Reversing.kr Easy Unpack Writeup

29 Dec 2018

Environment

Host OS: Kali linux 2018.4
Guest OS: Windows 7 Service Pack 1
Virtualization: Virtualbox 5.2.22
PE packer/analyzer: PEiD v0.95

Explanation

Reversing.kr is a website which has some of reverse engineering challenges. This is a write-up of Easy Unpack on that website.

Solution

1. Reading the ReadMe.txt

As we open the readme.txt, what we can see is following message. placeholder Sounds like we have to figure out which address is the Original Entry Point.

2. Running the app

When we run the app, we have a small dialogue Clicking does not work for anything placeholder

3. Finding an entry point

We can find the OEP easily with a software “PEiD”. placeholder After opened Easy_UnpackMe.exe with “PEiD”, click “->” button to open the menu. Then, proceed like

Plugins -> PEiD Generic Unpacker

placeholder With this plugin, we can find the OEP. According to this information, the key of this challange is “00401150”.

1n4r1.github.io

Reversing.kr Easy Unpack Writeup

Environment

Explanation

Solution

1. Reading the ReadMe.txt

2. Running the app

3. Finding an entry point

Related Posts

AWS Pentest with CloudGoat (iam_privesc_by_rollback) 25 Oct 2024

AWS IAM enumeration using AWS CLI (with CloudGoat) 24 Oct 2024

Setting up CloudGoat 17 Oct 2024