If it ain’t broke…
January 18, 2010

If it ain’t broke…

If it ain't broke, don't fix it. But what if it is? What if the file you are trying to unpack with your unpacker is broken, then what? Do you just chuck it marking it as crapware or do you try to fix it? This raises many many question in file handling. Its foolish to assume that every file your unpacker receives is a valid portable executable. So, how does TitanEngine cope with this?

Read More
TitanGuard, protecting your PDF world
January 11, 2010

TitanGuard, protecting your PDF world

Recently we have seen an increase of malware attacks targeting multimedia formats. One of the formats targeted recently was PDF, a popular document format. Latest and still un-patched exploit targeting this format CVE-2009-4324 is particularly dangerous because it allows download of malicious content and its execution on the affected system or if it is unsuccessful denial of service attack.

Read More
Attacking the cipher
January 4, 2010

Attacking the cipher

Not too long ago we dedicated a blog post to removing executable password protections. In that post we said that we will eventually return to this topic to deal with much harder opponent. Well today is that day. This time we take a look at executable password protection named PEPasswordEncryptor

Read More
TitanEngine 2.0.3 and GUI for unpackers
January 1, 2010

TitanEngine 2.0.3 and GUI for unpackers

In our previous blog we have shown a short video that demonstrates the usage of new LUA SDK. Since then we decided that console unpackers are very boring to we included a new function in the TitanEnginewhich enables creation of a simple unpacker GUI that makes your script unpackers a little bit more user friendly. With this youtube video we welcome you to 2010. ReversingLabs will be back on Monday with more reverse engineering stories just for you. Catch us next time....

Read More
Lockpicking tELock
December 28, 2009

Lockpicking tELock

Today's blog post brings TitanEngine to the test and its a good way to end this years series of our blog posts dedicated to unpacking. The reason why TitanEngine is put to the test is because tELock is a protector riddled with protection tricks. That is why some modifications were needed so that we can debug files protected with this protection without getting detected by its anti-debugging tricks.

Read More
Writing static decompressors, aPLib story
December 21, 2009

Writing static decompressors, aPLib story

With the latest TitanEngine release, we introduced new functions which enable decompression of content packed with aPLib and LZMA. Today we will use those functions to make a static decompressor for AHPack. But before we do that we must answer a simple question: "What is the difference between regular static unpackers and static decompressors?"

Read More

Pages