PDA

View Full Version : ARTeam: dealing with funny checksum tutorial by deroko


Shub-nigurrath
March 11th, 2013, 05:50
Hi all,
online there's a new tutorial from deroko.. a well written document plus sources is waiting your comments and wows..

After a while, Iíve decided to write about something interesting which Iíve found while unpacking one protection, and it will be also nice introduction to one of my tools which I have wrote for fun of it.
However, I wonít mention application name here, but to demonstrate checksum check which I have found I will be using one test application, thus you will get idea what happened, and how checksum is defeated. I will also introduce one tool I wrote, which served me well in this particular case. Tool should come with this document, thus I wonít describe tool, and itís internals as source code should be well commented.

Go and grab it on our tutorial page
http://www.accessroot.com/arteam/site/download.php?view.334

BR,
Shub

rendari
March 12th, 2013, 12:38
Nice tuto, but I have a stupid question:

Why didn't he just use hardware breakpoints to locate and defeat the checksum?

-r

deroko
March 12th, 2013, 17:17
Binary was huge, after modifying it to properly run (patching, adding extra code etc...), there were a lots of patches inside which would trigger checksum to fail on random places. Hunting it with debug breaks would take much more time than simply instrumenting it