Author:
sovereign

Language:
C/C++

Upload:
2026-01-11 03:28

Platform:
Windows

Difficulty:
6.0

Quality:
4.0

Arch:
x86-64

Downloads:
112

Size:
117.20 KB

Writeups:
0

Comments:
1

Description

Ouroboros's (senji is my other name) primary purpose is to scan and wipe sensitive strings from process memory. The crackme serves as a complex reverse engineering challenge due to its "malware-like" protection architecture. Technical Features & Challenges: Ouroboros SMC: The core scanning engine is encrypted at rest and only decrypted JIT within an asynchronous APC context. Hyper-Dispatcher: Control flow is non-linear, utilizing "Nanomites" (deliberate UD2 instructions) handled by a custom-registered VEH and VCH. Halo's Gate: Direct syscalls are resolved dynamically by scanning ntdll.dll for syscall stubs to bypass EDR/Debugger hooks. Custom VM: Memory writing operations are executed via a custom bytecode interpreter. API Hashing: No static imports. All sensitive Windows APIs are resolved via PEB walking and DJB2 hashing. SIMD Hijacking: Critical state variables are hidden within XMM/YMM registers to complicate standard register tracing. The Goal: Your task is to deobfuscate the application and recover the underlying memory sanitization logic. Specifically, you need to find the hardcoded Session Key used to decrypt the Ouroboros layer or provide a fully deobfuscated dump of the ScanAndWipe routine. Requirements: Windows 10/11 x64 No external dependencies (Statically linked). Warning: This tool uses advanced anti-debug and anti-analysis techniques. It may crash unstable debuggers or cause "Software Breakpoint" floods. For rules: It contains NO harmful code, NO malware, and NO external network connections. All "malicious-looking" behaviors (SMC, Syscalls) are simulated for learning.

• Comments (1)
• Writeups (0)

You must be logged in to post a comment

You must be logged in to submit a writeup