ObfuscationMania! HALP menu

User Tag List

Results 1 to 4 of 4
  1. #1
    nippel's Avatar Master Sergeant
    Reputation
    21
    Join Date
    Jun 2009
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    ObfuscationMania! HALP

    Sooo, they finally decided to add more obfucation in some parts of the exe, adding additional 20mb to it. From what I see so far, their main purpose was to obfuscate the exposed lua parts.
    So far the packed .reloc section didnt really bother me, but now the lua parts are annoying. Is there anyone who is able to unpack this, or better, transfer this knowlegde in a usable manner or maybe just give some hints ? Because none of us ever had to bother with this so far and time is rare these days to read into such stuff...

    These ads disappear when you log in.

  2. #2
    nippel's Avatar Master Sergeant
    Reputation
    21
    Join Date
    Jun 2009
    Posts
    71
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    After looking a bit more at it, it seems to be just a huge scrambled piece of bananacode where functions in the .text segment jump into and this piece of reloc code does some funny things I dont understand and then either goes back into a target func in the .text ... but sometimes parts of the function's code is actually executed in that reloc section...really not sure.

    Anyway, whoever relied on lua functions or made their lives easy while "just getting these" is now most likely unable to use whatever he was using. They moved big parts of their lua into that weirdly packed/obfuscated/banana reloc section, probably to prevent the cheap lua injection bots from working.

    I'm still interested in some hints on what exactly the code is doing there because I dont understand it and ida shows garbage

  3. #3
    Sirmabus's Avatar Sergeant
    Reputation
    34
    Join Date
    Jun 2008
    Posts
    69
    Thanks G/R
    0/1
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Yea they certainly did throw more of that in there I see.
    Luckily got my offsets okay, didn't effect me anyhow.
    I guess depending on what you were doing it could mess you up, otherwise the worst I see of it that it makes it harder to track down and reverse some stuff if you didn't already have it.

    I've seen a lot de-obfucation stuff on other sites as IDA plug-in's and what not.
    As I recall they recursively walk over sections of these code blocks and show them as readable pseudo code, but never messed with one.
    Does seem to be some sort of pattern with it. The trick then is to find the new entry point for them and treat them just as functions still if possible.

  4. #4
    cute_star's Avatar Sergeant
    Reputation
    4
    Join Date
    Apr 2014
    Posts
    58
    Thanks G/R
    0/0
    Trade Feedback
    0 (0%)
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    yes , i also found it . Maybe we need to get more detailed infos for obfuscated parts .

Similar Threads

  1. Halp...Difficult stuff here... :O
    By V1cinity in forum WoW ME Questions and Requests
    Replies: 7
    Last Post: 07-30-2007, 02:00 AM
  2. Model edititing? HALP
    By Sejull in forum WoW ME Questions and Requests
    Replies: 2
    Last Post: 07-27-2007, 12:15 AM
  3. halp
    By wrags in forum WoW ME Questions and Requests
    Replies: 0
    Last Post: 05-24-2007, 03:36 PM
  4. (Mod halp?) Account Liania.
    By Frillie in forum Community Chat
    Replies: 15
    Last Post: 05-12-2007, 08:00 PM
  5. Vegas Video 6.0 Users.. Halp?
    By Liania in forum World of Warcraft General
    Replies: 0
    Last Post: 01-15-2007, 02:30 AM
All times are GMT -5. The time now is 08:14 PM. Powered by vBulletin® Version 4.2.3
Copyright © 2021 vBulletin Solutions, Inc. All rights reserved. User Alert System provided by Advanced User Tagging (Pro) - vBulletin Mods & Addons Copyright © 2021 DragonByte Technologies Ltd.
Digital Point modules: Sphinx-based search