python-scripting-for-malware-analysis-ep-5-code-obfuscation

Has anyone attempted this lab? I appear to be stuck after creating a python script to put the code through the loops - I can produce a deobfuscated block but have inspected it using both xxd and stri...

defensive cyber

steven
4 months ago
there are several steps you need to do.
identify the block which you need to 'carve out' in binary
then use routine #1 to process the data (tip: it's about swapping)
then use routine #2 to further process the data (tip: it's about xor but not with the password pentioned in Q3)
then use routine #3 to process the data (tip: it's about adding something to each byte)
and then I think you'll see it somewhere as string at the end of the output. xx.xxxxxxxx.tld
hope that helps.

Forum Discussion

python-scripting-for-malware-analysis-ep-5-code-obfuscation

Featured Places

Help & Support Forum

Related Content

Re: Question for members: your most rebellious labs

Recent Discussions

Incident Response

CVE-2020-11651 (SaltStack RCE) – Defensive

Autopsy Ep 3: Tags, Comments and Reports

Confused in "Threat Modeling Fundamentals; SQL Injection and Server-Side Template Injection"

Radare2 Reverse Engineering: Ep.1 – Windows Binary Part 1