Hex Workshop [TuT]

This is a discussion on Hex Workshop [TuT] within the Operating Systems board part of the Software/Hardware and Mobile Phones category; Here i am going to show you how to hex edit a file to avoid it being 'tagged' by AV ...

Results 1 to 7 of 7
  1. #1
    MEGAROFL's Avatar
    MEGAROFL is offline Mentor
    Array
    Join Date
    Jun 2009
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    25

    Hex Workshop [TuT]

    Here i am going to show you how to hex edit a file to avoid it being 'tagged' by AV (AntiVirus)



    Things you will need:
    *Hex Workshopv5 (included in attatchment) or your favorite hex tool

    *Av Splitter(included in attatchment)
    *and a brain

    FINDING THE DETECTION

    Ok first get a crypter with a stub u want to UD and right click on the stub and click on Hex with hex workshop...
    (See Pic 1)

    Then u Come up with this:
    (See Pic 2)


    Then find just under the dos part (at the top) start from line 192-ish, highlight two lines of code.
    (See Pic 3)

    Then after right click and press fill,and fill them with 00s and press ok.
    (See Pic 4)
    (See Pic 5)

    Then go file save as and save it as 1024-1040.exe then go to no virus thanks.org and scan it after you have scanned 1024-1040.exe if no virus say the detection has gone then you know the AV has tagged somewhere in the 2 lines, now load up the stub in hex editor and just fill in the top line, scan that then if it comes back clean then the detection is in the top line, if it comes back as infected then it is in the bottom. then you fill in half of the line until you are left with a single value:



    Example:
    Dted letter is E8
    Change it to D8 or D7 and if that get broken when its opened try agian by finding other lines that are dted then do same stuff find dted lines save and test...
    (See Pic 6)

    THE SPLITTING PART
    ok here u need all avs setup if ur stub is dted by all avs.
    U can do this instead of hexing but this takes many time but its success if u cant find the dted line from Hexing.

    Ok lets begin

    U need Av splitter as i mentioned.

    ok first get the stub ur splitting and put it in the same folder as the splitter like this:
    (7)

    Then open av splitter browse the stub ur spliiting by pressing the "..."then press process and the splitter will start splitting...wait for it to stop than...
    (See Pic )

    When it stopped u end up with a folder Called "temp"when u open it there will be many stub files like shown in the pic:
    (See Pic 9)

    Then all u have to do is to get ur installed av and scan the whole Temp folder it will take time like even 2Hrs to scan and the av will start deleting the dted files....then after its finished u end up agian with like 30 files all u have to do is to test the stub with posion ivy server and see if u connect ur self with the clinet and than scan it and see that u just UDed the stub from ur av and if u want to FUD the stub u have to do the same method all over agian with all other avs

    As i say it takes time but works 100%

    Sorry for the pics but i couldnt make them here because they couldnt fit

    Pls If It Helps + Rep me
    Attached Files

  2. #2
    kwoxer's Avatar
    kwoxer is offline Advanced Hacker
    Array
    Join Date
    Jul 2007
    Posts
    337
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    13
    Reputation
    110
    lol set pics in your text plz...

  3. #3
    MEGAROFL's Avatar
    MEGAROFL is offline Mentor
    Array
    Join Date
    Jun 2009
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    25
    there is a folder.. and dl it... :S
    Last edited by MEGAROFL; 07-25-2009 at 09:40 AM.

  4. #4
    Sifex's Avatar
    Sifex is offline SyN
    Array
    Join Date
    Jan 2008
    Location
    1337V1LL3
    Posts
    805
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    15
    Reputation
    682
    eh what?

  5. #5
    Jolinar's Avatar
    Jolinar is offline rapid response team #1


    Array
    Join Date
    May 2008
    Location
    unicorn island
    Posts
    3,211
    Mentioned
    10 Post(s)
    Tagged
    1 Thread(s)
    Rep Power
    25
    Reputation
    2516
    Ordner is german for folder.
    "bro you’re 30+ acting like an edgy beta I’ll beat your dumb ass any day of the week drop your fb and quit typing like I’m some Muslim teenager you tend to flex on. You’re harmless."


  6. #6
    MEGAROFL's Avatar
    MEGAROFL is offline Mentor
    Array
    Join Date
    Jun 2009
    Posts
    108
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    25
    ROFL sry omg^^ forgot it .

  7. #7
    Blarg's Avatar
    Blarg is offline Budha
    Array
    Join Date
    Jun 2007
    Location
    Jamaica NY
    Posts
    1,503
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    13
    Reputation
    155
    You should really give credit to the original author.

    Made by me ^

Similar Threads

  1. [Tut] Subtitle Workshop *Basics*
    By Reinn in forum Development
    Replies: 4
    Last Post: 04-01-2009, 02:00 PM
  2. Subtitle workshop version 2.51
    By Reinn in forum Operating Systems
    Replies: 0
    Last Post: 03-31-2009, 05:47 PM
  3. Elemental Workshop II
    By Dokken in forum Runescape
    Replies: 0
    Last Post: 05-03-2007, 01:30 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •