search

alexomara-com / comments

alexomara.com comments
0 stars 0 forks source link

blog/a-silly-anti-disassembly-trick/ #2

Open utterances-bot opened 3 years ago

utterances-bot commented 3 years ago

A Silly Anti-Disassembly Trick | Alexander O'Mara

The website and blog of Alexander O'Mara

https://alexomara.com/blog/a-silly-anti-disassembly-trick/

AlexanderOMara commented 3 years ago

Imported comment: Joaquín Díaz 2020-06-25 20:54:17

were you finally able to reverse engineer the malware? was that binary libConfigurer64.dylib?

AlexanderOMara commented 3 years ago

Imported comment: Alexander O'Mara 2020-06-25 21:21:27

I was able to reverse engineer it, but my sample was not a dylib like yours.

libConfigurer64.dylib is a filename typically used by the TNT release group, used for cracking software through code injection and memory patching. These files are typically packed/obfuscated (dynamic analysis helps here if you want to study them).

AlexanderOMara commented 3 years ago

Imported comment: Joaquín Díaz 2020-06-25 21:37:00

Thanks for the tip, I will try dynamic analysis. It's hard for me to understand these crackers motivations, they don't seem to earn anything as they don't sell them nor they have websites or anyway of promoting something. So far, I've not found any malware in their releases, even tried looking for odd stuff with wireshark but nothing yet

AlexanderOMara commented 3 years ago

Imported comment: Alexander O'Mara 2020-06-25 21:46:05

My understanding is release groups don't want people copying their work, or the software vendor being able to figure out how it works and change things to try to make it more-difficult to crack.

AlexanderOMara commented 3 years ago

Imported comment: Joaquín Díaz 2020-06-25 22:04:34

I mean, their intentions for cracking if not receiving reward in the first place. Do you think it's ego related then?

AlexanderOMara commented 3 years ago

Imported comment: Alexander O'Mara 2020-06-25 22:07:25

Probably, yeah.

AlexanderOMara commented 3 years ago

Imported comment: Firehawke 2021-04-25 03:08:52

Coming in really late but...

Ego and challenge. This is something that's historically been well known of the cracking community. The harder you make it to crack some piece of software, the more you're making them salivate over a real technical challenge. There's a huge boost to the reputation of the first person to crack a particularly vexing protection scheme as well, of course, so there's an ego payoff.