Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

[CleanUP]CrackME_Level_6

LoLLo90
LoLLo90
in CrackMe

Featured Replies

Posted

Good day reverser !
I propose today a new crackme that has been created by me and Lollo90.Target :
Silver : Create a patched executable;
Gold : Create a patched,cleaned executable and reveal the correct password.Programming Language :
Visual Basic .NETInfo
The program was developed and protected by me and Lollo90.
To test your username and your password you have to click the image on the right.
A window will open, which will clearly show the success of the crack.
At the start, and at the check of the password ,it can seem that is going to crash, wait some seconds and it will works perfectly.

 

Screenshot : 

K5MdeEi.png

 

http://www.mediafire.com/download.php?4ez99o204jpo144

https://mega.co.nz/#!h4g3DYZL!DXHnLl1sM6BMwvfjbByiOC6T23dVFzlaT8zVEx7A2Qc

 

https://www.virustotal.com/file/9e39de3c88e118cdc2d0b961fa506b3df09469effa2b21ed0b87f2d8796a82e7/analysis/1360359728/

In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware.

Considering that, there is no way I will run this shit on my real PC.

  • Author

In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware.

Considering that, there is no way I will run this shit on my real PC.

It autodeletes if you modify it. I am not posting a virus, if you want scan on virustotal or whatever yourself do it

It autodeletes if you modify it.

Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer.

Edited by kao

  • Author

Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer.

Really i don't know what to tell. I posted it also in other forums,and works for all people that have tried. Maybe can you try to download it again?

    •
    • Like 1
    • Author

    modifying confuser with long byte + invalid fake method putted in table 1 million up + enigma nice to see it again. 

    http://www.hackforums.net/showthread.php?tid=3242531

    LOl stop giving -1 on posts only because you can't crack it..

    i decrypted il code ur confuser and dump ur enigma .


     



    
http://www.2shared.com/file/ykhCmuPc/Enigma_unpacked_confuser_decry.html

     


    - why? because its damage my os.


    cant crack i am not pro in cracking .still learner .for deob it i lost data once i formate my pc thats for u got - . u cant talking about rep its not allowed.


     


    there had more cracker they can do it for u.


    talking about - not allowed in this forums u can report


    Edited by Death

    • Author

    @kao: Kao i would ask something, i  don't know if is possible: is possible that in some way the extracted file from the rar you downloaded has different md5?


    • Author

    No-one can do /wanna try it?


    Why the hell would we try this...


     


    hackforums already said the file is fishy...


     


    now ill tell you why i think it is...


     


    based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB


     


    Why is it so big for such a small app???


     


    This file clearly does something not mentioned in your post.


     


    DO YOU THINK WE ARE STUPID

    •
    • Like 1

    File connects to the net on startup:


     



    
www.frserver.altervista.org

     


    Connects to:


     



    
http://www.frserver.altervista.org/CleanUp/CleanUp5.php

     


    Then connects to:


     



    
http://frserver.altervista.org/CleanUp/__f.php
    
http://frserver.altervista.org/CleanUp/_f.php

     


     


     


    Then to: (Data seems to be SSL cert info.)


     



    
http://frserver.altervista.org/CleanUp/_s.php

     


     


    Didn't bother going further after seeing it attempt to connect to the net. 


    Edited by atom0s

    • Author

    Yea at0mos you're right, it connects there to do antitamper cheks, and richyb look well on hf isn't a virus lol


    @LoLLo90:
    After unpacking it and entering a random name/password it gives me an message "PaneENuttella"

    Is it normal? And what this means? 

    • Author

    @LoLLo90:

    After unpacking it and entering a random name/password it gives me an message "PaneENuttella"

    Is it normal? And what this means? 

    Ohohohoho seems oyu are getting close. However that is only a test message we used during our test.. doesn't mean nothing  don't care of it

    • 4 weeks later...

    http://www.multiupload.nl/7B0AH8PZJP

    Unpacked & cracked!

    Just enter any random username & password

     

    From Method: A.cb23e3e7a432657fdae2e9d1f62062299::cdd50c39daf6832358449d16e0755fa82

     

      IL_04c8:  /* 72   | (70)004599       */ ldstr      "4A50B2272C087BA0E58BE0092B124364"
      IL_04cd:  /* 16   |                  */ ldc.i4.0
      IL_04ce:  /* 28   | (06)000182       */ call       int32 A.cb23e3e7a432657fdae2e9d1f62062299::smethod_169(object,  object,  bool)
      IL_04d3:  /* 16   |                  */ ldc.i4.0
      IL_04d4:  /* FE01 |                  */ ceq
      IL_04d6:  /* 2D   | 3A               */ brtrue.s   IL_0512
    Opcodes: 729945007016288201000616FE012D3A
    changing antelast 2D to 0x2C ( brfalse.s <int8 (target)> )
     

    smethod_169 calls int32  [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Operators::CompareString(string,
     string,   bool)

     

    •
    • Like 1
    • Author

    Codecracker congratulations! You did really a great job... but there is something you still need to fix.. the msgbox isn't completely correct:


    in your exe it says(for other users except for me):


    Ed2jwfz.png


    but it should exit to all users like this:


    K16JSHb.png


     


    There is still another check you need to fix :P


    Edited by LoLLo90

    Why the hell would we try this...

     

    hackforums already said the file is fishy...

     

    now ill tell you why i think it is...

     

    based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB

     

    Why is it so big for such a small app???

     

    This file clearly does something not mentioned in your post.

     

    DO YOU THINK WE ARE STUPID

    well, only death said so, i can just say, its pretty good :)

    would like to see more from codecracker

    Final Unpacked



    7ZfzZZq.jpg



     


     
    
public void method_39(object object_118, object object_119)
    
{
    
   object left = null;
    
   if (Operators.ConditionalCompareObjectEqual(left, "DWNff", false))
    
   {
    
       Interaction.MsgBox(RuntimeHelpers.GetObjectValue(GForm0.smethod_5("c3oqvh3vp23jhytppjgpoèae=", "Key_yg3")), MsgBoxStyle.OkOnly, null);
    
   }
    
   if (!Operators.ConditionalCompareObjectEqual(left, "Iyevf", false))
    
   {
    
   }
    
}

    Unpacked_Final.rar

    Edited by Death

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.