PandaObfuscator, with custom VM

[CodeOfDark]

Difficulty : 2-3
Language : .NET
Platform : Windows
OS Version : Windows7+
Packer / Protector : PandaObfuscator (Modded Confuser) with Custom VM

Description :

Just basic UnpackMe, want to see if my obfuscator good/bad

Screenshot :

GetMe.7z

[tathanhdinh]

I'm cannot resolve the challenge yet, it's indeed very hard (at least for me). I would like just to know whether I've got the correct partial result or not.

I've managed to "dump" the key checking procedure, which locates on several non-contiguous pages (!?). The attached image is a part of it (I don't know how to capture all the function). I've found that there is a loop which reads each chararacter (input key is a wide string, each char is 2 bytes) by the instruction

movz ecx, [eax + ebx * 2]

the character is then checked with several values (e.g. "-", etc). But I still cannot go further.

Edited January 8, 2019 by tathanhdinh
code reformat

[SHADOW_UA]

Unpacked

Use any long key to pass checks.

GetMe_unp.zip

[tathanhdinh]

WTF, I've gone seriously wrong with this challenge 🤐 .

Excellent work, @SHADOW_UA

Edited January 9, 2019 by tathanhdinh

[CodeOfDark]

Gj @SHADOW_UA

[Zyhes]

On 1/8/2019 at 9:47 PM, SHADOW_UA said:

Unpacked

Use any long key to pass checks.

GetMe_unp.zip

 

Any info of how you did it?

Edited January 31, 2019 by Zyhes

[BataBo]

I'm sure I'm late to the party,the password is:VGhpcyBTaW1wbGUgQ3JhY2tNZQ0kQnkgQ29kZU9mRGFyaw==

[tungtruong20xx]

can u help me this method

sorry my english is bad
exe and runtime.dll

[0x29A]

On 9/5/2020 at 10:27 PM, tungtruong20xx said:

can u help me this method

sorry my english is bad
exe and runtime.dll

give me the file

Edited March 20, 2021 by deluxe