Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

BinaryShield (Custom VM)

This is my first attempt at a binary protector. Currently, the VM has very little protection, so this should be good for those interested in learning about VM-based obfuscation. I intend on uploading new challenges that feature my protector as I add more features.

GOAL:

- You must find the correct key. Simply patching to get a goodboy message is NOT allowed.
- Bonus points for devirt and explanation of your approach.
- MOST IMPORTANTLY, have fun!

:)

File Information

Submitter ra1n

Submitted 09/23/2024

Category CrackMe

View File

BinaryShield (Custom VM)

Edited by ra1n

Solved by Washi

Go to solution
  • Solution

Fun and not too difficult challenge. I always like me some VM crackmes :)

Valid keys:

Spoiler

1859
2418
1638
299902
29763

Had enough fun reversing this so I made a full writeup with disassembler and devirtualized code:

https://blog.washi.dev/posts/binaryshield-vm-crackme/

Edited by Washi

  • Author
40 minutes ago, Washi said:

Fun and not too difficult challenge. I always like me some VM crackmes :)

Valid keys:

  Reveal hidden contents

1859
2418
1638
299902
29763

Had enough fun reversing this so I made a full writeup with disassembler and devirtualized code:

https://washi1337.github.io/ctf-writeups/writeups/misc/tuts4you/binaryshield/

Bravo! Thank you for the writeup. I apologize for the confusion with the multiple keys—it was only supposed to be one! I mistakenly checked if the input matched those constants instead of the current key calculation. Haha! I look forward to sharing my next upload, which will include anti-debugging features. Once again, amazing work! :)

EDIT: There appears to be a small typo in your lifted disassembly that would imply some of the keys are not correct.

Edited by ra1n

  • 4 months later...

hi, i am new to devirtualization topic and this challenge was very good for beginners and me.

first, my goal was not just obtain the keys but devirtualize whole function automatically and recompile back to be able to patch it.

i lifted handlers to LLVM IR and recompiled in a new binary to analyze it

this is my final output

spacer.png

i know its a little difficult to read, but at least you can see the correct keys clearly if you look at if statements.

sadly, code crashes at runtime, i dont know why. it will probably take really long time to identify the problem. i dont think i will do that. maybe i might try VTIL instead of LLVM.

i would like to see others approaches on fully devirtualizing this vm. great challange again. 

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.