Teddy Rogers Posted May 19, 2011 Posted May 19, 2011 ESET Malware ResearcherThe program eset_reversing_challenge_1.exe was designed to test your skills in reverse engineering. The task is aimed at candidates for the position "Malware Researcher". Adequate programming knowledge and reverse engineering (code disassembling) skills are necessary for a successful completion of the task.Your goal is to perform an analysis of the code of this executable. The analysis of the code should produce information about the payload of the program, conditions necessary for the execution of certain actions, etc. Don’t get discouraged, put off, nor fooled! The program code can contain hidden files and text strings, conditional tasks, anti-debugging techniques and so on. If you don’t manage to overcome all obstacles, don’t despair, but send in your partial solution. Don’t forget that it’s also necessary to describe the procedure of your analysis, as your way of thinking can tell us more about your abilities than the results themselves. Send your results, analyses or comments to: analyst@eset.skGood luck with your investigation! :-)/>http://joineset.com/w4-download/The_letter_to_applicant.pdf/>http://joineset.com/researcher.htmlTed.eset_reversing_challenge_1.zipThe_letter_to_applicant.pdf 2
kao Posted May 19, 2011 Posted May 19, 2011 By the way, the task for ESET Engine Developer is equally cool: http://joineset.com/engine_developer_task.html Have fun!
deepzero Posted May 20, 2011 Posted May 20, 2011 solving this using patching is easy, but i honestly dont see a way to do ti without. anyways, got the link for challenge #2. Thanks for the post, Teddy!
Apuromafo Posted May 20, 2011 Posted May 20, 2011 http://joineset.com/statut.html9. Contest duration The contest starts May 9th, 2011 at 12:00 O’clock AM CET and ends August 31st, 2011 at 23:59 O’clock PM, CET. ohhnice teddy ^^greetings Apuromafo
deepzero Posted May 20, 2011 Posted May 20, 2011 did anyone else work on this?#2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible?
Killboy Posted May 20, 2011 Posted May 20, 2011 did anyone else work on this? #2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible? The application's executable cannot be modified. The application's memory cannot be modified. Haven't looked at it yet but it sounds intriguing
chickenbutt Posted May 21, 2011 Posted May 21, 2011 (edited) lots of custom+crypted crypto routines, fake symbol table and imports, section with encrypted custom-routine key, EP trick. It's mostly encryption and allocation stuff, probable some dropper with a hidden message somewhere. No VM or emulation outside IT stuff though. I think they map another PE underneath crypto. It's pretty much a patched up Delphi dropper or loader.I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching. Edited May 21, 2011 by chickenbutt
quosego Posted May 22, 2011 Posted May 22, 2011 (edited) I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching.hmmm if only the corporate world was looking for talent. I doubt many people with a masters degree are checking this out. Edited May 22, 2011 by quosego
boni11 Posted July 17, 2011 Posted July 17, 2011 hey guys, anyone solved second password(stage 2)? Is there any way to reverse the algorithm? Because brutefoce isnt effectiv in that case.
izlesa Posted July 22, 2011 Posted July 22, 2011 2boni11You must solve matrix equation =) There are some pitfalls, but it is easy.2chickenbutt in first stage only simple string obfuscation and antidebugging tricks, nothing hard. In last stage there are simple vm in driver (not obfuscated, but one trick used =)) look deeply).It`s not so hard if you have some exp in re. Unfortunately i think, i had very bad english to join to company =/ In my country very small job market for reverse engineers =(
dn5 Posted August 9, 2011 Posted August 9, 2011 I'll take a look today, it looks interested. Matrix is something very easy, as long as you know basic multiplication of matrices you can do it.
samonek4 Posted August 10, 2013 Posted August 10, 2013 Hi, New task for programmers and new crackme 2013:http://joineset.com/
Teddy Rogers Posted January 4, 2014 Author Posted January 4, 2014 For those interested here is a solution to the 2013 challenge... http://quequero.org/2014/01/eset-challengeme-2013-solution/ Ted. 3
samonek4 Posted January 8, 2014 Posted January 8, 2014 @Holy "After some time thinking I decided to open .zip file in hex viewer and realized that it wasn’t a .zip file but an .exe !." ... I tried to create a PE of these four files: UPX1, UPX0, CERTIFICATE ...I never had the idea that this ZIP is EXE.
master131 Posted January 8, 2014 Posted January 8, 2014 I remember attempting the CrackMe a long while ago back in July. Unfortunately, I got stuck at the "Nope you didn't" message on the second stage. Haven't attempted it again since then. The .NET part looks the most fun though, since that is what I specialise in.
cypher Posted January 8, 2014 Posted January 8, 2014 really looking forward to crackme2014. liked this one. getting the correct password for the DLL took me the longest time. rest was kinda straightforward. however it was much fun.
chickenbutt Posted February 14, 2014 Posted February 14, 2014 (edited) hmmm if only the corporate world was looking for talent.I doubt many people with a masters degree are checking this out. I'm sure they want at least a bachelors and some paid experience like the rest.. But yeah, as long as there are dumb infrastructure descisions there are choice vulnerabilities and weak DRM.. Some guy who read the PE/COF doc and can pass a 'what kind of beer do you like?' HR interview, but sucks at basic mathematics and basic research, is always going to be lead dev at these 'ultimate protection' companies.. Even the concept of subscription based signature engines shows a good bit of illiteracy in game theory, economics, and basic software engineering, and how many times have DRM engines been defeated because someone doesn't know basic number systems and flake crypto implementations? Regarding Actual working DRM for virtual binary formats: VM is the end game in pure software DRM. I don't see why anyone is messing with simple anti-debug anymore. Use stmettric key entry to make virtual chain of trust for all VM unwrapping and allocation, and watch everyone fail to defeat your protection.. Just don't do the crypto wrong like everyone else has for some reason.. The only way to defeat this is side channel and unlikely brute force on [VM HANDLER COUNT] keys.. Edited February 14, 2014 by chickenbutt
Indy Posted February 14, 2014 Posted February 14, 2014 http://www.woodmann.com/forum/showthread.php?15274-New-FUN-REversign-challenge-ESET-2013&highlight=anubis
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now