Jump to content
Tuts 4 You

PandaObfuscator, with custom VM


CodeOfDark

Recommended Posts

Difficulty : 2-3
Language : .NET
Platform : Windows
OS Version : Windows7+
Packer / Protector : PandaObfuscator (Modded Confuser) with Custom VM

Description :

Just basic UnpackMe, want to see if my obfuscator good/bad

Screenshot :

image.png.62b851da8d9494b35a6bcf1106e63030.png

GetMe.7z

Link to comment
Share on other sites

  • 2 months later...

I'm cannot resolve the challenge yet, it's indeed very hard (at least for me). I would like just to know whether I've got the correct partial result or not.

I've managed to "dump" the key checking procedure, which locates on several non-contiguous pages (!?). The attached image is a part of it (I don't know how to capture all the function). I've found that there is a loop which reads each chararacter (input key is a wide string, each char is 2 bytes) by the instruction

movz ecx, [eax + ebx * 2]

the character is then checked with several values (e.g. "-", etc). But I still cannot go further.

panda_obfuscator.png

Edited by tathanhdinh
code reformat
Link to comment
Share on other sites

  • 3 weeks later...
  • 1 year later...
  • 2 months later...
  • 6 months later...
On 9/5/2020 at 10:27 PM, tungtruong20xx said:

can u help me this method :(

sorry my english is bad
exe and runtime.dll

image.png.1a2001d3c20d4cccd8d07523973c7e77.pngimage.png.1d88b2e1a3fd02226bf206d4bf122ca5.png

give me the file

Edited by deluxe
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...