Ben_Lolo's WeeperVM -- Level 2

Author:
Ben_Lolo

Language:
C/C++

Upload:
2025-04-22 20:06

Download

Platform:
Unix/linux etc.

Difficulty:
5.6

Quality:
6.0

Arch:
x86-64

Downloads:
75

Size:
133.17 KB

Writeups:
1

Comments:
4

Description

Explore the vast capabilities of a fully custom virtualized architecture to recover a hidden phrase. Unlike level 1, this virtual code will not be easily analyzed using a Ghidra processor or Binary Ninja architecture plugin without preprocessing. A slew of protection mechanisms hinder static and dynamic analysis, both in the host code and in the virtualized code. - Multiple string encoding and encrypting schemes - Anti-debug - Anti-memory dump - Anti-patch - Anti-thread suspension - Wholly standardized algorithms - Modified standardized algorithms (this is a crackme, so they were changed to be reversible) - Control flow flattening - Jump tables - If-else ladders - No junk code (unless left in by accident) There are no dependencies for this binary. No libc, no dynamic nor static libraries. The virtualized code takes up almost the whole binary. Despite that, it executes reliably on a system with an 8-core, 1.6GHz CPU and 8GB of DDR3 RAM.

Comments (4)
Writeups (1)

You must be logged in to post a comment

Lilsan44444 on 2025-05-28 19:09: super duper hard to do

SyscallBroker on 2025-08-26 13:29: VM Protection is fun but reversing is funnier

trendcrusher on 2025-09-06 21:15: hmm... Its correct or no - Trac{SXgM7Sa{3X5a9wnvm{lSDakcfewsccy3d{WCVoASS{pCS31gsg3{ag3kTCSl6cN2CXqpskVv9_mK2iGrvg33qM0kpCh{rLceKf3b}

Ben_Lolo on 2025-09-08 17:32: The correct answer will print a positive message; the answer provided by trendcrusher is incorrect.

You must be logged in to submit a writeup

Solution by darbonzo on 2025-09-15 15:23:
Covers: flag finding, anti-* bypass, GDB/pwndbg scripting, lifting(ish), and VM teardown.

Download

crackmes.one

crackmes.one

Ben_Lolo's WeeperVM -- Level 2