sporta778 on 9:58 AM 04/16/2024: some activation microcomputer writer's....
survivalizeed on 12:19 PM 04/16/2024: I dont get what you are trying to say
sporta778 on 8:41 PM 04/23/2024: It loudly said VM, i call it microcomputer. i was surprised, but codes changed after restarting application...
survivalizeed on 8:49 PM 04/23/2024: Isnt VM == microcomputer in this context? But yeah it is randomized at the beginning. As a small hint: The code obviously doesnt change at all in its mechanics. Only thing getting more difficult is writing a devirtualizer. If you need a few more little hints you can always ask :)
sporta778 on 9:32 PM 04/23/2024: no no i think i do not ask , i already process first function,
and i now started learn second call this function of proccessing codes of microcomputer. i think i can find password and write disassembler. Just ANY- i found. But i think it loudly said that this devirtualizer. I call it disassembler. But maybe i do not understand some abstraction.
sporta778 on 9:33 PM 04/23/2024: okay if it will hard i will ask...
survivalizeed on 9:50 PM 04/23/2024: Yes the ANY- is correct. Very nice! Second part can be a bit harder but its obviously the same vm used as core.
survivalizeed on 9:53 PM 04/23/2024: Idk maybe you are getting some terms wrong or its just a language barrier. With a devirtualizer I mean that the custom instruction set i created which is read by my custom VM has to be decoded in normal x86-64 instructions. So if you e.g have something like 0x12, 0xf3 then your devirtualizer should make a "mov" out of it.
sporta778 on 10:22 PM 04/23/2024: I understand you, but if you will see at this https://crackmes.one/crackme/65f1f892cddae72ae250b57e, i interpret this crackme as microcomputer becouse it microcomputer have RAM (random access memory) and RAM2. I think it no problem call it virtual machine , but for me it is too loudly. This is just my cockroaches.
sporta778 on 1:56 PM 04/24/2024: Hehe... here some secret. Rbx after calling functions of core VM
do not changed , but after first call of it function it loaded by zero from eax, in which saved memory0 (but memory0 loaded in first function by zero).Memory0 = qword [rcx] (rcx loaded at input of core function).
sporta778 on 2:17 PM 04/24/2024: sorry no needed , i found it...
survivalizeed on 6:49 PM 04/25/2024: You got the key?
sporta778 on 8:43 PM 04/25/2024: ANY-K$Y $ any symbol , and you can add any string to it, i writed solution, and i send it on site...
sporta778 on 8:43 PM 04/28/2024: if they approval approval , go next
survivalizeed on 3:40 PM 05/07/2024: sporta just saw your solution... Really amazing solution. You really seem to know what you are doing :)
sporta778 on 6:58 PM 05/07/2024: thanks
survivalizeed on 2:19 PM 05/08/2024: Would you be interested in a more challenging version? I am currently working on something
sporta778 on 2:30 PM 05/08/2024: lets go..;)
survivalizeed on 4:36 PM 05/08/2024: nice, glad to hear haha. Again i wont use anti debugging or packing... just a VM + some obfuscation. Give me some time to finish it :). I will notify you when everything is finished up.
Btw. Where did you learn RE?
sporta778 on 4:52 PM 05/08/2024: i am odrinary man, from the world by thread..
sporta778 on 9:12 PM 05/08/2024: it is no question where, just when i was young it was interested things like 0 ring, winapi , sockets... but just no place to do with it something.... it was more 20 years ago... just have free time to make these things..
survivalizeed on 11:48 PM 05/08/2024: Damn. Im not even 20 years old haha
sporta778 on 11:52 PM 05/08/2024: ;)
survivalizeed on 12:28 AM 05/09/2024: Alright. I should be finished with the new crackme by tomorrow. Would you like an extra layer of obfuscation by some free third party software or just "my" obfuscation?
You were a bit too quick with this one here so I would like to level up the difficulty even more :)
sporta778 on 12:50 AM 05/09/2024: do not hurry and do not worry. if really I'm not experienced in these things. I am even can not work with ida ... etc . Only debugger. I think here a lot cool peoples, but they in silence mode.
survivalizeed on 1:11 AM 05/09/2024: Yeah IDA is pretty powerful but it sometimes distracts from the actual stuff you should look at.