Jump to content
Tuts 4 You

[CleanUP]CrackME_Level_6


LoLLo90

Recommended Posts

Good day reverser !
I propose today a new crackme that has been created by me and Lollo90.Target :
Silver : Create a patched executable;
Gold : Create a patched,cleaned executable and reveal the correct password.Programming Language :
Visual Basic .NETInfo
The program was developed and protected by me and Lollo90.
To test your username and your password you have to click the image on the right.
A window will open, which will clearly show the success of the crack.
At the start, and at the check of the password ,it can seem that is going to crash, wait some seconds and it will works perfectly.

 

Screenshot : 

K5MdeEi.png

 

http://www.mediafire.com/download.php?4ez99o204jpo144

https://mega.co.nz/#!h4g3DYZL!DXHnLl1sM6BMwvfjbByiOC6T23dVFzlaT8zVEx7A2Qc

 

https://www.virustotal.com/file/9e39de3c88e118cdc2d0b961fa506b3df09469effa2b21ed0b87f2d8796a82e7/analysis/1360359728/

Link to comment

In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware.

Considering that, there is no way I will run this shit on my real PC.

Link to comment

In my VMWare (32bit XP, .NET3.5 SP1) it tries to delete itself by running cmd.exe and ping.exe for delay. The same behaviour is very common in malware.

Considering that, there is no way I will run this shit on my real PC.

It autodeletes if you modify it. I am not posting a virus, if you want scan on virustotal or whatever yourself do it

Link to comment

It autodeletes if you modify it.

Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer. Edited by kao
Link to comment

Funny - I didn't change a single byte in it. I just launched it from C:\ using Windows Explorer.

Really i don't know what to tell. I posted it also in other forums,and works for all people that have tried. Maybe can you try to download it again?

  • Like 1
Link to comment

i decrypted il code ur confuser and dump ur enigma .


 



http://www.2shared.com/file/ykhCmuPc/Enigma_unpacked_confuser_decry.html

 


- why? because its damage my os.


cant crack i am not pro in cracking .still learner .for deob it i lost data once i formate my pc thats for u got - . u cant talking about rep its not allowed.


 


there had more cracker they can do it for u.


talking about - not allowed in this forums u can report


Edited by Death
Link to comment

@kao: Kao i would ask something, i  don't know if is possible: is possible that in some way the extracted file from the rar you downloaded has different md5?


Link to comment

Why the hell would we try this...


 


hackforums already said the file is fishy...


 


now ill tell you why i think it is...


 


based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB


 


Why is it so big for such a small app???


 


This file clearly does something not mentioned in your post.


 


DO YOU THINK WE ARE STUPID

  • Like 1
Link to comment

File connects to the net on startup:


 



www.frserver.altervista.org

 


Connects to:


 



http://www.frserver.altervista.org/CleanUp/CleanUp5.php

 


Then connects to:


 



http://frserver.altervista.org/CleanUp/__f.php
http://frserver.altervista.org/CleanUp/_f.php

 


 


 


Then to: (Data seems to be SSL cert info.)


 



http://frserver.altervista.org/CleanUp/_s.php

 


 


Didn't bother going further after seeing it attempt to connect to the net. 


Edited by atom0s
Link to comment

@LoLLo90:
After unpacking it and entering a random name/password it gives me an message "PaneENuttella"

Is it normal? And what this means? 

Link to comment

@LoLLo90:

After unpacking it and entering a random name/password it gives me an message "PaneENuttella"

Is it normal? And what this means? 

Ohohohoho seems oyu are getting close. However that is only a test message we used during our test.. doesn't mean nothing  don't care of it

Link to comment
  • 4 weeks later...
CodeExplorer

http://www.multiupload.nl/7B0AH8PZJP

Unpacked & cracked!

Just enter any random username & password

 

From Method: A.cb23e3e7a432657fdae2e9d1f62062299::cdd50c39daf6832358449d16e0755fa82

 

  IL_04c8:  /* 72   | (70)004599       */ ldstr      "4A50B2272C087BA0E58BE0092B124364"
  IL_04cd:  /* 16   |                  */ ldc.i4.0
  IL_04ce:  /* 28   | (06)000182       */ call       int32 A.cb23e3e7a432657fdae2e9d1f62062299::smethod_169(object,  object,  bool)
  IL_04d3:  /* 16   |                  */ ldc.i4.0
  IL_04d4:  /* FE01 |                  */ ceq
  IL_04d6:  /* 2D   | 3A               */ brtrue.s   IL_0512
Opcodes: 729945007016288201000616FE012D3A
changing antelast 2D to 0x2C ( brfalse.s <int8 (target)> )
 

smethod_169 calls int32  [Microsoft.VisualBasic]Microsoft.VisualBasic.CompilerServices.Operators::CompareString(string,
 string,   bool)

 

  • Like 1
Link to comment

Codecracker congratulations! You did really a great job... but there is something you still need to fix.. the msgbox isn't completely correct:


in your exe it says(for other users except for me):


Ed2jwfz.png


but it should exit to all users like this:


K16JSHb.png


 


There is still another check you need to fix :P


Edited by LoLLo90
Link to comment
li0nsar3c00l

Why the hell would we try this...

 

hackforums already said the file is fishy...

 

now ill tell you why i think it is...

 

based on your screenshot its a simple login form with a few checks, yet upon downloading it the file size is 17MB

 

Why is it so big for such a small app???

 

This file clearly does something not mentioned in your post.

 

DO YOU THINK WE ARE STUPID

well, only death said so, i can just say, its pretty good :)

would like to see more from codecracker

Link to comment

Final Unpacked



7ZfzZZq.jpg



 


 
public void method_39(object object_118, object object_119)
{
   object left = null;
   if (Operators.ConditionalCompareObjectEqual(left, "DWNff", false))
   {
       Interaction.MsgBox(RuntimeHelpers.GetObjectValue(GForm0.smethod_5("c3oqvh3vp23jhytppjgpoèae=", "Key_yg3")), MsgBoxStyle.OkOnly, null);
   }
   if (!Operators.ConditionalCompareObjectEqual(left, "Iyevf", false))
   {
   }
}

Unpacked_Final.rar

Edited by Death
Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...