ra1n Posted September 23, 2024 Posted September 23, 2024 (edited) View File BinaryShield (Custom VM) This is my first attempt at a binary protector. Currently, the VM has very little protection, so this should be good for those interested in learning about VM-based obfuscation. I intend on uploading new challenges that feature my protector as I add more features. BinaryShield source code: https://github.com/connorjaydunn/BinaryShield GOAL: - You must find the correct key. Simply patching to get a goodboy message is NOT allowed. - Bonus points for devirt and explanation of your approach. - MOST IMPORTANTLY, have fun! Submitter ra1n Submitted 09/24/2024 Category CrackMe Edited September 25, 2024 by ra1n 1
Solution Washi Posted September 25, 2024 Solution Posted September 25, 2024 (edited) Fun and not too difficult challenge. I always like me some VM crackmes Valid keys: Spoiler 1859 2418 1638 299902 29763 Had enough fun reversing this so I made a full writeup with disassembler and devirtualized code: https://blog.washi.dev/posts/binaryshield-vm-crackme/ Edited September 25, 2024 by Washi 5 1
ra1n Posted September 25, 2024 Author Posted September 25, 2024 (edited) 40 minutes ago, Washi said: Fun and not too difficult challenge. I always like me some VM crackmes Valid keys: Reveal hidden contents 1859 2418 1638 299902 29763 Had enough fun reversing this so I made a full writeup with disassembler and devirtualized code: https://washi1337.github.io/ctf-writeups/writeups/misc/tuts4you/binaryshield/ Bravo! Thank you for the writeup. I apologize for the confusion with the multiple keys—it was only supposed to be one! I mistakenly checked if the input matched those constants instead of the current key calculation. Haha! I look forward to sharing my next upload, which will include anti-debugging features. Once again, amazing work! EDIT: There appears to be a small typo in your lifted disassembly that would imply some of the keys are not correct. Edited September 25, 2024 by ra1n 1
m0rphine Posted Sunday at 09:35 PM Posted Sunday at 09:35 PM hi, i am new to devirtualization topic and this challenge was very good for beginners and me. first, my goal was not just obtain the keys but devirtualize whole function automatically and recompile back to be able to patch it. i lifted handlers to LLVM IR and recompiled in a new binary to analyze it this is my final output i know its a little difficult to read, but at least you can see the correct keys clearly if you look at if statements. sadly, code crashes at runtime, i dont know why. it will probably take really long time to identify the problem. i dont think i will do that. maybe i might try VTIL instead of LLVM. i would like to see others approaches on fully devirtualizing this vm. great challange again. 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now