Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

ESET Malware Researcher...

Teddy Rogers
Teddy Rogers
in Employment and Careers

Featured Replies

Posted

ESET Malware Researcher

The program eset_reversing_challenge_1.exe was designed to test your skills in reverse engineering. The task is aimed at candidates for the position "Malware Researcher". Adequate programming knowledge and reverse engineering (code disassembling) skills are necessary for a successful completion of the task.

Your goal is to perform an analysis of the code of this executable. The analysis of the code should produce information about the payload of the program, conditions necessary for the execution of certain actions, etc.

Don’t get discouraged, put off, nor fooled! The program code can contain hidden files and text strings, conditional tasks, anti-debugging techniques and so on. If you don’t manage to overcome all obstacles, don’t despair, but send in your partial solution. Don’t forget that it’s also necessary to describe the procedure of your analysis, as your way of thinking can tell us more about your abilities than the results themselves. Send your results, analyses or comments to: analyst@eset.sk

Good luck with your investigation! :-)


/>http://joineset.com/w4-download/The_letter_to_applicant.pdf
/>http://joineset.com/researcher.html

Ted.

eset_reversing_challenge_1.zip

The_letter_to_applicant.pdf

    •
    • Like 2

    *removed*


    Edited by -Alex-

    solving this using patching is easy, but i honestly dont see a way to do ti without. :dunno:

    anyways, got the link for challenge #2. :)

    Thanks for the post, Teddy!

    http://joineset.com/statut.html

    9. Contest duration

    The contest starts May 9th, 2011 at 12:00 O’clock AM CET and ends August 31st, 2011 at 23:59 O’clock PM, CET.

    ohh

    nice teddy ^^

    greetings Apuromafo

    did anyone else work on this?

    #2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible?

    did anyone else work on this?

    #2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible?

    The application's executable cannot be modified.

    The application's memory cannot be modified.

    Haven't looked at it yet but it sounds intriguing :sweat:

    lots of custom+crypted crypto routines, fake symbol table and imports, section with encrypted custom-routine key, EP trick. It's mostly encryption and allocation stuff, probable some dropper with a hidden message somewhere. No VM or emulation outside IT stuff though. I think they map another PE underneath crypto. It's pretty much a patched up Delphi dropper or loader.

    I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching.

    Edited by chickenbutt

    I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching.

    hmmm if only the corporate world was looking for talent.

    I doubt many people with a masters degree are checking this out.

    Edited by quosego

    • 1 month later...

    hey guys, anyone solved second password(stage 2)? Is there any way to reverse the algorithm? Because brutefoce isnt effectiv in that case.

    2boni11

    You must solve matrix equation =) There are some pitfalls, but it is easy.

    2chickenbutt

    in first stage only simple string obfuscation and antidebugging tricks, nothing hard. In last stage there are simple vm in driver (not obfuscated, but one trick used =)) look deeply).

    It`s not so hard if you have some exp in re. Unfortunately i think, i had very bad english to join to company =/ In my country very small job market for reverse engineers =(

    • 3 weeks later...

    I'll take a look today, it looks interested. Matrix is something very easy, as long as you know basic multiplication of matrices you can do it.

    • 2 years later...

    Hi,


     


    New task for programmers and new crackme 2013:


    http://joineset.com/


    • 4 months later...

    *removed*


    Edited by Holy

    @Holy

    "After some time thinking I decided to open .zip file in hex viewer and realized that it wasn’t a .zip file but an .exe :D!."

    ...

     

    I tried to create a PE of these four files: UPX1, UPX0, CERTIFICATE ...
    I never had the idea that this ZIP is EXE.

    I remember attempting the CrackMe a long while ago back in July. Unfortunately, I got stuck at the "Nope you didn't" message on the second stage. Haven't attempted it again since then. The .NET part looks the most fun though, since that is what I specialise in.


    really looking forward to crackme2014. liked this one. getting the correct password for the DLL took me the longest time. rest was kinda straightforward. however it was much fun.


    • 1 month later...

    And here is my writeup.


    hmmm if only the corporate world was looking for talent.

    I doubt many people with a masters degree are checking this out.

     

    I'm sure they want at least a bachelors and some paid experience like the rest.. But yeah, as long as there are dumb infrastructure descisions there are choice vulnerabilities and weak DRM.. Some guy who read the PE/COF doc and can pass a 'what kind of beer do you like?' HR interview, but sucks at basic mathematics and basic research, is always going to be lead dev at these 'ultimate protection' companies.. Even the concept of subscription based signature engines shows a good bit of illiteracy in game theory, economics, and basic software engineering, and how many times have DRM engines been defeated because someone doesn't know basic number systems and flake crypto implementations?

     

     

    Regarding Actual working DRM for virtual binary formats: VM is the end game in pure software DRM. I don't see why anyone is messing with simple anti-debug anymore. Use stmettric key entry to make virtual chain of trust for all VM unwrapping and allocation, and watch everyone fail to defeat your protection.. Just don't do the crypto wrong like everyone else has for some reason.. The only way to defeat this is side channel and unlikely brute force on [VM HANDLER COUNT] keys..

    Edited by chickenbutt

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.