools are necessary for tasks such as ana [more...]
Date: 16 May 2016 - 19:30
Filesize: 474.47 kb
Total Downloads: 173
(Reverse Code Engineering:)
Looking Inside the (Drop) BoxAuthor: Dhiru Kholia, Przemyslaw Weegrzyn
Dropbox is a cloud based file storage service used by more than 100 million users. In spite of its widespread popularity, we believe that Dropbox as a platform hasn’t been analyzed extensively enough from a security standpoint. Also, the previous w [more...]
Date: 16 May 2016 - 19:29
Filesize: 175.42 kb
Total Downloads: 79
(Obfuscation / Deobfuscation:)
Obfuscation Code Localization Based on CFG Generation of MalwareAuthor: Nguyen Minh Hai, Mizuhito Ogawa, Quan Thanh Tho
This paper presents a tool BE-PUM (Binary Emulator for PUshdown Model generation), which generates a precise control flow graph (CFG), under presence of typical obfuscation techniques of malware, e.g., indirect jump, self-modification, overlapping in [more...]
Date: 16 May 2016 - 19:28
Filesize: 524.56 kb
Total Downloads: 60
(Software Testing and Binary Static Analysis:)
Offensive Techniques in Binary AnalysisAuthor: [ Various Authors ]
Finding and exploiting vulnerabilities in binary code is a challenging task. The lack of high-level, semantically rich information about data structures and control constructs makes the analysis of program properties harder to scale. However, the imp [more...]
Date: 16 May 2016 - 19:26
Filesize: 363.73 kb
Total Downloads: 76
(Reverse Code Engineering:)
Preventing Reverse Engineering of Native and Managed ProgramsAuthor: Michael Kiperberg
One of the important aspects of protecting software from attack, theft of algorithms, or illegal software use is eliminating the possibility of performing reverse engineering. One common method used to deal with these issues is code obfuscation. Howe [more...]
Date: 16 May 2016 - 19:25
Filesize: 3.09 mb
Total Downloads: 88
(Obfuscation / Deobfuscation:)
Reversing An Obfuscated Java MalwareAuthor: Extreme Coders
Some time in the recent past, I stumbled upon a news on The Intercept, about a malware being used against some Argentine prosecutor, who was found dead under uncanny circumstances (Fig. 1 & 2). Interested, I decided to have a look at the malware. [more...]
Date: 16 May 2016 - 19:23
Filesize: 1.07 mb
Total Downloads: 89
(Obfuscation / Deobfuscation:)
Symbolic Execution of Obfuscated CodeAuthor: Babak Yadegari, Saumya Debray
Symbolic and concolic execution find important applications in a number of security-related program analyses, including analysis of malicious code. However, malicious code tend to very often be obfuscated, and current concolic analysis techniques hav [more...]
Date: 16 May 2016 - 19:19
Filesize: 375.2 kb
Total Downloads: 57
(Obfuscation / Deobfuscation:)
Translingual ObfuscationAuthor: Pei Wang, Shuai Wang, Jiang Ming, Yufei Jiang, Dinghao Wu
Program obfuscation is an important software protection technique that prevents attackers from revealing the programming logic and design of the software. We introduce translingual obfuscation, a new software obfuscation scheme which makes programs o [more...]
Date: 16 May 2016 - 19:18
Filesize: 401.4 kb
Total Downloads: 61
(Miscellaneous Tools:)
PinMe! 0.8.5Author: Teddy Rogers
PinMe! started it's life some years ago, under a different name, as a plugin for OllyDbg to allow me to set specific windows to TopMost (pinned to desktop screen) whilst debugging. Eventually it became it's own independent program after mor [more...]
Date: 31 March 2016 - 05:24
Filesize: 1.34 mb
Total Downloads: 14763
(Exploits:)
The Memory SinkholeAuthor: Christopher Domas
In x86, beyond ring 0 lie the more privileged realms of execution, where code is invisible to AV, we have unfettered access to hardware, and can trivially preempt and modify the OS. The architecture has heaped layers upon layers of protections on the [more...]
Date: 20 August 2015 - 04:36
Filesize: 204.26 kb
Total Downloads: 1094
(Disassembling:)
Reassembleable DisassemblingAuthor: Shuai Wang, Pei Wang, Dinghao Wu
Reverse engineering has many important applications in computer security, one of which is retrofitting software for safety and security hardening when source code is not available. By surveying available commercial and academic reverse engineering to [more...]
