https://cakeslayers.github.io/ 2023-06-18T14:44:07+08:00 CakeSlayers https://cakeslayers.github.io/ Jekyll © 2023 CakeSlayers /assets/img/favicons/favicon.ico /assets/img/favicons/favicon-96x96.png 2023-06-13T00:00:00+08:00 2023-06-18T14:33:12+08:00 https://cakeslayers.github.io/posts/Defeating-Epsilon-Loader-V0.34-Vol-3/ CakeSlayers

Disclaimer The following pseudocode snippets are heavily beautified. You may not be able to instantly recognize some of these parts; lots of junk code and algorithms are unrolled. But that doesn’t really matter, as when you finish reading this article, you will have a field day breaking it (= Intro As we’ve already known, epsilon loader implemented some sorts of encryption on network packets...

2022-03-19T00:00:00+08:00 2023-06-18T14:33:12+08:00 https://cakeslayers.github.io/posts/Defeating-Epsilon-Loader-V0.34-Vol-2/ CakeSlayers

Disclaimer The following pseudocode snippets are heavily beautified. You may not be able to instantly recognize some of these parts; lots of junk code and algorithms are unrolled. But that doesn’t really matter, as when you finish reading about this kind of protection, you will have a field day breaking it (= Intro In the last article we deobfuscated the Indys and reveal the “real invocation...

2022-02-28T00:00:00+08:00 2023-06-18T14:33:12+08:00 https://cakeslayers.github.io/posts/Defeating-Epsilon-Loader-V0.34-Vol-1/ CakeSlayers

Epsilon Loader V0.34 had been considered as “STRONG obfuscated” as well as “uncrackable” by the 2B2T community for a long time. It was also widely believed that the authentication and verification part of Epsilon is achieved in the DLL1. So let’s look inside the DLL and the related JVM classes to determine what role the DLL plays and find out the way to exploit it. Initial analysis of the DL...