Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Hello again, try to unpack this one, ep + payload virtualization

  • 2 weeks later...

Hello ElCrabe,

1. Good work! :)

2. I can rebuild the full OEP routine and get the target run

3. I can not rebuild the VMed Opcodes!Just some calls.

4. Looks very hard your new UnpackMe so I see no light to come forward to rebuild the VM code for the calc routine.

5. You are using a lot memory. :)

All in all its not easy for me or I am too blind or something. :) Maybe you can give us some advice where to have a deeper look to get/see some more about the used commands.

greetz

Same here too...i think the only possible way to solve it is to execute the part of stub that creates the vm near oep. Dump all is kindly impossible imho. Interesting one.

Hehe you're not telling me this is harder than Themida right. ;)

Anyways since you guys are already giving up this might be very interesting.

EDIT:

I like the hints, (virtual stack exceed etc. ;) )

Edited by quosego

of course it is not harder than themida. For example it does not have any it protectoin. Anyway to dump whole parts of needed vm could be hard...test by yourself :D

  • Author

@LCF-AT

1. Thx =)

2. Gonna add some critical code to the virtualized ep code (if ep virtualization option is enabled) soon

5. Yep, as u already know vmed code length is too big, rewrite&reduce needed. Almost all other vm params r user configurable

Advice #0:

Trash opcode handlers have no calls inside.

@quosego

A lot of debug info inside :lol:

EDIT:

Do u need more advices now ?

Edited by ElCrabe

  • 3 weeks later...
  • Author

Okay, if things r like they were 20 days ago im gonna publish protector demo, should i publish it in this topic or create new one (where?). Thx.

i think you should create a new thread in the packers/protectors area

and a tut would be cool ,)

also some source code wouldnt be bad;)

  • 3 weeks later...

is there any obfuscation in VM handlers ? poly protection or some thing like this ?

Jump handler seems to be obfuscated with morphine , am i right ?

  • Author

Gladiator

1) A bit obfuscated

2) No u r not =)

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.