Date: 20 August 2015 - 04:35
Filesize: 284.93 kb
Total Downloads: 1075
(Miscellaneous Papers:)
Mass SurveillanceAuthor: European Parlimentary Research Service
This document identifies the risks of data breaches for users of publicly available Internet services such as email, social networks and cloud computing, and the possible impacts for them and the European Information Society. It presents the latest t [more...]
Date: 20 August 2015 - 04:33
Filesize: 86.93 mb
Total Downloads: 571
(Keygenning / Serial Fishing:)
Keygenning Phoenix-Dev ShrinkAuthor: BLZPDA
This tutorial is for the experienced reverse engineer and not a beginners help. I'm not going deep into everything, but you should be able to follow my ideas. It took me some time to understand how this protection works and I had to invent some [more...]
Date: 20 August 2015 - 04:29
Filesize: 1003.74 kb
Total Downloads: 826
(Reverse Code Engineering:)
iOS App Reverse EngineeringAuthor: Zishe Sha
Software reverse engineering refers to the process of deducing the implementation and design details of a program or a system by analyzing the functions, structures or behaviors of it. When we are very interested in a certain software feature while n [more...]
Date: 20 August 2015 - 04:28
Filesize: 3.82 mb
Total Downloads: 614
(Obfuscation / Deobfuscation:)
Behavioral Analysis of Obfuscated CodeAuthor: Federico Scrinzi
Classically, the procedure for reverse engineering binary code is to use a disassembler and to manually reconstruct the logic of the original program. Unfortunately, this is not always practical as obfuscation can make the binary extremely large by o [more...]
Date: 20 August 2015 - 04:26
Filesize: 2.83 mb
Total Downloads: 555
(Debuggers / Disassemblers:)
ArkDasm 1.1.0Author: CyberBob
ArkDasm is a 64-bit interactive disassembler and debugger for Windows. Supported file types: PE64, raw binary files. Supported processor: x64 architecture (Intel x64 and AMD64) ArkDasm is released as Freeware. Main features: parsing PE32+ [more...]
Date: 20 August 2015 - 04:25
Filesize: 27.57 mb
Total Downloads: 5320
(Packers / Protectors:)
Deep Packer Inspection - A Longitudinal Study of the Complexity of Run-Time PackersAuthor: Xabier Ugarte-Pedrero, Davide Balzarottiy, Igor Santos, Pablo G. Bringas
Run-time packers are often used by malware-writers to obfuscate their code and hinder static analysis. The packer problem has been widely studied, and several solutions have been proposed in order to generically unpack protected binaries. Nevertheles [more...]
Date: 29 April 2015 - 00:34
Filesize: 1.15 mb
Total Downloads: 1045
(OllyScript - Scripts:)
Dyamar Protector 1.3x UnpackerAuthor: GIV
Recently I get over a nice easy keygenme protected with this protector and I feel the need to automate the unpacking process. Was a fun journey because the protector insert a unique stub almost every time for OEP jump interlaced sometimes with jum [more...]
Date: 29 April 2015 - 00:30
Filesize: 8.11 mb
Total Downloads: 884
(Keygenning / Serial Fishing:)
Keygenning Using the Z3 SMT SolverAuthor: ExtremeCoders
Quoting Wikipedia, In computer science and mathematical logic, the satisfiability modulo theories (SMT) problem is a decision problem for logical formulas with respect to combinations of background theories expressed in classical first order logic wi [more...]
Date: 29 April 2015 - 00:28
Filesize: 117.11 kb
Total Downloads: 658
(Cryptography / Algorithms:)
Verifying Curve25519 SoftwareAuthor: Yu-Fang Chen, Chang-Hong Hsu, Hsin-Hung Lin, Peter Schwabe, Ming-Hsien Tsai, Bow-Yaw Wang, Bo-Yin Ya
This paper presents results on formal verification of high-speed cryptographic software. We consider speed-record-setting hand-optimized assembly software for Curve25519 elliptic-curve key exchange presented by Bernstein et al. at CHES 2011. Two vers [more...]
Date: 29 April 2015 - 00:25
Filesize: 391.12 kb
Total Downloads: 243
(x64_dbg:)
x64_dbg 0.24Author: Mr. eXoDia, Sigma, tr4ceflow
This is a x32/x64 debugger that is currently in active development. The debugger has (currently) three parts: - DBG - GUI - Bridge DBG is the debugging part of the debugger. It handles debugging (using TitanEngine) and will provide data fo [more...]
Date: 28 April 2015 - 21:38
Filesize: 10.36 mb
Total Downloads: 5913
(IDA Pro Disassembler and Debugger:)
IDA Pro Disassembler 6.8.15.413 (Windows, Linux, Mac)Author: Hex-Rays
IDA Pro is a programmable, interactive, multi-processor disassembler combined with a local and remote debugger and augmented by a complete plugin programming environment. IDA Pro is in many ways unique. Its interactivity allows you to improve disa [more...]
