BTJB Posted July 19, 2022 Share Posted July 19, 2022 I found that UPX leads to hard output modification! If you compress first and then decompress, the output file is not the same as it was before! It is now strong fragmented with modifications and with new additional data bytes. Is it disadvantage? Let me know please. It seems many crackers did similar change by re-compiling with such tools and the result is horrible! What is the point of UPX? Is it OK to return the app back to uncompressed? Israeli_Eagle 1 Quote Link to comment Share on other sites More sharing options...
debebee Posted July 19, 2022 Share Posted July 19, 2022 (edited) Guessing this is like a destructive edit on a photoshop image.. which is irreversible when compressing an exe or dll.. Uncompressing yields a different output Not sure if there is a flag for an alternative compression algorithm inapp Quote UPX works by compressing the sections stored within the Section Table of the PE file. A strong indicator of UPX being used is the renaming of the header names (UPX0/UPX1). The main purpose of UPX is to reduce file size, this helps mask the malware as a .jpg or to spread through emails. Source: https://labs.detectify.com/2016/04/12/using-reverse-engineering-techniques-to-see-how-a-common-malware-packer-works/ Quote Another related discussion from here https://stackoverflow.com/questions/353634/are-there-any-downsides-to-using-upx-to-compress-a-windows-executable Edited July 20, 2022 by debebee Added related literature Israeli_Eagle 1 Quote Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted July 20, 2022 Share Posted July 20, 2022 Long ago I also liked a lot UPX, but back then was already known the issues. And nowadays we prefer speed and size is no problem anymore, so somehow UPX became useless. BTJB 1 Quote Link to comment Share on other sites More sharing options...
andy2004 Posted July 20, 2022 Share Posted July 20, 2022 size is no problem.. LOL..i guess you think that those apps installed on your computer arent compressed with something.. whether it be upx or other.. pecompact, aspack, or some protector which includes a compression.. think you'd be surprised if you used a scanner to find out.. IF you want to scan i would suggest Nauz file detector v0.08 BTJB 1 Quote Link to comment Share on other sites More sharing options...
Israeli_Eagle Posted July 20, 2022 Share Posted July 20, 2022 (edited) 6 hours ago, andy2004 said: size is no problem.. LOL..i guess you think that those apps installed on your computer arent compressed with something.. whether it be upx or other.. pecompact, aspack, or some protector which includes a compression.. think you'd be surprised if you used a scanner to find out.. IF you want to scan i would suggest Nauz file detector v0.08 Fact is that most real software never uses such, has also no reason at all. Sure, sometimes we also have something like Denuvo, but that is a different topic as UPX. But I also have no clue which weird 'apps' you might mean. Edited July 20, 2022 by Israeli_Eagle Quote Link to comment Share on other sites More sharing options...
BTJB Posted July 20, 2022 Author Share Posted July 20, 2022 @debebee I found another similar topic, but still cannot understand the answer. Maybe the code is same, but in different order...? Or maybe the file content is destroyed and there is no more correct preview? I found that the person UZ1 and other crackers did some big re-code instead to make small changes. Fore example, instead to make one byte change, the file is recompiled like UPX. My friend ptoved the last statement. Quote Link to comment Share on other sites More sharing options...
BTJB Posted July 22, 2022 Author Share Posted July 22, 2022 UZ1 started to protect whoevers content by packing it twice with MPRESS! Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.