Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
CodeOfDark

PandaObfuscator, with custom VM

Question

CodeOfDark

Difficulty : 2-3
Language : .NET
Platform : Windows
OS Version : Windows7+
Packer / Protector : PandaObfuscator (Modded Confuser) with Custom VM

Description :

Just basic UnpackMe, want to see if my obfuscator good/bad

Screenshot :

image.png.62b851da8d9494b35a6bcf1106e63030.png

GetMe.7z

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 2
SHADOW_UA

Unpacked

Use any long key to pass checks.

GetMe_unp.zip

  • Like 4
  • Haha 1

Share this post


Link to post
  • 0
tathanhdinh
Posted (edited)

I'm cannot resolve the challenge yet, it's indeed very hard (at least for me). I would like just to know whether I've got the correct partial result or not.

I've managed to "dump" the key checking procedure, which locates on several non-contiguous pages (!?). The attached image is a part of it (I don't know how to capture all the function). I've found that there is a loop which reads each chararacter (input key is a wide string, each char is 2 bytes) by the instruction

movz ecx, [eax + ebx * 2]

the character is then checked with several values (e.g. "-", etc). But I still cannot go further.

panda_obfuscator.png

Edited by tathanhdinh
code reformat (see edit history)

Share this post


Link to post
  • 0
tathanhdinh
Posted (edited)

WTF, I've gone seriously wrong with this challengeĀ šŸ¤ .

Excellent work, @SHADOW_UA

Edited by tathanhdinh (see edit history)

Share this post


Link to post
  • 0
Zyhes
On 1/8/2019 at 9:47 PM, SHADOW_UA said:

Unpacked

Use any long key to pass checks.

GetMe_unp.zip

Ā 

Any info of how you did it?

Edited by Zyhes (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...