Page 2 of 2 FirstFirst 12
Results 16 to 28 of 28

Thread: Panda Reversing Challenge

  1. #16
    I sent you a PM, just to make sure not to spoil anything for the others . I completed reversing as well after a day, even though I spent most time trudging through what turned out to be the initialization of the runtime... Will write my program tomorrow.

  2. #17
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    is interesting to play with it?

  3. #18
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    is this really packed or a bogus? never played with encryptpe tho. if it was packed, why there is console API in the beginning and can see strings clearly?

  4. #19
    evaluator: I'm having fun with this, yes. I didn't expect the type of challenge that the program contains. It even contains some of its own antidebug this time, although most of the protection is again in the (third party) packer.

    dion: let's just say that as with most packers/protectors, EncryptPE can be used to selectively protect certain functions. You will know it when you see it.

  5. #20
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    wow, unpacking need!? =)

  6. #21
    It's not really encrypted at all. Just lots and lots of junk code inserted.

  7. #22
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    well, it surely junking debugview. wierd, is it supposed to made it crash? but it didn't

  8. #23
    That is anti-Olly. Those huge format strings exploit a bug in Ollydbg to make it crash, it's a very common trick. Correspondingly there are also many options available for fixing it.

  9. #24
    Second?! Argh. Must try harder tomorrow

  10. #25
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    the hard one... looks a bit 'malicious'. it peeks my boot sector and hash them. still stuck on it tho.

  11. #26
    I'm pretty stumped on this one as well. If the message is not inside the program as the challenge description states, then where is it? They can't really make assumptions about specific other files with specific contents existing on the drive... Even ntdlr probably changes between Windows versions

    Reversing the hashes is pretty hopeless as well, considering the length of the input data (255 bytes most times)...

  12. #27
    Registered User
    Join Date
    Jul 2007
    Posts
    61
    Blog Entries
    1
    from what said, it is closer to you than it seems, i took liberty to point 'it' to the panda file itself. dunno, it runs 2 times, watched in filemon, and nothing more... maybe overflowed inside

  13. #28
    xwings
    Guest
    Quote Originally Posted by dion View Post
    from what said, it is closer to you than it seems, i took liberty to point 'it' to the panda file itself. dunno, it runs 2 times, watched in filemon, and nothing more... maybe overflowed inside
    saw alots of fork() there. my wild guess could be overflowed. well. i got no idea how it works.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Challenge
    By Kayaker in forum Off Topic
    Replies: 5
    Last Post: February 18th, 2013, 12:28
  2. Panda Challenge 2010 Edition
    By dion in forum Mini Project Area
    Replies: 10
    Last Post: July 25th, 2010, 01:35
  3. InTether Protection System Reversing...Reversing Kernel Code
    By tHE mUTABLE in forum Advanced Reversing and Programming
    Replies: 1
    Last Post: December 20th, 2007, 10:48
  4. Problem Olly with Panda
    By g30rg3_x in forum OllyDbg Support Forums
    Replies: 6
    Last Post: June 25th, 2004, 11:09
  5. Rsa Challenge
    By int21hex in forum RCE Cryptographics
    Replies: 10
    Last Post: January 29th, 2002, 12:07

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •