Jump to content
Tuts 4 You

CrackMe [1/10]


AcroniS

Recommended Posts

Difficulty : 1/10
Language : Delphi
Platform : Windows
OS Version : Windows XP - Windows 10
Packer / Protector : OEP Crypter

Description : No rules. The task: Get a valid response

Screenshot :

 

CrackMe.exe

1469775567769.jpg

Link to comment

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Edited by GIV
  • Like 2
Link to comment
1 hour ago, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

You unpacked file, but target it's get a valid response

Link to comment
Spoiler

41A5CC

We've had this type of challenges few times already. :) 

Spoiler

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

  • Like 1
Link to comment
2 hours ago, kao said:
  Hide contents

41A5CC

We've had this type of challenges few times already. :) 

  Hide contents

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

Good job! Nice, but it's crackme very easy :^)

Edited by AcroniS
Link to comment
  • 7 months later...

Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions.

Maybe I need 0/10 crackme :(

Link to comment
  • 2 weeks later...
dangducluan
On 29/7/2016 at 2:56 PM, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Hi @GIV

How do making file map similar of you ?

I try making with IDA PRO 6.8 but when I import not same

Your file :

33578633422_fd88b64e58_o.png

My file :

33606046271_7928c57c63_o.png
 

 

Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...