Wow. After watching the whole series I was stoked to try and do the crackme. I managed to understand the program quite well, and even though I eventually looked at a write-up to actually get the flag, I knew exactly what to do and had traversed the rest of the program no problem, so I am calling that a win! Thank you again so much jeff for giving me the confidence to properly start trying reverse engineering, it has been extremely fun.
@jeFF0FalltradesКүн бұрын
Congratulations! Not only is finishing the series itself an accomplishment, but that understanding throughout the crackme is incredible. You should be proud and I hope you continue to practice and - most of all - have fun with it!
@yishithvilas48766 күн бұрын
That is called power of knowledge
@jeFF0Falltrades6 күн бұрын
❤️
@ahmedshawky827416 күн бұрын
Wdy
@arthurpochart112217 күн бұрын
jeff you are such a talented creator. thank you. your content is the highest quality ive found.
@jeFF0Falltrades17 күн бұрын
You are so kind! I hope you continue to enjoy and I appreciate you being here!
@john_says_hi26 күн бұрын
thanks for making these videos, great to see your process for doing this, you got me reinterested in RCT! just installed reshade and trying to improve the graphics, good times!
@jeFF0Falltrades26 күн бұрын
That’s awesome! If you document that work anywhere, please send it to me! Thank you for watching!
@hanro5026 күн бұрын
If it is written in x86 assembly, that means it is technically source available....
@jeFF0Falltrades26 күн бұрын
As they say: “Everything is open source if you are patient enough to learn assembly” 😂
@hanro5026 күн бұрын
@jeFF0Falltrades indeed. 🤣 Had to do x86 assembly once. Wouldn't recommend it.
@Jarvx28 күн бұрын
Hey man, I just wanted to say your channel is an absolute gem regarding RE and it's to be quite honest one of the best resources out here on youtube and I'm really wondering how your channel is not bigger. Keep up great work!
@jeFF0Falltrades28 күн бұрын
You are too kind, this comment made my day! I’m just happy to have as many that are in this community today :-) Getting prepped to record another video this month! Hope you enjoy that one as well. Thanks so much for watching.
@R00kTruth29 күн бұрын
the easiest way for Anyone, and I mean absolutely Anyone, to learn assembly and reverse engineering at the same time, is to write some simple c code snippets, then to debug them.
@Gaspa79Ай бұрын
I can't believe the hidden flag was on the last place I looked. I was getting discouraged. Thanks for making this, I really hope you make more. I'd buy you a coffee if you had superthanks enabled on the video.
@jeFF0FalltradesАй бұрын
What the heck?! Thank you for telling me because I thought I had it enabled! Should be working now - not that I ever expect it, but I also have a BMAC link on the channel. Thank you so much for watching and so glad to hear you enjoyed! We actually have another one of these coming up this month, focused on malware analysis, with another challenge!
@Gaspa79Ай бұрын
@@jeFF0Falltrades Done. I ended up using buy me a coffee instead since I saw that the cut for that is 5% whereas youtube's is 30%. Thanks again!
@jeFF0FalltradesАй бұрын
@@Gaspa79 You didn’t have to do that but not only do I appreciate the donation, but the extra step of looking at the cut percentage is truly kind. Thank you so much and I hope you continue to enjoy the content!
@Gaspa79Ай бұрын
Honestly I'm so sorry that there's been only 3 episodes of this masterpiece, but I'm so grateful for those 3 anyway. Thanks for the content
@jeFF0FalltradesАй бұрын
Another one coming up next month! Slightly different topic but very excited to get the next one going 😁 So, so happy to hear you enjoyed!
@christianlijs13462 күн бұрын
@@jeFF0Falltrades I have only nearly finished the first episode but I am stoked that there are more coming. Thank you so much for these videos!
@jeFF0Falltrades2 күн бұрын
@@christianlijs1346 So happy to hear this!!! I’m working on a second master0Fnone course now and comments like this motivate me so much. Thanks for watching and I hope you enjoy the rest!
