Newsroom

TitanEngine and Python SDK
Blog | February 8, 2010

TitanEngine and Python SDK

As we said in the blog dedicated to our latest TitanEngine release we are continuously working on expanding our SDK to support as much programming languages as possible. That is why the next major version update for TitanEngine will feature a support for Python scripting language. We are looking forward to seeing multiple unpacking scripts appearing with the next TitanEngine major release. Until next week...

Read More
Minor inconvenience
Blog | February 1, 2010

Minor inconvenience

During our every day work as reverse engineers we encounter problems that affect the tools we use. Most commonly to try to detect their presence and/or crash them. Whatever is their purpose we must work our way around them. One of such problems we encountered recently is a theoretical scenario in whichOllyDBG can't resolve data about the loaded modules.

Read More
ReversingLabs first birthday
Blog | January 27, 2010

ReversingLabs first birthday

The time has proven itself irrelevant once more with ReversingLabs celebrating its first birthday after seven long years of existence. Today is a very special day for us here at the ReversingLabs because today we turn one, officially. That means that just a year ago roller-coaster we call ReversingLabs Corporation stared its journey racing us to future. So far it has been a hell of a ride with the best twist and turns yet to happen, we promise you that. This year, even though its January, looks extremely promising with interesting works already done and releases pending, so keep an eye out open for us since you never know where we might show up. Our thanks goes to everyone who supported us during all those years, we promise to keep surprising you with our projects on (more) regular basics.

Read More
If it ain’t broke…
Blog | January 18, 2010

If it ain’t broke…

If it ain't broke, don't fix it. But what if it is? What if the file you are trying to unpack with your unpacker is broken, then what? Do you just chuck it marking it as crapware or do you try to fix it? This raises many many question in file handling. Its foolish to assume that every file your unpacker receives is a valid portable executable. So, how does TitanEngine cope with this?

Read More
TitanGuard, protecting your PDF world
Blog | January 11, 2010

TitanGuard, protecting your PDF world

Recently we have seen an increase of malware attacks targeting multimedia formats. One of the formats targeted recently was PDF, a popular document format. Latest and still un-patched exploit targeting this format CVE-2009-4324 is particularly dangerous because it allows download of malicious content and its execution on the affected system or if it is unsuccessful denial of service attack.

Read More
Attacking the cipher
Blog | January 4, 2010

Attacking the cipher

Not too long ago we dedicated a blog post to removing executable password protections. In that post we said that we will eventually return to this topic to deal with much harder opponent. Well today is that day. This time we take a look at executable password protection named PEPasswordEncryptor

Read More
TitanEngine 2.0.3 and GUI for unpackers
Blog | January 1, 2010

TitanEngine 2.0.3 and GUI for unpackers

In our previous blog we have shown a short video that demonstrates the usage of new LUA SDK. Since then we decided that console unpackers are very boring to we included a new function in the TitanEnginewhich enables creation of a simple unpacker GUI that makes your script unpackers a little bit more user friendly. With this youtube video we welcome you to 2010. ReversingLabs will be back on Monday with more reverse engineering stories just for you. Catch us next time....

Read More
Lockpicking tELock
Blog | December 28, 2009

Lockpicking tELock

Today's blog post brings TitanEngine to the test and its a good way to end this years series of our blog posts dedicated to unpacking. The reason why TitanEngine is put to the test is because tELock is a protector riddled with protection tricks. That is why some modifications were needed so that we can debug files protected with this protection without getting detected by its anti-debugging tricks.

Read More
Writing static decompressors, aPLib story
Blog | December 21, 2009

Writing static decompressors, aPLib story

With the latest TitanEngine release, we introduced new functions which enable decompression of content packed with aPLib and LZMA. Today we will use those functions to make a static decompressor for AHPack. But before we do that we must answer a simple question: "What is the difference between regular static unpackers and static decompressors?"

Read More
How to use TitanEngine and its plugins?
Blog | December 16, 2009

How to use TitanEngine and its plugins?

