Log in

View Full Version : ARTeam: Reversing Of A Protection Scheme Based On Drivers: Sandboxie by Shub


Shub-nigurrath
August 8th, 2007, 08:19
Hi all,
this time the announce is very special for two reasons: this is another tutorial I wrote these days and it is the number 200

yes, we released so far 200 original unreleased tutorials, this is an astonishing result and I wish to thanks all our fellows in this adventure and all of those who contributed in writing tutorials and genarally speaking keeping our community alive and so active. Let continue this wonderful experiment we call ARTEAM have to live for a long time till.

This is the tutorial..
Reversing Of A Protection Scheme Based On Drivers: Sandboxie
Sometime happens to fall into an interesting protection which reveals to be nicely implemented and nice to describe into a tutorial. This time is the turn of SandBoxie, a program that has an nice protection schema. I thought it could have been useful to reverse and document in a tutorial, mostly because I used a lot a combination of OllyDbg and IDA Debugger. This time I preferred using IDA as much as possible to understand the code and then OllyDbg only to verify the assumptions done. This method of investigation is usually very common when you have to analyze malware, but also very handy, because IDA allows saving of reversing sessions, code editing, name changing and so on.

http://tutorials.accessroot.com

BR,
Shub

Hopcode
August 8th, 2007, 09:19
I remember fishing serial for this tool a couple years ago or so.

Using Soft ICE, i think it was as simple as putting a BPX on _wcsicmp or something, and you'd get the serial in plain text

So much for a protection

dELTA
August 8th, 2007, 12:42
Hey Shub-nigurrath, thanks for another high quality tutorial, and congrats on the release number. You guys rock, so make sure to continue the reversing, and to keep us informed.

Shub-nigurrath
August 8th, 2007, 14:03
Hopcode
yes, simple using sice, but less using only IDA..the point was not using softice as I said in the tutorial and showing how far you can go only with IDA..

JMI
August 8th, 2007, 14:53
And, as always, thanks for sharing with our readers!

Regards,

Shub-nigurrath
August 18th, 2007, 03:33
Version 1.1 is out

I added to this new version the complete process of keygenning the program, the methods, the sources and all the required explanations. Useful to people willing to learn the whole process that starts from the initial analysis of a program to its complete keygeneration.
Sources included.

Sorry for eventually double downloads..