Posted June 14, 201510 yr hey guys, as some of you may already know, I've been working on an obfuscator for quite a long time. https://www.disguiser.net/ There is still a lot of stuff to improve, but I' like to know, how long it takes an experienced reverser to code a Keygen for this. All features are present in normal mode, so I still have something harder in case this is too easy for you guys I'd rate it 6/10, let me know what you think PS. it might not be the best nor innovative, but its mine! if you find my hidden messages, you will get something from me (yeah, plural! and PM me for your small gift, once you found them) greetz li0nsar3c00l [RTN] KeygenMe.rar Edited October 24, 20159 yr by li0nsar3c00l
June 14, 201510 yr The hidden message is in the DisguiserRawHeap.Its just encrypted and I don't know the key for decryption.
June 14, 201510 yr Where I am so far : Unpack the file. start ollyrun the file, twice, and wait for process terminated messagego to Memory mapsearch for "mscorlib" and then search next until you ave the MZ header Some resource have a cool name so I made a joke ofc I've made a Malwr static scan to have a dump of every string https://malwr.com/analysis/ZTNjODc0NDRmZDk3NDQ4MWE3MWFmOGY5MThhZTVlYWY/
June 14, 201510 yr You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param).
June 15, 201510 yr You can dump the real file easily too using WinDbg and breaking on LoadModule, dump the buffer (2nd param). Yes. but the dumped file need to be fixed manually...
June 22, 201510 yr Unpacked file, keygen and relevant source attached. Very nice challenge! I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. unpacked+keygen+src.zip
June 22, 201510 yr Unpacked file, keygen and relevant source attached. Very nice challenge! I will respect li0n's wishes and will not make full-featured unpacker available. But I might make examples of each protection feature and explain how to remove it - if and when I have more free time. Well I guess it's easier to know how to deob it once you are able to build test-app; using 1 protection only for each test-app (e.g String Encryption, Cflow, Resource, Method ...) Nice job though !
June 22, 201510 yr @Xenocode: I didn't have that luxury. All the work was done based on one and only file from this topic. But you're right - it would have been a bit easier, if I was able to make more test apps.
June 22, 201510 yr Author Unpacked file, keygen and relevant source attached. Very nice challenge! tooked you longer than i expected well done, hope you had some fun! ps. you can still search for hidden messages!
Create an account or sign in to comment