By ro0ted | March 26, 2015 - 22:57 | Posted in /b/ | 9 Comments
#ro0ted #OpNewblood What the blackhats dont want you to know: Manually Unpacking Part 2

Since no one understood the Manually Unpacking tutorial, I decided to make a longer one. I will also use that technique with more tutorials so you can get it down. It’s an old but great method to know. – https://twitter.com/ro0ted/

 

So I am going to use a file I packed using UPX.

First we download UPX:

http://upx.sourceforge.net/

Untitled

Now we go to wherever it’s located at in this case
click the start button, cmd.
Untitled

type cd C:\Users\Downloads\Compressed\upx391w\upx391w\

Untitled

Type upx -9 cybernexus.exe

Untitled

Now load it in exeinfoPE:

Untitled

You will HAVE to this step yourself. Now load it in Ollydbg, scroll through code looking for OEP. Using the trial and error method:
Untitled

Untitled

the offset is 635E6

Untitled

Click dump and save the file as however you want.
Open it in exeinfoPE:

Untitled

The EP Section now shows the .text segment instead of the packer, UPX1

Finally load it in Olly:

Untitled

Loads up. No problem.

ro0ted

 


 

 

Check out my tutorials in my series…. “What the Blackhats don’t want you to know”

 

(In order)

Why am I teaching Reverse Engineering to inexperienced new Anons in OpNewblood?

Whitehat Lab

ASM Programming

Introduction Part 1 Ollydbg 

Introduction Part 2 Using Ollydbg and Tracing Botnets

Analyzing Botnets

 Introduction Part 3 Ollydbg: Cheating a Crackme

Introduction Part 4 Ollydbg: Your first Patch

Encryption 101

Cuckoo Sandbox: Automated Malware Analysis also known as Malwr.com

Introduction to Honeydrive: A Brief Walk Through

Installing Kippo the SSH Honeypot on a VPS Part 1: How to set it up

Resource Hacker

Dll Injection the Easy Way

Visual Basic Binaries Walk Through Part 1

Ollydbg on Steroids

Creating Patchers Part 1

Have you supported the gas mask campaign over the years?

Crack to win a gas mask gift pack

How to edit a register me crack me Pre Part 1

Unwinding Delphi Binaries Walk Through if not Preview

Cracking Delphi Part 2

Reversing Timed Trials: Ollydbg Tricks Part 3

Analyzing Adware

Preview Against Debugging

Bypassing Registering 101

Bypassing Part 2

Android/iOS Reversing

Introducing IDA Pro: Static Analyzing

Hacker’s Disassembler

Ripping Apart Adware

Never trust Warez or Cracked Programs: Reversing a Crypted IRC bot infected file

IDA PRO Book

Unpacking & Crypting there is a difference

Covert Debugging whitepaper from blackhat.com

Manually Unpacking with Ollydbg

Manually Unpacking Part 2 +

 

 

 

 

(Visited 344 times, 1 visits today)


  • You can follow any responses to this entry through the RSS 2.0 feed.
  • Both comments and pings are currently closed.

9 Responses to #ro0ted #OpNewblood What the blackhats dont want you to know: Manually Unpacking Part 2

  1. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: ASM Injection

    […] Manually Unpacking Part 2 […]

  2. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats don’t want you to know: ASM Injecting Part 2

    […] Manually Unpacking Part 2 […]

  3. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting pt 3 Crypt against AVs

    […] Manually Unpacking Part 2 […]

  4. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: ASM Injecting Part 4

    […] Manually Unpacking Part 2 […]

  5. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Analyzing the ZeuS bot Part 2

    […] Manually Unpacking Part 2 […]

  6. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know: Infected Machine? Create a memory dump

    […] Manually Unpacking Part 2 […]

  7. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood You have pictures of your face on the internet right?

    […] Manually Unpacking Part 2 […]

  8. Pingback: CyberGuerrilla soApboX » #ro0ted #OpNewblood What the blackhats dont want you to know BE: think ur drive is really wiped?

    […] Manually Unpacking Part 2 […]

  9. Pingback: CyberGuerrilla soApboX » What the Blackhats don’t want you to know series

    […] Manually Unpacking Part 2 […]