AcroniS Posted July 29, 2016 Posted July 29, 2016 Difficulty : 1/10Language : DelphiPlatform : WindowsOS Version : Windows XP - Windows 10Packer / Protector : OEP Crypter Description : No rules. The task: Get a valid response Screenshot : CrackMe.exe
GIV Posted July 29, 2016 Posted July 29, 2016 (edited) First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar Edited July 29, 2016 by GIV 2
AcroniS Posted July 29, 2016 Author Posted July 29, 2016 1 hour ago, GIV said: First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar You unpacked file, but target it's get a valid response
GIV Posted July 29, 2016 Posted July 29, 2016 Sure. I did not tell that. I just unpacked. I let others get a valid response. 1
kao Posted July 29, 2016 Posted July 29, 2016 Spoiler 41A5CC We've had this type of challenges few times already. Spoiler * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose; * How to solve it - you need to locate function which prints good boy message;; * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved.. 1
AcroniS Posted July 29, 2016 Author Posted July 29, 2016 (edited) 2 hours ago, kao said: Hide contents 41A5CC We've had this type of challenges few times already. Hide contents * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose; * How to solve it - you need to locate function which prints good boy message;; * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved.. Good job! Nice, but it's crackme very easy :^) Edited July 29, 2016 by AcroniS
khloe727 Posted March 7, 2017 Posted March 7, 2017 Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions. Maybe I need 0/10 crackme
khloe727 Posted March 8, 2017 Posted March 8, 2017 Oh. I learned something about TEB. I didn't solve yet, but still trying.
khloe727 Posted March 16, 2017 Posted March 16, 2017 I figured it out today, but it sure took me a long time . Ty for making it. 1
2lht_love Posted March 30, 2017 Posted March 30, 2017 On 29/7/2016 at 2:56 PM, GIV said: First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar Hi @GIV How do making file map similar of you ? I try making with IDA PRO 6.8 but when I import not same Your file : My file :
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now