LoLLo90 Posted February 11, 2013 Posted February 11, 2013 Good day reverser !I propose today a new crackme that has been created by me and Lollo90.Target :Silver : Create a patched executable;Gold : Create a patched,cleaned executable and reveal the correct password.Programming Language :Visual Basic .NETInfoThe program was developed and protected by me and Lollo90.To test your username and your password you have to click the image on the right.A window will open, which will clearly show the success of the crack.At the start, and at the check of the password ,it can seem that is going to crash, wait some seconds and it will works perfectly. Screenshot : http://www.mediafire.com/download.php?4ez99o204jpo144 https://mega.co.nz/#!h4g3DYZL!DXHnLl1sM6BMwvfjbByiOC6T23dVFzlaT8zVEx7A2Qc https://www.virustotal.com/file/9e39de3c88e118cdc2d0b961fa506b3df09469effa2b21ed0b87f2d8796a82e7/analysis/1360359728/
kao Posted February 11, 2013 Posted February 11, 2013 In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware. Considering that, there is no way I will run this shit on my real PC.
LoLLo90 Posted February 11, 2013 Author Posted February 11, 2013 In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware.Considering that, there is no way I will run this shit on my real PC.It autodeletes if you modify it. I am not posting a virus, if you want scan on virustotal or whatever yourself do it
kao Posted February 11, 2013 Posted February 11, 2013 (edited) It autodeletes if you modify it.Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer. Edited February 11, 2013 by kao
LoLLo90 Posted February 11, 2013 Author Posted February 11, 2013 Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer. Really i don't know what to tell. I posted it also in other forums,and works for all people that have tried. Maybe can you try to download it again? 1
Hadits follower Posted February 11, 2013 Posted February 11, 2013 modifying confuser with long byte + invalid fake method putted in table 1 million up + enigma nice to see it again. http://www.hackforums.net/showthread.php?tid=3242531
LoLLo90 Posted February 11, 2013 Author Posted February 11, 2013 modifying confuser with long byte + invalid fake method putted in table 1 million up + enigma nice to see it again. http://www.hackforums.net/showthread.php?tid=3242531 LOl stop giving -1 on posts only because you can't crack it..
Hadits follower Posted February 11, 2013 Posted February 11, 2013 (edited) i decrypted il code ur confuser and dump ur enigma . http://www.2shared.com/file/ykhCmuPc/Enigma_unpacked_confuser_decry.html - why? because its damage my os.cant crack i am not pro in cracking .still learner .for deob it i lost data once i formate my pc thats for u got - . u cant talking about rep its not allowed. there had more cracker they can do it for u.talking about - not allowed in this forums u can report Edited February 11, 2013 by Death
LoLLo90 Posted February 11, 2013 Author Posted February 11, 2013 @kao: Kao i would ask something, i don't know if is possible: is possible that in some way the extracted file from the rar you downloaded has different md5?
richyb Posted February 16, 2013 Posted February 16, 2013 Why the hell would we try this... hackforums already said the file is fishy... now ill tell you why i think it is... based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB Why is it so big for such a small app??? This file clearly does something not mentioned in your post. DO YOU THINK WE ARE STUPID 1
atom0s Posted February 16, 2013 Posted February 16, 2013 (edited) File connects to the net on startup: www.frserver.altervista.org Connects to: http://www.frserver.altervista.org/CleanUp/CleanUp5.php Then connects to: http://frserver.altervista.org/CleanUp/__f.php http://frserver.altervista.org/CleanUp/_f.php Then to: (Data seems to be SSL cert info.) http://frserver.altervista.org/CleanUp/_s.php Didn't bother going further after seeing it attempt to connect to the net. Edited February 16, 2013 by atom0s
LoLLo90 Posted February 16, 2013 Author Posted February 16, 2013 Yea at0mos you're right, it connects there to do antitamper cheks, and richyb look well on hf isn't a virus lol
CodeExplorer Posted February 19, 2013 Posted February 19, 2013 @LoLLo90:After unpacking it and entering a random name/password it gives me an message "PaneENuttella"Is it normal? And what this means?
LoLLo90 Posted February 19, 2013 Author Posted February 19, 2013 @LoLLo90:After unpacking it and entering a random name/password it gives me an message "PaneENuttella"Is it normal? And what this means? Ohohohoho seems oyu are getting close. However that is only a test message we used during our test.. doesn't mean nothing don't care of it
CodeExplorer Posted March 16, 2013 Posted March 16, 2013 http://www.multiupload.nl/7B0AH8PZJPUnpacked & cracked!Just enter any random username & password From Method: A.cb23e3e7a432657fdae2e9d1f62062299::cdd50c39daf6832358449d16e0755fa82 IL_04c8: /* 72 | (70)004599 */ ldstr "4A50B2272C087BA0E58BE0092B124364" IL_04cd: /* 16 | */ ldc.i4.0 IL_04ce: /* 28 | (06)000182 */ call int32 A.cb23e3e7a432657fdae2e9d1f62062299::smethod_169(object, object, bool) IL_04d3: /* 16 | */ ldc.i4.0 IL_04d4: /* FE01 | */ ceq IL_04d6: /* 2D | 3A */ brtrue.s IL_0512Opcodes: 729945007016288201000616FE012D3Achanging antelast 2D to 0x2C ( brfalse.s <int8 (target)> ) smethod_169 calls int32 [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Operators::CompareString(string, string, bool) 1
LoLLo90 Posted March 17, 2013 Author Posted March 17, 2013 (edited) Codecracker congratulations! You did really a great job... but there is something you still need to fix.. the msgbox isn't completely correct: in your exe it says(for other users except for me): but it should exit to all users like this: There is still another check you need to fix Edited March 17, 2013 by LoLLo90
li0nsar3c00l Posted March 23, 2013 Posted March 23, 2013 Why the hell would we try this... hackforums already said the file is fishy... now ill tell you why i think it is... based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB Why is it so big for such a small app??? This file clearly does something not mentioned in your post. DO YOU THINK WE ARE STUPID well, only death said so, i can just say, its pretty good would like to see more from codecracker
Hadits follower Posted March 23, 2013 Posted March 23, 2013 (edited) Final Unpacked public void method_39(object object_118, object object_119) { object left = null; if (Operators.ConditionalCompareObjectEqual(left, "DWNff", false)) { Interaction.MsgBox(RuntimeHelpers.GetObjectValue(GForm0.smethod_5("c3oqvh3vp23jhytppjgpoèae=", "Key_yg3")), MsgBoxStyle.OkOnly, null); } if (!Operators.ConditionalCompareObjectEqual(left, "Iyevf", false)) { } } Unpacked_Final.rar Edited March 23, 2013 by Death
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now