@christianlijs13462 күн бұрын
@@jeFF0Falltrades I had a feeling it would motivate you or at the very least make you happy, but just know that's exactly how I feel when I come across a video like this! Thank you, and I might just let you know how the other videos go for me.
@jeFF0Falltrades2 күн бұрын
@@christianlijs1346 Thank you so much!
@rusi6219Ай бұрын
guys...his name is jeff
@jeFF0FalltradesАй бұрын
👁️👄👁️
@citizen1791Ай бұрын
this is a really great video but near the end i thought you were going todo something like, an exe that if you launch it apply the patches to the game but don't make permanent changes to the original exe. i don't know if you already have a video on your channel but it would be great for modding
@jeFF0FalltradesАй бұрын
Yeah I think I get what you’re saying - we didn’t do that as much in this video/script, but if you check out my RollerCoaster Tycoon videos, those scripts do exactly that - take patches and apply them to a copy of the original EXE while leaving the original intact. This one just happened to be more focused on the DLL injection. Thanks for the feedback and for watching!
@bkfownu83djcj38djdАй бұрын
Awesome content mate. I love you.
@jeFF0FalltradesАй бұрын
Thank you so much! ❤️
@HapkinsPLАй бұрын
good job !!!
@jeFF0FalltradesАй бұрын
Thank you!🙏
@keyholderofpurgatoryАй бұрын
im gonna watch this without missing 1 second. You are really valuable person in this life, thanks for sharing this with us.
@jeFF0FalltradesАй бұрын
Take frequent breaks and drink water, haha. Thank you so much - that is such high praise.
@JWAMАй бұрын
...dude. :)
@jeFF0FalltradesАй бұрын
Bring it in 🤗
@alir8zana635Ай бұрын
great video as always your channel is the best for deep dives on cybersecurity Congragulations on the third kid
@jeFF0FalltradesАй бұрын
Thank you so much on all accounts! Hope you enjoyed
@7DuRd3nАй бұрын
amazing bro <3
@jeFF0FalltradesАй бұрын
Thank you 🙏
@jeFF0FalltradesАй бұрын
Thanks for being here! As always, I’ll post any updates or corrections to this pinned comment. Hope you enjoy! Update 12APR24: <24 hours after this is posted, improvements are already being made to the parser - thanks to some of your suggestions! I'll only be posting major updates to this comment, but check out the "Issues" tab of the GitHub repo in the description to see all of the changes made over time to the parser. Update 24APR24: One of the most significant updates to this parser was the ability to brute-force the config when the VerifyHash() function marker is not present - check out the changes here: github.com/jeFF0Falltrades/rat_king_parser/commit/339744aae63b48f019e3552e6e8e579b09e08382
@wilfridtaylorАй бұрын
Thanks for releasing these. Helping me skill up from Software Engineer to Reverse Engineer :).
@jeFF0FalltradesАй бұрын
@@wilfridtaylor I hope you find them helpful man! Good luck in your journey!
@mirabletestАй бұрын
is it common for client machines to have python installed?
@jeFF0FalltradesАй бұрын
Depends on the environment, but more often on analyst workstations than enterprise users.
@dots5641Ай бұрын
VBS or powershell would work better in general windows enterprise. since it comes with all windows, and can even utilize dotnet :)
@mirabletestАй бұрын
@@dots5641 was thinking either c++ or .net, python seems a stretch, but it always depends on target
@locastableАй бұрын
second
@leonardoduarte3416Ай бұрын
first
@jeFF0FalltradesАй бұрын
🥇
@jeFF0FalltradesАй бұрын
🥈
@mkausch1336Ай бұрын
Hey, I'm a fourth year comp sci student and just wanted to say that I loved the series and the videos were really helpful. We used ARMv8 so I wasn't a beginner by any means, but I thought that your explanations were great and fit in well with my current knowledge base. You also really broke down the use of the tool chain well which allowed me to experiment on my own with your crackme challenge. This actually was a great exercise because it allowed me to see where my knowledge gaps were when I was trying it on my own and in turn i could go back and reference the video. I must admit that ghidra has some quarks compared to watching others use IDA, but 5k for the pro version that comes with a decompiler is too much for educational exploration. Thank you so much for this.
