I've not reversed much but there's dynamic code loading by using encryption. Decrypted payload is mapped with mprotect and mmap through syscalls with inline assembly. There's a bit of CFG flattened too. The code starts with .init_proc. The product seems to/could be Secneo-like.
I've not reversed much but there's dynamic code loading by using encryption. Decrypted payload is mapped with
mprotect
andmmap
through syscalls with inline assembly. There's a bit of CFG flattened too. The code starts with.init_proc
. The product seems to/could be Secneo-like.Samples libcmb-encrypt-jni.zip libmmm.zip