There was a lot of response and quality feedback about our latest TitanEngine release. One of the questions we got is "How to use the engine and its plugins?". That is why we made this video which shows a quick example on how to compile the UPX sample and use our Nexus plugin in order to unpack samples which can't be run on the system because one or more of their dependencies is missing. Sounds cool?

Read More
TitanEngine 2.0.2
Blog | December 14, 2009

TitanEngine 2.0.2

TitanEngine just got its new major update we labeled as TitanEngine 2.0.2. Even though the version incrementation is small the number of changes and the pure size of the code is vast. That is why we dedicate today's blog for listing all additions and changes done to the engine.

Read More
Removing executable password protection
Blog | December 7, 2009

Removing executable password protection

With the next TitanEngine release just around the corner we decided to do a light an interesting analysis of a simple executable password protection. Today's focus is on LCCrypto a simple example which will show us the general security and vulnerabilities of such and similar tools.

Read More
Complex static unpackers, may the force be with you!
Blog | November 30, 2009

Complex static unpackers, may the force be with you!

Commonly targets chosen for demonstration of TitanEngine static unpacking functions were very simple and so the code that unpacks the target would be very short but still enough to understand the basic principal of static unpackers. But today we do something very different. We decent into madness by testing the far limits of the TitanEngine and ourselves. Yoda's Crypter is one though nut to crack so may the force be with us on this journey.

Read More
From Russia with Love, nPack story
Blog | November 22, 2009

From Russia with Love, nPack story

Dynamic unpacking has a couple of benefits and couple of drawbacks. Main benefit would of course be the quick unpacker writing and natural resilience to minor packer changes including multiple shell versions that use different compression and/or encryption algorithms. Our only real concern would be possibility of file malformation so that the file we are unpacking does a jail break.

Read More
Seek PackMan and press play on tape!
Blog | November 15, 2009

Seek PackMan and press play on tape!

After a few weeks we return to building unpackers with an interesting packer called Packman. Even though this is a pretty straight forward packer there are a few details that make us learn a trick or two while working on this unpacker.

Read More
Halloween reversing
Blog | October 30, 2009

Halloween reversing

Halloween is a special time of year and it deserves a special blog we might call "writing unpackers in reverse". But wait, writing unpackers in reverse... isn't that packer writing?

Read More
TitaniumHandles
Blog | October 26, 2009

TitaniumHandles

Last week was particularity interesting as we did very interesting research related to archive formats. But that's topic for some other week, today we talk about one of the code samples for TitanEngine we mentioned few weeks ago. That code sample is a sample that shows TitanEngine's handler module capabilities implemented as an OllyDBG plugin.

Read More
TitanEngine 2.0.2 on Ubuntu
Blog | October 26, 2009

TitanEngine 2.0.2 on Ubuntu

TitanEngine just became Linux friendly! Even though this framework was and is designed only for Microsoft Windows x86/x64 platforms it can work with no problems under Linux with the help of WINE. Small modifications were necessary in order to make this possible but from next release you will be able to execute all ReversingLabs unpackers under Linux distribution of your choice. We have chosen Ubuntu, what is your choice? This ensures maximum safe environment for live malware analysis for those reverse engineers that make Linux their platform of choice.

Read More
Static decryption in reverse
Blog | October 19, 2009

Static decryption in reverse

For today's blog we had to do some minor engine modifications which is always fun. Even though we met these kinds of crypters before it completely slipped our mind that some crypters decrypt data in backward direction. That is why with CryptoCrackPEProtector we introduced new function for data decryption calledStaticMemoryDecryptSpecial. Only thing special about it is that you can choose the direction of decryption and in later versions if it proves necessary byte skipping etc.

Read More
Cloudy day with exeFog
Blog | October 12, 2009

Cloudy day with exeFog

After one week detour to reversing tool coding field we return to what TitanEngine does best which making unpackers of course. This week we take a peek into what hides in the fog, exeFog.

Read More

Pages