@jeFF0FalltradesАй бұрын
Thanks so much for this incredible feedback! So glad to hear you enjoyed this one (I also really enjoyed making this one - it was a ton of fun), and I wish you all the best as a fellow CS grad. Hope some of the other videos here and future videos we do will also help along, and never hesitate to ask questions if you have them. Lastly: Very agreed on the IDA pricing and why I pretty much switched to being all in for Ghidra and (occasionally) IDA free :-)
@RandyFortier2 ай бұрын
Great video, and very interesting to see the process. One recommendation would be to change the names of the variables and functions in Ghidra as you go. It will make the program become more readable over time, as you discover what everything does.
@jeFF0Falltrades2 ай бұрын
Thank you Randy! Yeah, this being my first one of these videos, I failed there, likely due to overexcitement 😁 - this was one of the primary pieces of feedback I got for this one, and I took it to heart. Happy to say I’ve gotten better with subsequent videos. Thanks so much for watching and for the kind words!
@RandyFortier2 ай бұрын
@@jeFF0Falltrades It is pretty rare to find this content, so I was glad to find it. The quality is very good! I look forward to watching some of the other videos!
@jeFF0Falltrades2 ай бұрын
@@RandyFortier Thank you so much! And agreed; that’s really why I’ve kept with it. That and the incredible community that’s been built up around it :-)
@gabrielgoncalvesazevedo91142 ай бұрын
How did you add nullbytes in 45:46?
@jeFF0Falltrades2 ай бұрын
Same I did as the other bytes in that section! Just put 00 in for their values as opposed to any other value, and you have a null byte. If you have questions on how to modify the bytes in general or if I can explain better, let me know! EDIT: And to be clear, I added the extra null bytes to make the string size the same as it was before we modified it, to ensure the modification wouldn’t cause issues elsewhere.
@gabrielgoncalvesazevedo91142 ай бұрын
@@jeFF0Falltrades I dont think I understood, when I try to add 00 in the byte edit window, it becomes another value in the program...
@jeFF0Falltrades2 ай бұрын
@@gabrielgoncalvesazevedo9114 Hm, one thing to watch out for is what text encoding is being used - in the video, this is a Unicode string, so each character is 2 bytes - so in order to make a null char, both bytes need to be 0 (so 00 00 is one null char, in other words). Not sure if you are looking at the same program or a different one, but that is the first place I would check. If that isn’t it, let me know and we can chat more.
@gabrielgoncalvesazevedo91142 ай бұрын
@@jeFF0Falltrades Thanks, that actually helped me to understand! Im following along with same software.
@jeFF0Falltrades2 ай бұрын
@@gabrielgoncalvesazevedo9114 Excellent! If you have any other questions, feel free to let me know! Hope you enjoy!
@tiernanmorgan2 ай бұрын
can you reverse engineer a slot machine if you know how much its programmed to pay out and know the seed is constantly changing for time of day
@jeFF0Falltrades2 ай бұрын
You can RE just about anything! But it probably wouldn’t gain much in the way of winnings or anything but knowledge of how the machine works. Would be really fun to do - most modern ones work similarly and are pretty much just based in stats and probability.
@tiernanmorgan2 ай бұрын
@@jeFF0Falltrades i was thinking about the russian hacker dude who did it on older ish machines still prng. had his phone buzz before payouts after filming twenty or so spins. as well as this video kzbin.info/www/bejne/gKqsiIR_md2UhaMsi=9Apc9MAR9z_NgSL8 that machines have to leave the factory paying out exact amount and that the seed is constantly changing every second but somehow someone figured out when and programmed it into a phone. it just interested me if i could figure out when it hits postive payouts or a minigame but not further . im not smart enough to understand the prngs yet though.
