Post Reply 
 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
How to lose your hair & mind with Ioncube..
06-01-2017, 11:29 AM (This post was last modified: 06-01-2017 11:31 AM by Loomy.)
Post: #1
How to lose your hair & mind with Ioncube..
While I can confirm it mostly possible for loaderless decoding of all ioncube versions through php alone, this just one of many challenges you face (and im failing Big Grin ) . I think only those who know or share(d) my 0x400 obfuscation pains, know Smile Please light candle for my soul, might be here a while !

[Image: working-to-death-business-mans-skeleton-...?s=612x612]

but i am soldier.. so keep going, reminding myself:

[Image: c4y7b.jpg]

[Image: p2HNPtg.png]
Find all posts by this user
Quote this message in a reply
06-01-2017, 11:26 PM
Post: #2
RE: How to lose your hair & mind with Ioncube..
Good!
Find all posts by this user
Quote this message in a reply
08-10-2017, 03:34 AM
Post: #3
RE: How to lose your hair & mind with Ioncube..
I think you need disassembler or debugger to patch loaders, instead of trying to hook opcode via php module.
Find all posts by this user
Quote this message in a reply
08-14-2017, 10:02 AM (This post was last modified: 08-14-2017 10:04 AM by Loomy.)
Post: #4
RE: How to lose your hair & mind with Ioncube..
(08-10-2017 03:34 AM)ggyy1919 Wrote:  I think you need disassembler or debugger to patch loaders, instead of trying to hook opcode via php module.

Have tried tying fat bait to Hook, but ioncube just wont bite Tongue
.
For me though the challenge & fun is trying to achieve through static analysis alone, without loader (or effectively replacing via php/c#)challenges vary, one that keeps cropping up is poor handling of near max value signed int32 by php itself - can skew results, in these cases just switch to c#, and severe lack of debugging skill. Only so far you can go with mashing buttons in IDA. still makes for great learning.

IMO challenge not so much opcodes retrieval. There is a craptonne of things going on within the loader, before it even gets to execution stage, IC has its own internal executor with many many little annoying changes to their structure & handling, optimizing out some, in the end , even for someone well familiar with zend internals can be frustrating.
Find all posts by this user
Quote this message in a reply
Post Reply 


Forum Jump:


User(s) browsing this thread: 1 Guest(s)

Contact Us | Homepage | Return to Top | Return to Content | Lite (Archive) Mode | RSS Syndication