Date: 28 April 2015 - 21:26
Filesize: 38.71 mb
Total Downloads: 57793
(OllyDbg 2.xx Plugins:)
Debug Plugin 30.12.2014Author: VieuxCrapaud
Allows the debugger OllyDbg 2 plugins.
Date: 24 March 2015 - 06:34
Filesize: 7.51 mb
Total Downloads: 2517
(OllyDbg 2.xx Plugins:)
FastPad Plugin 19.01.2015Author: VieuxCrapaud
Allows you to take notes without the window encroaching on the program being debugged.
Date: 24 March 2015 - 06:31
Filesize: 5.49 mb
Total Downloads: 917
(OllyDbg 2.xx Plugins:)
Imprimer La Selection 28.12.2014Author: VieuxCrapaud
This plugin allows you to print the selected text using CTRL+I
Date: 24 March 2015 - 06:27
Filesize: 5.43 mb
Total Downloads: 531
(OllyDbg 2.xx Plugins:)
Multiline Ultimate Assembler 2.3.1 (2)Author: RaMMicHaeL
Multiline Ultimate Assembler (formerly MUltimate Assembler) is a multiline (and ultimate) assembler (and disassembler) plugin for OllyDbg. It's a perfect tool for modifying and extending a compiled executable functionality, writing code caves, e [more...]
Date: 24 March 2015 - 06:25
Filesize: 487.15 kb
Total Downloads: 5450
(OllyDbg 2.xx Plugins:)
OD2-ExPlug 201.15Author: Quygia128
+ Main Menu + - Breakpoint Manager . Import Breakpoints . Export Breakpoints - MAP File Master . Import Labels . Import Comments . Import MAP To Library . Clear All Labels . Clear All Comments - Open Label Tabel - Plugin De [more...]
Date: 24 March 2015 - 06:24
Filesize: 604.74 kb
Total Downloads: 11548
(OllyDbg 2.xx Plugins:)
ODBGScript 2.0.1Author: VieuxCrapaud
ODbgScript is a plugin for OllyDbg, which is, in our opinion, the best application-mode debugger out there. One of the best features of this debugger is the plugin architecture which allows users to extend its functionality. ODbgScript is a plugin me [more...]
Date: 24 March 2015 - 06:18
Filesize: 1.07 mb
Total Downloads: 2612
(OllyDbg 2.xx Plugins:)
OllyTab 0.3.13Author: DZ
When you have too many windows open in OllyDbg, it is difficult finding the window you want. With OllyTab those windows are organised neatly as tabs within OllyDbg.
Date: 24 March 2015 - 06:16
Filesize: 2.93 mb
Total Downloads: 890
(Unpacking Tutorials:)
PeLock 1.0694 (Unpacking)Author: Nwokiller
The target is a simple dialog box from an old assembler tutorial, packed with PELock v1.0694 Demo (so it has a nag unfortunately). The concept is not new however this method is a combination of other tutorials plus my own research that culminates in [more...]
Date: 24 March 2015 - 06:13
Filesize: 2.38 mb
Total Downloads: 1246
(OllyDbg 1.xx Plugins:)
Portablizer 1.0Author: RaMMicHaeL
This plugin makes your copy of OllyDbg v1.10 portable, which means that you can copy the OllyDbg folder to another location without having to fix ollydbg.ini manually. In addition to the plugin DLL, there's a patch that needs to be applied on [more...]
Date: 24 March 2015 - 06:12
Filesize: 63.77 kb
Total Downloads: 321
(OllyDbg 1.xx Plugins:)
QuickAddressCopy 1.0Author: RaMMicHaeL
This tiny plugin allows you to copy the address of the selected item/command/byte with the Ctrl+X keyboard shortcut. Note that the plugin works only for OllyDbg v1.10. For OllyDbg v2, you can achieve the same with: Options -> Edit shortcuts. [more...]
Date: 24 March 2015 - 06:10
Filesize: 2.73 kb
Total Downloads: 195
(x64_dbg Plugins:)
XEDParse 0.004Author: Mr.Exodia
A small MASM parser for XED2 library. It cannot do much, but the parsing is done and you can encode the following instruction types: - nop (or any instruction without operands) - push rax (any instruction with one register operand) - mov eax,ebx [more...]
Date: 24 March 2015 - 06:06
Filesize: 332.36 kb
Total Downloads: 303