Jump to content
Tuts 4 You
  • 0
AcroniS

CrackMe [1/10]

Question

AcroniS

Difficulty : 1/10
Language : Delphi
Platform : Windows
OS Version : Windows XP - Windows 10
Packer / Protector : OEP Crypter

Description : No rules. The task: Get a valid response

Screenshot :

 

CrackMe.exe

1469775567769.jpg

Share this post


Link to post

9 answers to this question

Recommended Posts

  • 1
kao
Spoiler

41A5CC

We've had this type of challenges few times already. :) 

Spoiler

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

  • Like 1

Share this post


Link to post
  • 0
GIV

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Edited by GIV (see edit history)
  • Like 2

Share this post


Link to post
  • 0
AcroniS
1 hour ago, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

You unpacked file, but target it's get a valid response

Share this post


Link to post
  • 0
GIV

Sure.

I did not tell that.

I just unpacked.

I let others get a valid response.

:)

  • Like 1

Share this post


Link to post
  • 0
AcroniS
2 hours ago, kao said:
  Hide contents

41A5CC

We've had this type of challenges few times already. :) 

  Hide contents

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

Good job! Nice, but it's crackme very easy :^)

Edited by AcroniS (see edit history)

Share this post


Link to post
  • 0
khloe727

Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions.

Maybe I need 0/10 crackme :(

Share this post


Link to post
  • 0
khloe727

Oh. I learned something about TEB:). I didn't solve yet, but still trying.

Share this post


Link to post
  • 0
khloe727

I figured it out today, but it sure took me a long time :unsure:. Ty for making it.

  • Like 1

Share this post


Link to post
  • 0
dangducluan
On 29/7/2016 at 2:56 PM, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Hi @GIV

How do making file map similar of you ?

I try making with IDA PRO 6.8 but when I import not same

Your file :

33578633422_fd88b64e58_o.png

My file :

33606046271_7928c57c63_o.png
 

 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...