Teddy Rogers Posted May 19, 2011 Share Posted May 19, 2011 ESET Malware ResearcherThe program eset_reversing_challenge_1.exe was designed to test your skills in reverse engineering. The task is aimed at candidates for the position "Malware Researcher". Adequate programming knowledge and reverse engineering (code disassembling) skills are necessary for a successful completion of the task.Your goal is to perform an analysis of the code of this executable. The analysis of the code should produce information about the payload of the program, conditions necessary for the execution of certain actions, etc. Don’t get discouraged, put off, nor fooled! The program code can contain hidden files and text strings, conditional tasks, anti-debugging techniques and so on. If you don’t manage to overcome all obstacles, don’t despair, but send in your partial solution. Don’t forget that it’s also necessary to describe the procedure of your analysis, as your way of thinking can tell us more about your abilities than the results themselves. Send your results, analyses or comments to: analyst@eset.skGood luck with your investigation! :-)/>http://joineset.com/w4-download/The_letter_to_applicant.pdf/>http://joineset.com/researcher.htmlTed.eset_reversing_challenge_1.zipThe_letter_to_applicant.pdf 2 Link to comment Share on other sites More sharing options...
kao Posted May 19, 2011 Share Posted May 19, 2011 By the way, the task for ESET Engine Developer is equally cool: http://joineset.com/engine_developer_task.html Have fun! Link to comment Share on other sites More sharing options...
-Alex- Posted May 19, 2011 Share Posted May 19, 2011 (edited) *removed* Edited January 8, 2014 by -Alex- Link to comment Share on other sites More sharing options...
deepzero Posted May 20, 2011 Share Posted May 20, 2011 solving this using patching is easy, but i honestly dont see a way to do ti without. anyways, got the link for challenge #2. Thanks for the post, Teddy! Link to comment Share on other sites More sharing options...
Apuromafo Posted May 20, 2011 Share Posted May 20, 2011 http://joineset.com/statut.html9. Contest duration The contest starts May 9th, 2011 at 12:00 O’clock AM CET and ends August 31st, 2011 at 23:59 O’clock PM, CET. ohhnice teddy ^^greetings Apuromafo Link to comment Share on other sites More sharing options...
deepzero Posted May 20, 2011 Share Posted May 20, 2011 did anyone else work on this?#2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible? Link to comment Share on other sites More sharing options...
Killboy Posted May 20, 2011 Share Posted May 20, 2011 did anyone else work on this? #2.1 is not gennable, imo....does anyone know weather patching is allowed/genning is possible? The application's executable cannot be modified. The application's memory cannot be modified. Haven't looked at it yet but it sounds intriguing Link to comment Share on other sites More sharing options...
chickenbutt Posted May 21, 2011 Share Posted May 21, 2011 (edited) lots of custom+crypted crypto routines, fake symbol table and imports, section with encrypted custom-routine key, EP trick. It's mostly encryption and allocation stuff, probable some dropper with a hidden message somewhere. No VM or emulation outside IT stuff though. I think they map another PE underneath crypto. It's pretty much a patched up Delphi dropper or loader.I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching. Edited May 21, 2011 by chickenbutt Link to comment Share on other sites More sharing options...
quosego Posted May 22, 2011 Share Posted May 22, 2011 (edited) I didn't look further, If you don't have at least one masters it's probably not worth the time if you're doing it for a career. If they wanted talent it'd have some encrypted VM or heavy packed driver obfusc and patching.hmmm if only the corporate world was looking for talent. I doubt many people with a masters degree are checking this out. Edited May 22, 2011 by quosego Link to comment Share on other sites More sharing options...
boni11 Posted July 17, 2011 Share Posted July 17, 2011 hey guys, anyone solved second password(stage 2)? Is there any way to reverse the algorithm? Because brutefoce isnt effectiv in that case. Link to comment Share on other sites More sharing options...