@skullsNscalps2 ай бұрын
My knowledge didn't go beyond "Mitochondria is the power house of the cell."
@Muhammed_Shameer_Quraish_KM2 ай бұрын
yo man !! thank you <3
@jeFF0Falltrades2 ай бұрын
Thanks for being here!
@Lorendrawn2 ай бұрын
Show the intro to professor true brian
@DaliLlama4842 ай бұрын
Just earned yourself a sub! This was a great video! I’m a computer engineering student really interested in malware analysis and reverse engineering and this series is so helpful!!
@jeFF0Falltrades2 ай бұрын
Awesome! Thank you so much for the kind words and glad you enjoyed! I’ve got two more malware analysis videos that I’m working on now - just enjoying some parental leave before recording them - hope you enjoy and thank you so much for being here; and best of luck in your CE journey!
@williefleete2 ай бұрын
The ampersand may mark the next character to be underlined when text is printed
@jeFF0Falltrades2 ай бұрын
Yep - I marked it in the pinned comment as well, but as others have said - it actually designates which character in the string will be used for keyboard shortcuts/access keys (which are the same ones that are underlined)! Which made a ton of sense in retrospect. Thanks for watching!
@yolamontalvan95022 ай бұрын
University offers Reverse Engineering courses? Where is that? Which one? I’m interested.
@jeFF0Falltrades2 ай бұрын
In the case I’m talking about in the video, it was a course taught by an adjunct professor at the university I went to, but these days, I know of several university computer science departments who now offer reverse engineering courses (at least in the US) - a friend of mine has his own course lectures on the topic online for free at class.malware.re if you’re interested !
@yolamontalvan95022 ай бұрын
This is an amazing video full of important information. Thank you.
@jeFF0Falltrades2 ай бұрын
Thank you so much! I am so glad you enjoyed and I appreciate the kind words!
@0ri0nexe2 ай бұрын
I searched for sooooo long a beginner friendly introduction to RE, thanks u so much for the content that you share, because great tutorials as yours are so rare. Btw your voice awesome, really chill.
@jeFF0Falltrades2 ай бұрын
That is so good to hear and exactly why I started this channel! Thank you so much for being here and for the kind words - and I’m happy to hear that because I personally *can’t stand* my voice and don’t know how you all honestly listen to it for hours 🤪 Editing is horrible for me 😂 Thanks for being here! And happy to say some more RE content coming soon!
@benjcalderon2 ай бұрын
Alright, loved the satire! when you got to "I don't see anything else happening in 2024..." I was like, dude, is only March! and then... it was satire😂. This I think is also something I enjoy about your content, you have a particular humor that I appreciate! Looking forward to what's coming!
@jeFF0Falltrades2 ай бұрын
Hey! Good to see you again! And thank you hahaha - like I said, my daughter could not have had better timing to go with that line 😂 Thank you and thanks for being here as always ❤️
@erickuhn35003 ай бұрын
Well done! I enjoyed watching this video a lot.
@jeFF0Falltrades3 ай бұрын
Thank you so much and glad to hear! If you haven’t seen the spiritual successor to this one (the latest RCT vid on the channel), you’d likely enjoy that one as well - much stranger but more interesting 😂 Thanks so much for watching and glad you enjoyed!
@alraieducationandhealthwel55633 ай бұрын
I learned a huge deal from you. I appreciate your work. Congratulations on becoming three. I know we'll see less of you. 😅 Enjoy
@jeFF0Falltrades3 ай бұрын
Haha, maybe, maybe not - I always do my best work in the wee hours of the night/morning anyway (just watch the clocks in any of my videos 😂), so I hope it won’t impact too much. Thank you so much for the kind words and so glad you find value in the videos ❤️
@alraieducationandhealthwel55633 ай бұрын
@@jeFF0Falltrades I'm one of those who come here to learn and am horrified by the stampede of memes and copy videos. Such a bleak future we have where real knowledge and skills are being over taken by pleasure and momentary joy that we don't need whatsoever. Every father here knows what your coming year will be like, so we'll replay your gem videos but we will not stop waiting for more from you. 👍
@jeFF0Falltrades3 ай бұрын
@@alraieducationandhealthwel5563 Thank you - that’s so kind of you. And yeah…it can really be hit and miss with YT content and other “bootcamps”. I hope that trend changes as more passionate people break into the field.
