Posted July 29, 20169 yr Difficulty : 1/10Language : DelphiPlatform : WindowsOS Version : Windows XP - Windows 10Packer / Protector : OEP Crypter Description : No rules. The task: Get a valid response Screenshot : CrackMe.exe
July 29, 20169 yr First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar Edited July 29, 20169 yr by GIV
July 29, 20169 yr Author 1 hour ago, GIV said: First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar You unpacked file, but target it's get a valid response
July 29, 20169 yr Spoiler 41A5CC We've had this type of challenges few times already. Spoiler * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose; * How to solve it - you need to locate function which prints good boy message;; * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..
July 29, 20169 yr Author 2 hours ago, kao said: Hide contents 41A5CC We've had this type of challenges few times already. Hide contents * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose; * How to solve it - you need to locate function which prints good boy message;; * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved.. Good job! Nice, but it's crackme very easy :^) Edited July 29, 20169 yr by AcroniS
March 7, 20178 yr Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions. Maybe I need 0/10 crackme
March 30, 20178 yr On 29/7/2016 at 2:56 PM, GIV said: First thing is to make a "clean" file. As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is. Here is a deobfuscated file and a MAP file for MAPIMP plugin. Downloads.rar Hi @GIV How do making file map similar of you ? I try making with IDA PRO 6.8 but when I import not same Your file : My file :
Create an account or sign in to comment