Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

CrackMe [1/10]

AcroniS
AcroniS
in CrackMe

Featured Replies

Posted

Difficulty : 1/10
Language : Delphi
Platform : Windows
OS Version : Windows XP - Windows 10
Packer / Protector : OEP Crypter

Description : No rules. The task: Get a valid response

Screenshot :

 

CrackMe.exe

1469775567769.jpg

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Edited by GIV

    • Like 2
    • Author
    1 hour ago, GIV said:

    First thing is to make a "clean" file.

    As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

    Here is a deobfuscated file and a MAP file for MAPIMP plugin.

    Downloads.rar

    You unpacked file, but target it's get a valid response

    Sure.

    I did not tell that.

    I just unpacked.

    I let others get a valid response.

    :)

    •
    • Like 1
    Spoiler

    41A5CC

    We've had this type of challenges few times already. :) 

    Spoiler

    * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
    * How to solve it - you need to locate function which prints good boy message;;
    * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

     

    • Like 1
    • Author
    2 hours ago, kao said:
      Hide contents

    41A5CC

    We've had this type of challenges few times already. :) 

      Hide contents

    * Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
    * How to solve it - you need to locate function which prints good boy message;;
    * There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

     

    Good job! Nice, but it's crackme very easy :^)

    Edited by AcroniS

    • 7 months later...

    Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions.

    Maybe I need 0/10 crackme :(

    Oh. I learned something about TEB:). I didn't solve yet, but still trying.

    I figured it out today, but it sure took me a long time :unsure:. Ty for making it.

    • Like 1
    • 2 weeks later...
    On 29/7/2016 at 2:56 PM, GIV said:

    First thing is to make a "clean" file.

    As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

    Here is a deobfuscated file and a MAP file for MAPIMP plugin.

    Downloads.rar

    Hi @GIV

    How do making file map similar of you ?

    I try making with IDA PRO 6.8 but when I import not same

    Your file :

    33578633422_fd88b64e58_o.png

    My file :

    33606046271_7928c57c63_o.png
     

     

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.