My notes about Genyatyk VM crackme
Here I have my notes about Genyatyk VM, I have my analysis of the binary (once unpacked from MEW packer with qunpack), I tried to rename every funcion and every variable (even you have structs and enums). Trying to resolve this VM, I wrote my first disassembler, and I learned about this kind of obfuscation, I think VMs are one of the most complex packers, but well I had fun.
-
In this URL, you can find the python disassembler of the VM: vm_disassembler.py
-
Here, the output of this python script, commented: vm_instructions.txt
-
Crackme without mew packer: vmkgme__.exe
-
Crackme .idb from IDA 6.8: vmkgme__.idb
-
Crackme with mew packer: vmkgme.exe
-
Crackme .idb (with mew) from IDA 6.8: vmkgme.idb
-
Some functions from Crackme in C, and the keygen from Andrewl resolution: GenaytykVM.cpp
-
Translator from Genaytyk virtual code to LLVM IR (compiled with LLVM 3.8.1): genaytyk2llvmir
-
Code of Genaytyk in LLVM IR: genaytyk.ll
As you can see, I was not able to resolve the encrypt function =( I hope to continue learning how this function works and continue working with VMs.
Finally I wrote the genaytyk VM code lifter with LLVM IR, so what you can find in genaytyk.ll it would be the LLVM IR version of vm_instructions.txt or vm_instructions.asm. The translation library can be found in genaytyk code lifter library, and the disassembler code in genaytyk llvm ir disassembler.