| |
ws
Registered: Apr 2012
Posts: 251 |
Malicious Packer?
I was interested in this entry Galaxy Cargo + Poker because i wanted to see if the badness of the raster routine had anything to do with PAL/NTSC timing. It turned out, that it is just very badly coded.
What puzzled me was, that the depacker was partially obfuscated by an EOR routine. I reverted that and started the program again, but for fun i also altered the chars in the SYS line to WS/G*P. Prog started and all of a sudden, my attached disk was empty, named "PREPARE TO DIE!". (I probably could have used Ians Unp64 V2.36, which gives a depacked largefile, but what i wanted was to have just an de-ofuscated original binary.) My mistake was to not examine the code any further.
This packer actually has a routine checking if the sysline was altered, and if so, the routine will format your currently inserted Disk or VOLUME to "PREPARE TO DIE!". Imagine if one had mounted a flashdrive or even an entire harddisk. Quite dangerous.
Does anybody know something about this >PWR< Packer(?) thing?
Are there any other examples of malicious C64 code like this, like screwing up your disk if things have been altered? |
|
... 22 posts hidden. Click here to view all posts....
|
| |
Rastah Bar
Account closed
Registered: Oct 2012
Posts: 336 |
I remember are crack where, on pressing the reset button (IIRC), a big grim reaper sprite would appear and the disk would be formatted. |
| |
ws
Registered: Apr 2012
Posts: 251 |
@Bansai: That is actually a pretty sweet/nasty idea for a tool "Very Fast Floppy Compressor"...
"A new and groundbreaking method of reorganizing and compressing suboptimally filled blocks!!!! 25% more free disk space guaranteed - in almost no time!"
Just display some stats, scrolling lists of data, some percentage counter, move the floppy-head around and alter the bam to 25-30% more blocks free. And since afterwards one could successfully store a new file, everything would look legit. Until the rude awakening upon trying to load one of the damaged files. :-D Evil! |
| |
Count Zero
Registered: Jan 2003
Posts: 1926 |
https://csdb.dk/release/?id=52462&show=notes#notes
Not sure if the soft format is applied by some protection program or manually. |
| |
ws
Registered: Apr 2012
Posts: 251 |
@Count Zero:
Thanks! That one was also "protected" with PWR Coder V1.89 , it seems! |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
It's a crypting layer in every prg by CIA Design and also, with different sysline, in Men at Work cracks like Star Slayer and Rolling Thunder
I've called it CIA Crypt v2.x not having any other clues ;) |
| |
Richard
Registered: Dec 2001
Posts: 621 |
There was another nasty compression tool (according to codebase), which was the FROGS version of "Fast Cruel V4.0+". It injects some kind of FROG infection into Fast Cruelled programs. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
Well, those are just Trojan horses, not anti-hacking protections. "Coders" are about protections of programs from tampering. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
Another coder/protector that formats in case of tampering just got uploaded
Checksum Protector V1.0 aka FCG Coder.
I found several uses of this one but never found the actual coder so far. |
| |
ws
Registered: Apr 2012
Posts: 251 |
Thanks! Seems to follow the same principle as PWR Coder, from the looks of it. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
found another nasty one
Protector V1.3
tampering with the protected prg will resutl in drive set to write mode, trashing everything.
Found used in Typhoon |
| Previous - 1 | 2 | 3 | 4 - Next |
