survivalizeed's VM

Author:
survivalizeed

Language:
C/C++

Upload:
2024-05-09 16:21

Download

Platform:
Windows

Difficulty:
4.0

Quality:
5.0

Arch:
x86-64

Downloads:
18

Size:
216.00 KB

Writeups:
0

Comments:
14

Description

Why try this crackme? - It again contains 100+ lines of custom instructions - It uses a 100% self made multilevel VM - No Anti-Debugging - No Packing Your task: Find the correct Key Rules: No patching, write a devirtualizer if possible Good Luck and have fun :)

Comments (14)
Writeups (0)

You must be logged in to post a comment

sporta778 on 2024-05-14 20:41: if possible? I am already scared...

survivalizeed on 2024-05-15 10:09: "if possible" is only from my dumb point of view. This does a lot of things differently but you should be able to do it :). Again if you got questions or need minor help I always here

sporta778 on 2024-05-23 21:32: sorry survivalizeed , here present crackme he threw me off track, these cool guys said cool things on forums...

sporta778 on 2024-05-23 22:27: i have some ambitions, but look like this is do not according to some things

survivalizeed on 2024-05-24 10:14: no need to apologize. We both do this stuff in our free time so its up to you and me how we spend it. Do the crackme when ever you want to and only if you want to :)

0x911 on 2024-06-02 12:04: 214 KB ? , the executable has unnecessary instruction right ?

0x911 on 2024-06-02 13:56: nvm the executable named vm_obfuscation

survivalizeed on 2024-06-03 15:09: 0x911 i wouldn't waste time on this if you aint got a decent RE experience :) If do want to try it and need minor help then I'm here

dev0 on 2024-06-10 11:33: ***** Spoiler ***** AGAIN-ANY-K?Y -- where ? can be any ASCII character (or anything stored in a std::string instance) Pretty unique idea. If I am wrong I apologize. It looks like you do the random 16 2 byte array but you have 9 of them. You also have a linked list or linked list like structure that is 66 bytes before the start of 6 of the random arrays. You first pass that through a function that, I don't know how to word this, unravels the bytecode into the instruction set and stores that in a std::vector instance using the push_back function. The thing that honestly made this easier was it appears it is the same instruction set as the first crackme you created. It took me a few times reading over the functions to realize you were using the modes (12 being immediate value, and 13 being register space) like the first crackme. After I picked up on that, I took a chance and devirtualized the unraveled bytecode with the previous crackmes instruction set. Very nice. I still love the way you are using the array indices as the opcodes vs the value stored there. Using dynamic analysis it would appear the opcodes change with each run. You also did a really good job using pointer manipulation to access the values in the vm. Very clever ideas! Very good crackme!!

sporta778 on 2024-06-11 22:56: i will better write some more easey solution, i sawed here presents inside more calls later survilized...))) but structurce same))

survivalizeed on 2024-06-12 20:51: very nice @dev0. Yeah the core is the same as with the first version. The thing that really changed for this one is that the instruction set gets translated to the instruction set of a different VM which then translates to the instruction set of a different VM etc. It does that a few times until it reaches the "actual" VM which then has to be devirtualized.

survivalizeed on 2024-06-12 20:54: @sporta778 can't wait to see the solution. If you guys are interested i will try myself with a way more complicated version. This time really complicated. Obfuscation and all the annoying things will be included :)

imeow256 on 2024-06-26 00:54: wow this is quality made, tough one

dredge on 2024-07-17 19:41: by flick own

You must be logged in to submit a writeup

crackmes.one

crackmes.one

survivalizeed's VM_Madness2