
XORSearch and XORStrings – Reverse engineering files - emersonrsantos
http://blog.didierstevens.com/programs/xorsearch/
======
iheartmemcache
For those of you who don't do RE CTF's, anything XOR'd _usually_ (yeah yeah
there are exceptions) indicates 'oh this region is interesting because
someones trying to obfuscate something'. Sort of like "oh hey, this has binary
has been packed with __, there's a fair chance it's been done for for malware
purpose".

Things are a lot more complicated these days with FLEXlm and network
authentication (KMS type stuff), but previously that'd be the first place one
would look to start designing keygens (rather than just patching your JE ->
JNE; JZ -> JNZ haha).

Take a look at Didier's Github. (1) It has basically the 'batteries included
starter kit' of the Immunity/Olly/IDA plugins that are useful.

1:
[https://github.com/DidierStevens/DidierStevensSuite](https://github.com/DidierStevens/DidierStevensSuite)

~~~
voltagex_
Interesting you mention FlexLM - it seems very unreliable, even when used
legitimately. Got any more info on how it can be broken?

~~~
analognoise
I'm also interested in this - it is certainly done quite a lot in the wild,
I'm curious if there's a knowledge base somewhere for it.

------
NKCSS
This is from 2007...

