Posted January 27, 20178 yr Difficulty : 10Language : .NETPlatform : Windows x86OS Version : AllPacker / Protector : Custom protect (with native packaging) Challenge : Figure out the correct string for the textbox. Crack_me_2_protected.exe Edited January 27, 20178 yr by Nickitee
February 4, 20178 yr I suck with .NET related things anymore, haven't kept up with all the new things people do. But here is the actual crack me file removed from the protector (native code). Bypassing the protector is fairly easy. I wrote a simple loader that hooks VirtualProtect (this protect heavily relies on it) and just changed all pages to be a PAGE_EXECUTE_READWRITE. This allows any dumping tool such as MegaDumper to get the original crackme within the protection. So someone with .NET unpacking skills can handle it from here. Crack_me.7z
February 4, 20178 yr Part 1. Bypassing Native Protection This is rather simple, just write a loader that hooks VirtualProtect. You will want to force all pages being protected to use PAGE_EXECUTE_READWRITE instead. Once done and you have loaded the crackme with your loader, use a tool like MegaDumper to do a full .NET Dump which will yield the real Crack_Me.exe file. Part 2. Obtaining the Password More or less a cheap method, but this is just a normal if (str1 == str2) so open the real Crack_Me.exe inside of a .NET debugger tool such as dnSpy. Once open begin debugging and then navigate to mscorlib -> System -> String -> op_Equality. Set a breakpoint here. Enter a string into the text box such as asdf1234, press the button. