| |
ws
Registered: Apr 2012
Posts: 251 |
Malicious Packer?
I was interested in this entry Galaxy Cargo + Poker because i wanted to see if the badness of the raster routine had anything to do with PAL/NTSC timing. It turned out, that it is just very badly coded.
What puzzled me was, that the depacker was partially obfuscated by an EOR routine. I reverted that and started the program again, but for fun i also altered the chars in the SYS line to WS/G*P. Prog started and all of a sudden, my attached disk was empty, named "PREPARE TO DIE!". (I probably could have used Ians Unp64 V2.36, which gives a depacked largefile, but what i wanted was to have just an de-ofuscated original binary.) My mistake was to not examine the code any further.
This packer actually has a routine checking if the sysline was altered, and if so, the routine will format your currently inserted Disk or VOLUME to "PREPARE TO DIE!". Imagine if one had mounted a flashdrive or even an entire harddisk. Quite dangerous.
Does anybody know something about this >PWR< Packer(?) thing?
Are there any other examples of malicious C64 code like this, like screwing up your disk if things have been altered? |
|
... 22 posts hidden. Click here to view all posts....
|
| |
Count Zero
Registered: Jan 2003
Posts: 1926 |
https://csdb.dk/release/?id=52462&show=notes#notes
Not sure if the soft format is applied by some protection program or manually. |
| |
ws
Registered: Apr 2012
Posts: 251 |
@Count Zero:
Thanks! That one was also "protected" with PWR Coder V1.89 , it seems! |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
It's a crypting layer in every prg by CIA Design and also, with different sysline, in Men at Work cracks like Star Slayer and Rolling Thunder
I've called it CIA Crypt v2.x not having any other clues ;) |
| |
Richard
Registered: Dec 2001
Posts: 621 |
There was another nasty compression tool (according to codebase), which was the FROGS version of "Fast Cruel V4.0+". It injects some kind of FROG infection into Fast Cruelled programs. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
Well, those are just Trojan horses, not anti-hacking protections. "Coders" are about protections of programs from tampering. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
Another coder/protector that formats in case of tampering just got uploaded
Checksum Protector V1.0 aka FCG Coder.
I found several uses of this one but never found the actual coder so far. |
| |
ws
Registered: Apr 2012
Posts: 251 |
Thanks! Seems to follow the same principle as PWR Coder, from the looks of it. |
| |
iAN CooG
Registered: May 2002
Posts: 3187 |
found another nasty one
Protector V1.3
tampering with the protected prg will resutl in drive set to write mode, trashing everything.
Found used in Typhoon |
| |
hedning
Registered: Mar 2009
Posts: 4720 |
I don't know if this one was discussed before. The Bonanza Crew spread a lot of disks with some kind of protection against tampering with the disks. I had to reach out to Mason to add cleaned up versions of their releases four years ago, like Super Real Darwin + [seuck].
If you tamper with the disk in any way the disk will get erased. Here's the Darwin spread disk in it's evil original form: https://www.dropbox.com/scl/fi/swwzr8yaln7pxbn44ajiy/Bonanza.zi.. |
| |
chatGPZ
Registered: Dec 2001
Posts: 11354 |
A bunch of those people who sold cracks also put timebombs into their stuff...like you can run it 100 times, then it deletes itself |
| Previous - 1 | 2 | 3 | 4 - Next |
