Results 1 to 5 of 5

Thread: CONFidence 2010 is over

  1. #1

    CONFidence 2010 is over

    One of the biggest (best ) IT security-oriented conferences in Poland finished three days ago, in the wednesday evening. In the very first place, I would like to congratulate all the organisers, for their decision on where the event should be held, as well as how it should look like - during these two days, I had plenty of real fun!

    CONFidence 2010 took place in Poland, on 25th and 26th of May, in the Kijów Cinema. The lectures were presented on two, independent tracks (thus everyone was able to find something for himself in any given moment), and regarded numerous, important security fields. In my opinion (and because of my specific interests), the best speeches were given by Sebastian Fernandez - "General notes about exploiting Windows x64", Mario Heidreich - "The Presence and Future of Web Attacks Multi-Layer Attacks and XSSQLI" and Alexey Tikhonow - "De-blackboxing of digital camera". I am really looking forward to see the slides being published as soon as possible. Meanwhile, you can find the complete conference schedule at http://2010.confidence.org.pl/agenda.

    The ESET company (NOD32 software producent) has recently decided to organise two competitions with fun prizes - some detailed information can be found here. In short: the purpose of the first one was to create or project a security-related application of any kind. The second one was directed towards the conference attendees, as the goal was to find a correct serial key associated to a chosen user name, in a specially prepared executable file. A team consisting of Gynvael Coldwind and me managed to meet the latter objective, and therefore win the competition Due to the above, a short blog entry/article should be released soon, covering the exact way of generating a correct serial, having as little knowledge about the input data verification mechanisms, as only possible (stay tuned ). The CrackMe can be still downloaded from the CONFidence website: http://2010.confidence.org.pl/ESET/banner.html, and I encourage every one and each of you to take a look at this one.

    Moreover, I had the pleasure (once more, with Gynvael's collaboration) to carry out one of the last presentations, dedicated to the Windows kernel vulnerabilities (related to CSRSS and the system registry), which I have often mentioned lately. I think this is a perfect opportunity to publish some advisory documents, containg more relevant, detailed information about the vulns, of a more technical nature. Below you can find a complete list of these:

    Furthermore, a package including all the above advisories is available to be downloaded here (864 kB).

    The slides presented during our lecture can be found here (1.6 MB).

    I strongly encourage every conference attendee to share your opinion regarding the conference itself, as well as specifically the material talked over by us.



    http://j00ru.vexillium.org/?p=363&lang=en

  2. #2
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    that crackme is Bit-machine.
    8 handlers are:
    0: ExitLoop
    1: ConditionalJumpOver
    2: Invert_Bit_InControlDword
    3: Set_Bit_InControlDword
    4: And_Bits_InControlDword
    5: Copy_Bit_InControlDword
    6: Copy_Bit_FromMemoryToControlDword
    7: Copy_Bit_FromControlDwordToMemory

    bits in Word used as 3-5-5-3 ...

  3. #3
    Hi evaluator, so you took the time to actually look at the executable Good job!
    There's nothing really special about it, I agree; but the way we solved it then could be interesting anyways

  4. #4
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    VM operates on Bits using Logic Gates.
    emulated Instructions found MOV, XOR, ADD, SHL
    this is optimised (LOOP added) code.

    Code:
    XOR D0 D014
    MOV D034 0
    
    mov ecx 0
    @R1:
    cmp ecx 020 | je @R1E
    BT D04 ecx | jnc @SH1 | ADD D034 D028
    @SH1:
    SHL D028 1 | inc ecx | jmp @R1
    
    
    @R1E:
    
    XOR D08 D01C
    MOV D03C 0
    
    mov ecx 0
    
    @R2:
    cmp ecx 020 | je @R2E
    BT D0C ecx | jnc @SH2 | ADD D03C D020
    @SH2:
    SHL D020 1 | inc ecx | jmp @R2
    
    @R2E:
    MOV D030 0
    
    mov ecx 0
    @R3:
    cmp ecx 020 | je @R3E
    BT D0C ecx | jnc @SH3 | ADD D030 D02C
    @SH3:
    SHL D02C 1 | inc ecx | jmp @R3
    
    @R3E:
    XOR D034  D010
    MOV D038 0
    
    mov ecx 0
    @R4:
    cmp ecx 020 | je @R4E
    BT D0 ecx | jnc @SH4 | ADD D038 D024
    @SH4:
    SHL D024 1 | inc ecx | jmp @R4
    
    @R4E:
    XOR D03C D018

  5. #5
    Wow, good work @ analyzing the VM implementation+virtual code
    Hopefully this doesn't show up to people that would like to solve it on their own ;>

Similar Threads

  1. CONFidence 2013 and the x86 quirks
    By j00ru vx tech blog in forum Blogs Forum
    Replies: 0
    Last Post: June 2nd, 2013, 09:22
  2. Vegas 2010, who's going?
    By dELTA in forum Off Topic
    Replies: 24
    Last Post: September 2nd, 2010, 03:11
  3. Smartcheck on 2010 ?
    By lucmonc in forum The Newbie Forum
    Replies: 3
    Last Post: March 21st, 2010, 09:51
  4. Understanding Maya 2010 keygen
    By james in forum The Newbie Forum
    Replies: 9
    Last Post: August 26th, 2009, 15:34

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •