Jump to content
Tuts 4 You
  • 1
0xNOP

League of the Extraordinary Protected App

Question

0xNOP

Difficulty : (6 1/2)
Language : (C++Builder XE8)
Platform : (Windows x86)
OS Version : (Windows XP & Above)
Packer / Protector : (Custom VM)

Description :

This is my second CrackMe, the first one being developed in PureBasic, which it has many cool shenanigans but moved onto C++ now to deliver a different taste :D Hopefully this will leave a mark when analyzing this CrackMe :D The idea of this crackme is to analyze the VM and understand how it works, it will ultimately take you to where you want to go.

Objective : Patch to Good Boy or Fish the Serial.

Wish you the best of luck :D

Screenshot :

tESdt6K.png

League of the Extraordinary Protected App.7z

Edited by 0xNOP
Approved - thanks for following the template :) (see edit history)
  • Like 1

Share this post


Link to post

6 answers to this question

Recommended Posts

  • 1
kao

OK, so here are my findings:

1) Patch - it's quite easy, just replace reference to one piece of virtualized code with another. Patched EXE attached, 2 bytes modified:

0042C9F8: 77 85
0042C9F9: 4C 42


2) Serial - here is serial that's probably correct for my nick:

Spoiler

kao : 0x90-2172038173

However, it will not show the success message because x86 conditional jump is incorrectly virtualized. Instead, it will show empty messagebox due to exception thrown.

 

3) Keygen - since it looks like serial check is borked, there is no keygen yet.

 

If either of those solutions are acceptable, I will make a detailed tutorial on how it was done.
If none of those solutions are acceptable, please double check that your virtualized EXE works correctly. Sample username/password would be nice.

PATCHED League of the Extraordinary Protected App.zip

  • Like 3

Share this post


Link to post
  • 1
kao

Plenty of anti-debug, 3 VMs each having different opcodes, 7+7+6 = 20 virtualized methods - it's a lot of code to be analyzed.
Before I waste any more time on them - are you sure your crackme is working properly on all systems? Like on 64bit Win7.. ;)

 

And if it's not a spoiler, what are the criteria for success? Showing the "Well... I guess you finally did it..." message?

  • Like 2

Share this post


Link to post
  • 1
0xNOP
On 1/26/2016 at 0:06 PM, kao said:

Plenty of anti-debug, 3 VMs each having different opcodes, 7+7+6 = 20 virtualized methods - it's a lot of code to be analyzed.
Before I waste any more time on them - are you sure your crackme is working properly on all systems? Like on 64bit Win7.. ;)

 

And if it's not a spoiler, what are the criteria for success? Showing the "Well... I guess you finally did it..." message? It's supposed to be working on all of them, Are you running into problems?

Yeah, that would ultimately be, as the message suggests... Thank you for participating :D It supposed to be running also, are you having problems?

Edited by 0xNOP (see edit history)

Share this post


Link to post
  • 0
Extreme Coders

Hmm, I think I saw this vm before. Looks like a modded version of x86obf
The virtualized code and its way of operation are uncannily similar.

  • Like 4

Share this post


Link to post
  • 0
Pancake

Maybe offtopic, but how did you make such cool GUI in c++?

Share this post


Link to post
  • 0
Reasen
6 hours ago, Pancake said:

Maybe offtopic, but how did you make such cool GUI in c++?

Embarcadero.

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...