@3g0st3 ай бұрын
You rock! As I see it, we should all manage our channels, and subscriber count, according to our own interpretations of audience. One person's 10k might be another's 100. No hard rule aside from what is essentially marketing folly. Congrats on the birth, Dad ✌️
@jeFF0Falltrades3 ай бұрын
Love that perspective - yeah, especially in (what I perceive to be) such a niche field of RE/malware/game modding, I’m gobsmacked by that number tbh. Thank you so much for the wise words and well wishes!
@jeFF0Falltrades3 ай бұрын
Okay, satire and bad acting aside: Obviously, I am overjoyed at this milestone and love you all, but nothing that happens this year will come close to welcoming our new daughter (who may as well have been a paid actor here - I was just going to pan down, but that crying had amazing comedic timing 😂). Thanks to all of you, truly, for the support! I have 1 new video and 1 new master0Fnone class in the hopper, but for now, I’m going to enjoy my parental leave with this little one ❤️
@GranaroloLattedellaGranola3 ай бұрын
Your eyes are so majestic ❤
@jeFF0Falltrades3 ай бұрын
Hahaha thank you much 😂
@johnfoltz81833 ай бұрын
Your park has been awarded with the safest park award
@jeFF0Falltrades3 ай бұрын
And any allegations that we paid for said award are patently false…👀
@luk3z8613 ай бұрын
RE old good games from DOS/Win32 always be nice to see.
@jeFF0Falltrades3 ай бұрын
I still have a few in the basement for the pickings 😄 Thanks for the suggestion and for watching!
@luk3z8613 ай бұрын
@@jeFF0Falltrades I really appreciate your work. Thanks for vids.
@jw2003 ай бұрын
Thanks for video but the XP solitaire sourcecode is in the leaked XP sources available from internet. Im not promoting it but just telling the fact
@clovis-25573 ай бұрын
Really impressive! Thanks for this HUGE info. I'm/was looking for info to reverse engineer an old Fortran program of 140kb. Those programs might help a lot.
@jeFF0Falltrades3 ай бұрын
That’s awesome! Would love to hear you how make out with that Fortran program - that sounds like fun
@mariusz72383 ай бұрын
Hey, how do you do that the x32dbg when dragged sol.exe on it opens the actual game window, on my side nothing happens. The process itself (the solitaire game) exists within x32dbg's process but there is no window for it.
@jeFF0Falltrades3 ай бұрын
Hey! Make sure that your debugger is not stopping on a breakpoint (check the bottom-left corner of the debugger which will say “Paused”). If it is Paused, hit the “Run” button or press F9 to get the program to proceed; That should pop up the game window and let the program proceed, assuming there are no other breakpoints or exceptions taking place (the debugger will let you know in the bottom-left and bottom pane if there are any breakpoints or exceptions). Hope this helps, and if not, let me know so we can troubleshoot further
@mariusz72383 ай бұрын
@@jeFF0Falltrades Thanks, it worked. But still pretty weird that i got some entry breakpoint and 1 exception.
@user-zo1kn8ob7h3 ай бұрын
i didn't know that this was what i wanted. entertaining. goodish pace (i don't know what i would want different). thanks. very much NOW MOAR DO IT NAO
@jeFF0Falltrades3 ай бұрын
Hahaha so glad you enjoyed! More to come, but probably not right now, right now - got 2 videos in the works soon though… 👀 Thanks for watching!