Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Difficulty : 10
Language :  .NET
Platform : Windows x86
OS Version : All
Packer / Protector : Custom protect (with native packaging)

Challenge : Figure out the correct string for the textbox.

 

screen.png

Crack_me_2_protected.exe

Edited by Nickitee

  • 2 weeks later...

I suck with .NET related things anymore, haven't kept up with all the new things people do. But here is the actual crack me file removed from the protector (native code). Bypassing the protector is fairly easy. I wrote a simple loader that hooks VirtualProtect (this protect heavily relies on it) and just changed all pages to be a PAGE_EXECUTE_READWRITE. This allows any dumping tool such as MegaDumper to get the original crackme within the protection.

So someone with .NET unpacking skills can handle it from here.

Crack_me.7z

Ok finished.

Password is: SSSSSSSSSSHarp27012017

Part 1. Bypassing Native Protection

This is rather simple, just write a loader that hooks VirtualProtect. You will want to force all pages being protected to use PAGE_EXECUTE_READWRITE instead. Once done and you have loaded the crackme with your loader, use a tool like MegaDumper to do a full .NET Dump which will yield the real Crack_Me.exe file.

Part 2. Obtaining the Password

More or less a cheap method, but this is just a normal if (str1 == str2) so open the real Crack_Me.exe inside of a .NET debugger tool such as dnSpy. Once open begin debugging and then navigate to mscorlib -> System -> String -> op_Equality. Set a breakpoint here.

Enter a string into the text box such as asdf1234, press the button. Walk through the breaks until the first param is your password, check second param for the real password.

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.