retool v1.07 availible. listen it's tooltime ;D

signature database extended up to 165 different packer/crypter. FlexLM, SVKP,XtremeProtector,tElock, etc,

improved infoPExtractor plugin out...

First time SeQUencEE plugin by vaterduncan is availible. IT THE BEST SEQUENCE Extractor ever released, check it immediatly.

report bugs to us,

regards,

OHPen

PS: hxxp://retool.6x.to

I have tried to use SeQUencEE plugin to compare two different size files. However, when it is finished, I can't save the result? Is it general or just special case on my computer?

whyIII, I am able to save the result.

In my case, when the comparison is finished, I click the "save result" button, and the save window is out. I can also type the file name . Then after long time waiting, the save window disppear. However, the result file can't be found on the given location. So what's happen. By the way, the size of the file compared is about 400kb.

Any hints?

Hi,

sorry for my late answer. 'Cause my less amount of time blabla....

It doesn't matter how big the files are you try to compare(okay it doesn't matter if you have enough time ). It's is actually just limited by the size the a byte[] java is able to handle.
I don't know what the problem is in your case...
First time i heard that, so
please send me your SystemConfiguration(OS, JVM, etc).
and the error.log in /log - dir

BTW you can use retool board to post problems concerning retool.

retool.cjb.net

In the next release there are some fixes in sequencee-plugin and the peviewer
is fiinally finished i hope. Maybe in v1.075 first appearance of native code will happen

Hope you will enjoy next verision a bit more,

regards OHPen

BTW:

LITTLE QUESTIONGAME...

HAVE SOMEONE NOTICED THE DIFFERNCE BETWEEN trID AND SEQUENCEE-PLUGIN ?
I HOPE SO ;D
cya

ur retool need rebuild
can,t run on win98se.

nice website & app design..

a few questions though, does it do anything beyond being a PE-signature scanner (there are already a ton of them on the web)

Also, is it normal that it took around 20-25 secs at 100% cpu to scan a 3 mb file?

My last comment, and that's not just related to this app.. why do people coding tools _for reversers_ use pe-packers on their tools.. do they think it's not going to get unpacked if someone really wants to?

can't run it as well on Win98 SE i got an strange message like the file is corrupt or something else

@ seven & cRK

thx for you bugreport i will solve this till next release...
i can't imagin' that it's an OS depending problem, but more people have
emailed me problems on 98se. I will install win98se on my second pc this weekend to get this prob in order to solve it.

@ doug

your post indicated to me that you haven't take any look at the source code of retool 'cause all your questions are answered in here.

1. YES THERE IS SOMETHING BEHIND ( if you want to know exactly: im organising my search in the file with BM-Alogrithm, free availible on the net, it's a modfied version im using (thx vaterduncan) so there is not faster way to scan through a HOLE file... really. But my kind of search isn't the best yet. There are many optimzations to do, such as are done in snaker PeID v.091 (in my eyes the best tool atm...). But i don't want to copy his work, i want get it run in my own way, in order to create some a day a tool which can compete with snakers.
This will take his time. But time is all have...
ATM i workin on different ways for unique identifing byte sequence. But the effects of this improvement will not be visible in the next v1.075. First you can use this new technique in v1.08 final.

If retool is to slow for your purposes i recommend to use another tool or code one by your self...
But you can make sure that im not qloryfin' PeID or other tools. There are features in retool other tools can't provide atm, and that's why im proude of...

"Also, is it normal that it took around 20-25 secs at 100% cpu to scan a 3 mb file?" by doug

YES it's normal if you take a look at retool. ATM the hole byte is searched for each signature in the signature database ( atm about 160 different/packer crypters). So if you can code some faster tool using the SAME method to do this i very interested in your source code...

Anyway thx you all for testing retool and providing me with some good comments,

regards,

OHPen

Hi OHPen,

if you want to enchance your signature search, you can use XML, or a mix with the way IDA uses for thier FLIRT engine algorithm.

@bengaly

i don't know what you mean exactly, im already reading my signatures from xml files
I saw this first time in trID and i find it's a very good idea...
Maybe you haven't taken a look at the source or have you discovered another of using xml for my signature search ?

regards,

OHPen

Does anyone know where to get retool source/binary these days? The official sites - retool.cjb.net and retool.6x.to - do not seem to work anymore. Google does not help.

Edit: found it.