![]() ![]() ![]() When I rewrote the disassembly of a Sky pay-TV smartcard in C in 1997 (I know, I was an unruly teenager who turned into an unruly adult, sorry) and the company who designed the smartcard ( NDS – now merged with Cisco) wanted to “have a little chat” with me about this, one of the first questions they asked me was: if you wanted free TV, why didn’t you just run the smartcard code in a CPU emulator once you’d dumped the ROM instead of spending 8 months rewriting it in C? My answer was matter-of-fact: I already have a Sky subscription, I just wanted to know how the card worked and prove it could be done. Some people have a quite different motive: reverse engineering is a hobby for them they don’t use or care about the product, they’re merely interested to learn about how different protections work – the reverse engineering is the game, so to speak. If you’re the nefarious type who sells exploits for money, you probably don’t care how the target software works either, as long as you can sell your exploitative trash (shame on you). ![]() If you’re a malware analyst, you don’t care how the payload is encrypted you just want to understand what threat vectors the malware exploits, what its key behaviour is, and how to create a signature to detect it. People reverse engineer code for different reasons. ![]() We had a good chuckle together reverse engineering League of Legends: Wild Rift, but now it’s time to get serious. miHoYo has taken aim at our beloved (and sometimes hated) IL2CPP tools and trashed them with customized metadata encryption and extensive struct reordering, encapsulated in an obfuscated UnityPlayer.dll built from a modified Unity source code base. Of all the IL2CPP workloads that have landed on my office desk over the years, those published by miHoYo (web site in Chinese) are what I consider to be the current gold standard for IL2CPP obfuscation. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |