CloseCv

EasyMalware Reverse Engineering

Overview

Our intelligence team analyzed an attacker's PC and discovered a video along with the provided code; however, it utilizes an unknown library. Would you be able to deobfuscate the code to reverse-engineer the video?

Lab Details

Prerequisites & Requirements

  • Technical Knowledge:
    • Advanced Python Concepts: Understanding of Python's import system (specifically __import__, globals() , and locals() ), dynamic execution, and how Python packages are structured (.whl files).
    • Computer Vision Fundamentals: Knowledge of how images are represented as multi-dimensional arrays (Matrices) and how video files are essentially sequences of these arrays over time.
    • NumPy Proficiency: Ability to manipulate arrays, specifically understanding coordinate systems (x, y vs row, col) and matrix operations like stack or max.
  • System Requirements:
    • Python 3.x : Required to run the encoder and solution scripts.
    • OpenCV (opencv-python): The core library required to process video frames.
    • Archive Manager: A tool (like unzip, 7-Zip, or WinRAR) to inspect the contents of the .whl file, as Wheel files are simply ZIP archives.

What will you learn?

  • Reverse Engineer Python Packages: Analyze custom Python Wheel (.whl) files to understand library internals and identify wrapped or obfuscated functions.
  • Deobfuscate Dynamic Imports: Recognize and refactor code that uses dynamic loading (__import__) to hide standard library usage (like cv2) behind custom aliases.
  • Perform Video Forensics (Temporal Stacking): Learn the technique of temporal aggregation , where information scattered across time (multiple video frames) is compressed into a single spatial image to reveal hidden data.
  • Automate Visual Reconstruction: Write scripts to iterate through video frames and mathematically combine them (using Maximum Projection) to reconstruct the original signal.

Tools

  • OpenCV :
    • Description: The Open Source Computer Vision Library. In this challenge, it is used to read the video file frame-by-frame and access the raw pixel data.
    • Installation: pip install opencv-python
  • NumPy :
    • Description: The fundamental package for scientific computing in Python. It is used here to handle the image data as arrays, enabling us to perform pixel-wise operations efficiently.
    • Installation: pip install numpy (usually installed automatically with OpenCV).
  • Archive Utility (7-Zip / Unzip):

Job Positions

Penetration Tester

Tags

SteganographyObfuscationUnpackingMalware AnalysisStatic Analysis