By ro0ted | March 24, 2015 - 01:04 | Posted in /b/ | 12 Comments
#ro0ted #OpNewblood What the blackhats don’t want you to know: Manually unpacking in Olly

This is how to manually unpack with Ollydbg using the Ollydump plugin. – ro0ted https://twitter.com/ro0ted/

 

Ollydump should be in this the thread:

https://archive.cyberguerrilla.org/a/2015/ro0ted-opnewblood-what-the-blackhats-dont-want-you-to-know-its-time-to-beef-up-ollydbg-time-to-fuck-shit-up/

 

As soon as we load packed file we get this screen:

Untitled

After that we select Yes.
Go to Plugins>Ollydump:

Untitled

Then we get this screen:

Untitled

UPX is the packer used here.
Double check in exeinfoPE:

Untitled

So now we need to find the OEP.
You learned in my last tuts…OEP = Original Entry Point.
Untitled

Toggle a break point on 004082AF we dont want to trace the decompress routine of it. Now press play.
Then press F8.

Untitled

We stop here…12c0 is the OEP.
Now go back to plugins>Ollydump>Debugged Processes:

Untitled

Now we load it in exeinfoPE:

Untitled

 

Basically gotta find the offset of the OEP.

 

ro0ted

 


 

 

Check out my tutorials in my series…. “What the Blackhats don’t want you to know”

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg +

 

 

 

(Visited 454 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.