izlesa Posted July 22, 2011 Share Posted July 22, 2011 2boni11You must solve matrix equation =) There are some pitfalls, but it is easy.2chickenbutt in first stage only simple string obfuscation and antidebugging tricks, nothing hard. In last stage there are simple vm in driver (not obfuscated, but one trick used =)) look deeply).It`s not so hard if you have some exp in re. Unfortunately i think, i had very bad english to join to company =/ In my country very small job market for reverse engineers =( Link to comment Share on other sites More sharing options...
dn5 Posted August 9, 2011 Share Posted August 9, 2011 I'll take a look today, it looks interested. Matrix is something very easy, as long as you know basic multiplication of matrices you can do it. Link to comment Share on other sites More sharing options...
samonek4 Posted August 10, 2013 Share Posted August 10, 2013 Hi, New task for programmers and new crackme 2013:http://joineset.com/ Link to comment Share on other sites More sharing options...
Teddy Rogers Posted January 4, 2014 Author Share Posted January 4, 2014 For those interested here is a solution to the 2013 challenge... http://quequero.org/2014/01/eset-challengeme-2013-solution/ Ted. 3 Link to comment Share on other sites More sharing options...
Holy Posted January 7, 2014 Share Posted January 7, 2014 (edited) *removed* Edited August 9, 2015 by Holy Link to comment Share on other sites More sharing options...
samonek4 Posted January 8, 2014 Share Posted January 8, 2014 @Holy "After some time thinking I decided to open .zip file in hex viewer and realized that it wasn’t a .zip file but an .exe !." ... I tried to create a PE of these four files: UPX1, UPX0, CERTIFICATE ...I never had the idea that this ZIP is EXE. Link to comment Share on other sites More sharing options...
master131 Posted January 8, 2014 Share Posted January 8, 2014 I remember attempting the CrackMe a long while ago back in July. Unfortunately, I got stuck at the "Nope you didn't" message on the second stage. Haven't attempted it again since then. The .NET part looks the most fun though, since that is what I specialise in. Link to comment Share on other sites More sharing options...
cypher Posted January 8, 2014 Share Posted January 8, 2014 really looking forward to crackme2014. liked this one. getting the correct password for the DLL took me the longest time. rest was kinda straightforward. however it was much fun. Link to comment Share on other sites More sharing options...
jvoisin Posted February 13, 2014 Share Posted February 13, 2014 And here is my writeup. Link to comment Share on other sites More sharing options...
chickenbutt Posted February 14, 2014 Share Posted February 14, 2014 (edited) hmmm if only the corporate world was looking for talent.I doubt many people with a masters degree are checking this out. I'm sure they want at least a bachelors and some paid experience like the rest.. But yeah, as long as there are dumb infrastructure descisions there are choice vulnerabilities and weak DRM.. Some guy who read the PE/COF doc and can pass a 'what kind of beer do you like?' HR interview, but sucks at basic mathematics and basic research, is always going to be lead dev at these 'ultimate protection' companies.. Even the concept of subscription based signature engines shows a good bit of illiteracy in game theory, economics, and basic software engineering, and how many times have DRM engines been defeated because someone doesn't know basic number systems and flake crypto implementations? Regarding Actual working DRM for virtual binary formats: VM is the end game in pure software DRM. I don't see why anyone is messing with simple anti-debug anymore. Use stmettric key entry to make virtual chain of trust for all VM unwrapping and allocation, and watch everyone fail to defeat your protection.. Just don't do the crypto wrong like everyone else has for some reason.. The only way to defeat this is side channel and unlikely brute force on [VM HANDLER COUNT] keys.. Edited February 14, 2014 by chickenbutt Link to comment Share on other sites More sharing options...
Indy Posted February 14, 2014 Share Posted February 14, 2014 http://www.woodmann.com/forum/showthread.php?15274-New-FUN-REversign-challenge-ESET-2013&highlight=anubis Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now