PIN reverseme by muslimcyber

Problem These days, I am busier with school and other “stuff” and saw this problem. It looked pretty easy, so I decided to give it a go. Let’s start by popping this thing into IDA. .text:00000000004005DE lea rdi, format ; "Masukan PIN = " .text:00000000004005E5 mov eax, 0 .text:00000000004005EA call _printf .text:00000000004005EF lea rax, [rbp+var_4] .text:00000000004005F3 mov rsi, rax .text:00000000004005F6 lea rdi, aD ; "%d" .text:00000000004005FD mov eax, 0 .text:0000000000400602 call ___isoc99_scanf . [Read More]

GraxCode's CrackMe2

CrackMe URL Answer: antidote First, we want to find the entry point. Let’s view META-INF/MANIFEST.MF. Manifest-Version: 1.0 Protected-Notice: AV contact email - [email protected] JAR-Signature: S94EzrNEa9XPP3HJnTSKTHY7H5pMzIkyOckf2zlblNDR1oPS Class-Path: . Protected-By: 3.0.9 Stringer (20170608) Main-Class: jcc.part2.CrackMe Name: jcc/part2/v.class SHA-256-Digest: I+hSWBo3DZwEtTlqVXyzdxRRKW9N/usMoCpOi8gYBUI= Name: jcc/part2/CrackMe.class SHA-256-Digest: REigvNjpIrv3Ht4aGavXQ8xVJp1ltZmarAxOg/XYYpY= Name: hpl/tko/hx.class SHA-256-Digest: HF4KWRh1bmN6zBzytVHEdImHyNHJEOeOYPxFhOLIRlc= Name: hpl/tko/bp.class SHA-256-Digest: CCw/Anec+ntGwgTqnMVgLmA3b09cLlVFMhP5WNnve9Y= Name: jcc/part2/sv.class SHA-256-Digest: TCB0kj/YJHSyY9IbGrbjKW//Rj01GT4B3ittqvr6dh8= Name: hpl/tko/f.class SHA-256-Digest: k4NdPnwzAWbNoeD7S3NuocywgXEp35iTG9ZbvYn6VnA= Name: jcc/part2/f.class SHA-256-Digest: 8BVz0nTL6PWCJTT29yzz2jXhojODAN3MtjZ/XTdqXNM= Oh dear, it’s obfuscated! Sure enough, when we view the main class, there is Zelix exception obfuscation, Zelix flow control obfuscation, Zelix enhanced string encryption, Stringer signing, Stringer string encryption, Stringer hide access obfuscation and who knows what. [Read More]

Unpacking Odin Anticheat

Edit: This JAR was protected with the Paramorphism Java obfuscator by Anthony Som. Edit #2: Removed JAR link at request of the author. While this JAR wasn’t too hard to poke around in and figure out what is going on, I found this one of the more unique obfuscations I have seen in attempting to prevent Java reverse-engineering. In this image, we can see the JAR has duplicated entries. I later found out after attempting to use my own Java obfuscator, Radon, to deobfuscate the JAR using my shrinker transformers, the entry duplication results in the fake classes being written to the JAR instead of the correct ones. [Read More]