jksoom Posted June 19, 2010 Posted June 19, 2010 I need help. I need some obfuscator algorithm finder.I have a lot of obfuscated codes, and decoded codes.Is there any program which can lear how to do this? For example I enter him 10 obfuscated codes, and right decoded codes which he should get, and then he finds valid connection between them.For example:obfuscated: 522E 6A53 A29E 3577 3533 4A91decoded: 50E5 562E 3870 334A 91I also have one working converter made by some guy, but I don't know how to read the algo from it. If someone can help, please call me on private message and i will send you the exe.
ghandi Posted June 19, 2010 Posted June 19, 2010 I'm not sure what you are after, because from your post i thought you mean something for removing obfuscation from x86 code (silly me, making assumptions, that was my fault) but pasting your bytes into Olly i get:'Obfuscated'PUSH EDXPUSH 053hMOV BYTE PTR [03577359Eh],ALXOR ECX,DWORD PTR [EDX-06Fh]'Decoded'PUSH EAXIN EAX,056hCMP BYTE PTR CS:[EAX+033h],DHDEC EDXXCHG EAX,ECXNeither code fragments make much sense, which is where i get confused. If you are talking about de-obfuscation then you can write a script to remove junk code, using signatures and even wildcards. But be careful that your script doesn't replace good code with NOPs also, because it could render it useless.There is a plugin for OllyDbg called CodeDoctor, you can find it in this thread:/>http://forum.tuts4you.com/index.php?showtopic=21638The thread explains its use and functionality, SunBeam has also been testing it pretty thoroughly lately and he's posted his findings here:/>http://forum.tuts4you.com/index.php?showtopic=23223I also have one working converter made by some guy, but I don't know how to read the algo from it. Does this mean you have a binary file which achieves what you want, yet you can't reverse it to understand how it achieves it OR that you have the source for something which (possibly) achieves what you want but you don't understand the code enough to change/fix it so that it will do what you need? Can you give a bit more detail about your problem in general please?HR,Ghandi 1
jksoom Posted June 20, 2010 Author Posted June 20, 2010 Ghandi, i've sent you private message.Did you get it?
ghandi Posted June 21, 2010 Posted June 21, 2010 I did get your message but only just now had a chance to reply. What you are asking about is a keygenerator which takes an input, generates/extracts the required information and if the resulting checksum matches the chosen application then it will confirm that it is a valid code.Personally, i don't have any experience with VM Protect and the algorithm for this application has been 'virtualized' so you need to remove the VM or at least reverse it enough to understand what is happening in there. There are many posts regarding VMP on this forum, as well as some scripts which may help you get started.There are also a few members of this forum who are quite experienced with VMP, if you actually give it a bit of a go yourself and then post where you are having trouble with unpacking the VMP on this target, you will likely find that you will get assistance.HR,Ghandi
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now