Removing executable password protection
Blog | December 7, 2009

Removing executable password protection

With the next TitanEngine release just around the corner we decided to do a light an interesting analysis of a simple executable password protection. Today's focus is on LCCrypto a simple example which will show us the general security and vulnerabilities of such and similar tools.

Read More
Complex static unpackers, may the force be with you!
Blog | November 30, 2009

Complex static unpackers, may the force be with you!

Commonly targets chosen for demonstration of TitanEngine static unpacking functions were very simple and so the code that unpacks the target would be very short but still enough to understand the basic principal of static unpackers. But today we do something very different. We decent into madness by testing the far limits of the TitanEngine and ourselves. Yoda's Crypter is one though nut to crack so may the force be with us on this journey.

Read More
From Russia with Love, nPack story
Blog | November 22, 2009

From Russia with Love, nPack story

Dynamic unpacking has a couple of benefits and couple of drawbacks. Main benefit would of course be the quick unpacker writing and natural resilience to minor packer changes including multiple shell versions that use different compression and/or encryption algorithms. Our only real concern would be possibility of file malformation so that the file we are unpacking does a jail break.

Read More
Seek PackMan and press play on tape!
Blog | November 15, 2009

Seek PackMan and press play on tape!

After a few weeks we return to building unpackers with an interesting packer called Packman. Even though this is a pretty straight forward packer there are a few details that make us learn a trick or two while working on this unpacker.

Read More
Halloween reversing
Blog | October 30, 2009

Halloween reversing

Halloween is a special time of year and it deserves a special blog we might call "writing unpackers in reverse". But wait, writing unpackers in reverse... isn't that packer writing?

Read More
TitaniumHandles
Blog | October 26, 2009

TitaniumHandles

Last week was particularity interesting as we did very interesting research related to archive formats. But that's topic for some other week, today we talk about one of the code samples for TitanEngine we mentioned few weeks ago. That code sample is a sample that shows TitanEngine's handler module capabilities implemented as an OllyDBG plugin.

Read More
TitanEngine 2.0.2 on Ubuntu
Blog | October 26, 2009

TitanEngine 2.0.2 on Ubuntu

TitanEngine just became Linux friendly! Even though this framework was and is designed only for Microsoft Windows x86/x64 platforms it can work with no problems under Linux with the help of WINE. Small modifications were necessary in order to make this possible but from next release you will be able to execute all ReversingLabs unpackers under Linux distribution of your choice. We have chosen Ubuntu, what is your choice? This ensures maximum safe environment for live malware analysis for those reverse engineers that make Linux their platform of choice.

Read More
Static decryption in reverse
Blog | October 19, 2009

Static decryption in reverse

For today's blog we had to do some minor engine modifications which is always fun. Even though we met these kinds of crypters before it completely slipped our mind that some crypters decrypt data in backward direction. That is why with CryptoCrackPEProtector we introduced new function for data decryption calledStaticMemoryDecryptSpecial. Only thing special about it is that you can choose the direction of decryption and in later versions if it proves necessary byte skipping etc.

Read More
Cloudy day with exeFog
Blog | October 12, 2009

Cloudy day with exeFog

After one week detour to reversing tool coding field we return to what TitanEngine does best which making unpackers of course. This week we take a peek into what hides in the fog, exeFog.

Read More
TitaniumOverlay
Blog | October 5, 2009

TitaniumOverlay

Remember how last week we decided not to publish some tools? Well it has been brought to our attention that we can publish the binaries and later publish the source with the next TitanEngine update which is very close as it is. That is why this Monday we decided to publish TitaniumOverlay tool.

Read More
Buggy Monday, PeX story
Blog | September 28, 2009

Buggy Monday, PeX story

Its a beautiful Monday once again. What is special about this Monday is that it has its rather long introduction story. Here is what you don't know about ReversingLabs. At the end of each week we go through preparation for Monday blog. So the team decides and creates a sample code for our blog. This was also the case last week and we picked to do a blog about using TitanEngine as static library and creating a PeID plugin for handling overlay.

Read More
Packer security advisory: MEW design flaw
Blog | September 14, 2009

Packer security advisory: MEW design flaw

This is a followup on MEW file format analysis. As mentioned in our video blog yesterday we noticed that MEW 10 has a design flaw that wrongfully passes function names to LoadLibraryA which firstly tries to load it as a DLL file and once that has failed it passes the same string to GetProcAddress and successfully finds selected function in previously loaded DLL.

Read More
Analyzing MEW 10 – 11
Blog | September 12, 2009

Analyzing MEW 10 – 11

This week we do a video tutorial about MEW analysis and we give pointers into making unpacker for this format. Download RL!deMEW 10 - 11 unpacker.

Read More
mPack revisited
News | September 7, 2009

mPack revisited

At the end of our BlackHat presentation on which we unveiled our TitanEngine project we promised to keep supporting it and to publish one unpacker demo per week. And this was true since our first update release for TitanEngine contained quite a few samples.

Read More
TitanEngine on BlackHat
News | August 24, 2009

TitanEngine on BlackHat

Official TitanEngine content on Black Hat site is here. Video will be available later on, or could be purchased from Black Hat directly here.

Read More
TitanEngine 2.0.1
News | August 20, 2009

TitanEngine 2.0.1

We are planning our next release of the TitanEngine for the beginning of September. We will have some bug fixes, more documentation, samples and perhaps even a few surprises. Don't forget to come back. Meanwhile, our wiki pages have been added here.

Read More
TitanEngine T-Shirt contest
Blog | August 16, 2009

TitanEngine T-Shirt contest

Do not forget that we are running a cool hack with TitanEngine contest. We will be pressing some ultra nice T-Shirt with great slogans. You won't get their meaning if you are not reverser, and if you are not reverser, TitanEngine is not for you anyways. Details about our contest are here.

Read More
BlackHat recap
Blog | August 12, 2009

BlackHat recap

We took some down time after Black Hat and are now ready to keep churning some new and exciting code. First of all, thanks to all that have made it to our talk and have been asking us in hallways at Black Hat and Defcon to give them demos. Quite a few blog entries and tweets have covered our talk.

Read More
Ask a developer Monday
News | August 11, 2009

Ask a developer Monday

This is the first "Ask a developer Monday" in which we try answer the number one question we received in the past weeks. And that question is: "How can I use TitanEngine as a static library?"

Read More

Pages