Challenge 2007

[lena151]

GOAL:

Goal is to register the ReverseMe. This is visualised if it says at startup "REGISTERED to:" followed by the name you registered it for.

ABOUT:

Mostly byte coded in assembler (masm).

Not packed.

You may either patch, fish or keygen. More info in About box. Obviously, no aesthetic-patching-only allowed.

INFO:

It's not the algo that makes the challenge! The algo is short and easy, the real challenge lies in the obfuscation and stuff! I take my hat off and bow deep for those bringing a valid solution! Please explain how you did it.

MORE INFO:

On a sidenote: it was also a challenge for me as I had never byte coded such a long part in one target. Don't be surprised when you see the disassembled file in a debugger!

Success and have fun!

Regards,

lena151.

ReverseMe_8_by_lena151.rar

Edited May 26, 2007 by lena151

[Loki]

This one is owning my a$$ right now.

Had a brief look and noticed it is generating (seemingly) random numbers and then checking parts with hard coded hex values. Haven't looked in any detail at how to make it do what I want yet though. Wouldn't surprise me if this was a decoy area though as the 'Registered to:' buffer is cleared (unless we have to patch it).

Think I need to find some time to have a decent look

I'm guessing the other 21 (at time of writing) people to download it are struggling too, hence the lack of comments?

Edited May 16, 2007 by Loki

[Ufo-Pu55y]

I'm guessing the other 21 (at time of writing) people to download it are struggling too

....... erm, what do u mean....

PS: I guess Challenge 2007 means, we've got 1/2 year left to do the job !?! Rush, rush !!!

Edited May 16, 2007 by Ufo-Pu55y

[lena151]

..... 'Registered to:' buffer is cleared (unless we have to patch it).

There is no patching necessary provided that the reverseme is feeded the right stuff.

[Loki]

Looking forward to having a better look at this then!

[syk071c]

i will have a nice look on the weekend.... this will take time.. lots and lots of time.. lol

Edited May 16, 2007 by syk071c

[MOID]

<<Crossposting to ICU, ARTeam and tuts4you>>

Finished it Must say this was a great ReverseMe with nice obscufation, checksumming and plenty of decoys. I uploaded some notes, my IDB and the KeyFileGen, but I recommend not downloading it and doing it yourself. You won't be disappointed.

_http://rapidshare.com/files/31685135/solution.rar

or

_http://z02.zupload.com/download.php?file=getfile&filepath=29124

or

_http://www.divshare.com/download/660543-beb

[lena151]

<Cross-replying to the post>

Wow, MOID, I'm really impressed mate!

I take my hat off for you and bow deep

For those still wanting to look into it, some more info on the ReverseMe:

I submitted this reverseme to www.crackmes.de being difficulty level 9/9 not only because it makes extensive use of

-code obfuscation

-code destruction

-decoy code and decoy strings

-machine specific algo

-selfmodifying/polymorphic code

-string decryption/re-encryption

-algo hiding

but especially because it has

-anti-tracing

-HW BP detection

-Software BP detection

-ring0/ring3 debugger detection

-anti-patching

and if any of the last 5 are detected ... the real algo is never run and you are sent into the woods to go play with Robin Hood.

This reverseme is definately and by far the hardest I've ever made in assembler. It's true, I could easily have made the reverseme many times harder (for example by making a really difficult algo too) but reverseme's are not made to be impossibly hard, right?

I had prepared my own keygen, if someone is interested to find out how it works, find it attached here, but if you feel up for the challenge, then don't look in the solutions .....

Hehe, now the reverseme is solved before it was approved at crackmes.de :aufsmaul:

Heh MOID, post your solution there too asa it's approved

Regards to all who tried and still try.

lena151.

ReverseMe_8_by_lena151.solution.zip

[rendari]

Good stuff. Thanks, you gave me something other than a VM to play with. Proves that the old tricks still work.

[Teddy Rogers]

Hat off time again...

http://tuts4you.com/download.php?view.1641

Ted.

[lena151]

Hat off time again...

Ted.

Unfortunately, it is not hat off time again. See my reply: http://tuts4you.com/download.php?view.1641

[ChupaChu]

Lena151 you did a great crackme, Its way over my abilities to coprehend all abfuscation and stuff.. so i truly hoppe you will publish a tutorial on this one!

Have nice day!

[Teddy Rogers]

Oh! I didn't know he was cheating...

Ted.

[Angel-55]

Lena, to be honest with you i think you give

too much explainations and making thing too much

easier to challenge at of course challeneg is still out of

NewBies range but a bit confusions are better i guess

nice unpack me i checked it a bit looks nice and really

nicely programmed i must admit i never thougth of using

MOV's as obfuscations lol great coding i really like it and anti

tricks are cool too although they are easy to bypass and after all

it a cool challenge to play with at the week end awesome work thanks

for your efforts on tutorials and challenges amaizing news are always shown by you !!

That one who cheated i wonder how he reverses any application

perhaps using strings or something we don't know ?? lol

it's nice to him trying to solve it but not cheating in it

Cheers To All

Edited May 27, 2007 by Angel-55

[yamraaj]

Comeon guys it won't be called cheating coz he wasn't aware of that...and he actually admitted in his second post

[Angel-55]

yamraaj, you might be right well i don't call him a cheater

i said he cheated that's it no disrespect for him bro'

as for him solution well i donno why he did it but Lena wrote

the rules and you know that modifing the executable it self even for a string

or using a hex editor is called patching and Lena said patching is possible

and his isn't ther kind of patching she wanted so it's wrong and doesn't work

and he seems not to understand her requests in a good way he tried

to solve it and seems to be hard for him....... it's ok at least he tried and

he admit his fault by trying to solve it his way {lets say not cheating}

he used an unacceptable way to solve the challenge although everything

is all right none was angry about it just a miss understandng and that's it

i don't think he is a cheater or he cheated but he used his own way to do it !!

could work with other targets but not Lena's and she's smart

to figure out that trick "if he did send a license file with the solution"

cause else she would have run the exe and saw a registered too sentence

without a keyfile which is 100% patching................

and as for the guy sorry if i disrespect you that way

i didn't mean it actually but if you understand it that way "Sorry" !!

Cheers To All

Edited May 27, 2007 by Angel-55

[lena151]

Lena, to be honest with you i think you give

too much explainations and making thing too much

easier to challenge at of course challeneg is still out of

NewBies range but a bit confusions are better i guess

Well, I felt like this ReverseMe was a little bit too hard to be accessible for everybody, and even with the info, there is still only one valid solution so far.

However, do you want a really hard one? JLMK and I'll make the next a level or two harder. (Yeah, if I ever find the time to code it ...)

[Angel-55]

Lena, i meant no harm

just said that is it's a hard one "it's indeed"

so no need to give such a big explination only

a few tips where and how to start i think it's better

as for coding hard i know you don't have time and you know

what i'am stuck with at the moment so it's up to you really !!

and keep it comming with respect.....

Cheers To All

[lena151]

I take my hat off for MrMagic who has sent me the attached and valid keygen.

Good work!

usage: ReverseMe#8_KeyGen <name_to_register_to>

It generates the keyfile called 'lena151' which you have to copy to the folder where the ReverseMe#8.exe resides.

MrMag.rar