Lycosidae - Modern Anti Debug
https://github.com/lurumdare/Lycosidae
Bypass ScyllaHide Features - Import no leak - Strings no leak |
I haven't looked at the entire source, but isn't using CRC32 to verify functions easy to bypass?
For example, https://www.nayuki.io/page/forcing-a-files-crc-to-any-value Seems like it would be trivial to change the hooking procedure of ScyllaHide to use code like this to get the correct CRC with only 5 extra bytes of overhead (4 bytes of garbage after the jmp + 0xCC), and the CRC check could be circumvented. I think it would be better to just do a direct byte comparison of the functions since they are being processing in their entirety to get the length already. |
Quote:
|
Quote:
|
i really dont see whats so fantastic / revolutionary about this at all
|
Need tester for this branch
https://github.com/lurumdare/ScyllaHideDetector/tree/crc32c |
Updated
https://github.com/lurumdare/Lycosidae2 |
All times are GMT +8. The time now is 15:54. |
Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX