Monday, 25 April 2011
WinLocker Builder v0.4 - Cracking Generated winlocks
Apparently a new version of Winlocker Builder was released
VAN32 (the creator) have also released the full Delphi source code.
A generated sample for view the result on VirusTotal: http://www.virustotal.com/file-scan/reanalysis.html?id=2fcf56f7fcdbc267848bbca81fdb83001065cd1bfd137ff285cfb44077d04abe-1303744252
Result: 4/41 (9.8%) Dr.Web guys are fast generally for blacklist ransomware threats
On the generated Winlock, the 1024x768 resolution problem seem not yet fixed !
So here we go, what's new on this version ?
A simple homemade XOR on the serial verification.
But one 'lame' thing i've noticed, the xored unlock code is 'unxored' inside and compared in plaintext with the serial entered by the user.
That would have a sens (and more fun to reverse) if the entered serial was xored and compared to the xored unlock code stored inside, but it makes the opposite.
The code source is public, I think we will see soon custom variants.
A simple XOR Reverse done with the original source code of WinLocker Builder v0.4
Archive password: xylibox
May only the challenge guide you, so don't use this tool. :)
Merci Xash pour le Delphi, ça faisait vraiment longtemps que j'avais pas touché à ça ;)
VAN32 Winlocker Builder on the past ~
Trojan.Ransom (Winlocker builder)
WinLocker Builder v0.2/v0.3 - Cracking Generated winlocks