QWERTY

Prerequisites & Requirements

• Intermediate C++ Knowledge: A solid understanding of C++ syntax, object-oriented concepts, and common library functions, essential for comprehending decompiled code.
• Intermediate x64 Assembly Knowledge: Familiarity with x64 assembly language, including register usage, calling conventions, and common instruction sets, which aids in interpreting low-level details from the disassembler.
• Basic Cryptographic Principles: A foundational understanding of XOR operations and the concept of pseudo-random number generation (PRNG).

What will you learn?

• Analyze Obfuscated C++ Executables: Develop skills in navigating and interpreting heavily obfuscated C++ code within a disassembler like IDA Pro, especially when symbols are available via PDB files.
• Reverse Engineer Custom Decryption Routines: Understand how to dissect proprietary decryption algorithms that rely on system-specific information ( e.g ., keyboard layouts) and mathematical functions.
• Implement PRNG Brute-Forcing Techniques: Learn to identify weaknesses in PRNG schemes and develop Python scripts to brute-force unknown seed values based on external system characteristics.
• Identify C2 Infrastructure: Pinpoint command and control (C2) communication channels and exfiltration targets by analyzing network-related API calls ( e.g ., cURL functions).

Tools

• IDA Pro: A powerful disassembler and decompiler for in-depth static analysis of the C++ executable, especially with PDB symbol loading.
• Python: For scripting the brute-force decryption logic to recover the C2 address.