Jump to content
Tuts 4 You

CrackMe [1/10]

AcroniS

By AcroniS
in CrackMe

 Share

Recommended Posts

AcroniS

AcroniS

Posted
Posted

Difficulty : 1/10
Language : Delphi
Platform : Windows
OS Version : Windows XP - Windows 10
Packer / Protector : OEP Crypter

Description : No rules. The task: Get a valid response

Screenshot :

 

CrackMe.exe

1469775567769.jpg

Link to comment
Share on other sites
GIV

GIV

Posted
Posted (edited)

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Edited by GIV
  • Like 2
Link to comment
Share on other sites
AcroniS

AcroniS

Posted
  • Author
Posted
1 hour ago, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

You unpacked file, but target it's get a valid response

Link to comment
Share on other sites
kao

kao

Posted
Posted
Spoiler

41A5CC

We've had this type of challenges few times already. :) 

Spoiler

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

  • Like 1
Link to comment
Share on other sites
AcroniS

AcroniS

Posted
  • Author
Posted (edited)
2 hours ago, kao said:
  Hide contents

41A5CC

We've had this type of challenges few times already. :) 

  Hide contents

* Principle of crackme - you enter the address, crackme does few simple checks and then jumps to address you chose;
* How to solve it - you need to locate function which prints good boy message;;
* There is no good boy string anywhere, so it must be encrypted. Other strings are encrypted too. Find which method is responsible for decrypting strings, use IDA to find all references to that method (there are 5) and check all of them. Once you know which method decrypts good boy message, crackme is solved..

 

Good job! Nice, but it's crackme very easy :^)

Edited by AcroniS
Link to comment
Share on other sites
  • 7 months later...
khloe727

khloe727

Posted
Posted

Hm. This is too hard for me. Are there any tips to making an unpacked binary? If I debug this, I just get exceptions.

Maybe I need 0/10 crackme :(

Link to comment
Share on other sites
  • 2 weeks later...
2lht_love

2lht_love

Posted
Posted
On 29/7/2016 at 2:56 PM, GIV said:

First thing is to make a "clean" file.

As far i see the input is the address of the JMP (JMP DWORD PTR DS:[0x423EDC]) where the good boy is.

Here is a deobfuscated file and a MAP file for MAPIMP plugin.

Downloads.rar

Hi @GIV

How do making file map similar of you ?

I try making with IDA PRO 6.8 but when I import not same

Your file :

33578633422_fd88b64e58_o.png

My file :

33606046271_7928c57c63_o.png
 

 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...