RobN
Bronze III
2 months agopython-scripting-for-malware-analysis-ep-5-code-obfuscation
Has anyone attempted this lab? I appear to be stuck after creating a python script to put the code through the loops - I can produce a deobfuscated block but have inspected it using both xxd and stri...
- 2 months ago
there are several steps you need to do.
- identify the block which you need to 'carve out' in binary
- then use routine #1 to process the data (tip: it's about swapping)
- then use routine #2 to further process the data (tip: it's about xor but not with the password pentioned in Q3)
- then use routine #3 to process the data (tip: it's about adding something to each byte)
and then I think you'll see it somewhere as string at the end of the output. xx.xxxxxxxx.tld
hope that helps.