li0nsar3c00l Posted June 14, 2015 Posted June 14, 2015 (edited) hey guys, as some of you may already know, I've been working on an obfuscator for quite a long time. https://www.disguiser.net/ There is still a lot of stuff to improve, but I' like to know, how long it takes an experienced reverser to code a Keygen for this. All features are present in normal mode, so I still have something harder in case this is too easy for you guys I'd rate it 6/10, let me know what you think PS. it might not be the best nor innovative, but its mine! if you find my hidden messages, you will get something from me (yeah, plural! and PM me for your small gift, once you found them) greetz li0nsar3c00l [RTN] KeygenMe.rar Edited October 24, 2015 by li0nsar3c00l
noob.exe Posted June 14, 2015 Posted June 14, 2015 The hidden message is in the DisguiserRawHeap.Its just encrypted and I don't know the key for decryption.
XenocodeRCE Posted June 14, 2015 Posted June 14, 2015 Where I am so far : Unpack the file. start ollyrun the file, twice, and wait for process terminated messagego to Memory mapsearch for "mscorlib" and then search next until you ave the MZ header Some resource have a cool name so I made a joke ofc I've made a Malwr static scan to have a dump of every string https://malwr.com/analysis/ZTNjODc0NDRmZDk3NDQ4MWE3MWFmOGY5MThhZTVlYWY/
atom0s Posted June 14, 2015 Posted June 14, 2015 You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).
XenocodeRCE Posted June 15, 2015 Posted June 15, 2015 You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param). Yes. but the dumped file need to be fixed manually...
li0nsar3c00l Posted June 15, 2015 Author Posted June 15, 2015 The packer is just for compression, nothing too special
kao Posted June 22, 2015 Posted June 22, 2015 Unpacked file, keygen and relevant source attached. Very nice challenge! I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. unpacked+keygen+src.zip 6
XenocodeRCE Posted June 22, 2015 Posted June 22, 2015 Unpacked file, keygen and relevant source attached. Very nice challenge! I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. Well I guess it's easier to know how to deob it once you are able to build test-app; using 1 protection only for each test-app (e.g String Encryption, Cflow, Resource, Method ...) Nice job though !
kao Posted June 22, 2015 Posted June 22, 2015 @Xenocode: I didn't have that luxury. All the work was done based on one and only file from this topic. But you're right - it would have been a bit easier, if I was able to make more test apps.
li0nsar3c00l Posted June 22, 2015 Author Posted June 22, 2015 Unpacked file, keygen and relevant source attached. Very nice challenge! tooked you longer than i expected well done, hope you had some fun! ps. you can still search for hidden messages!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now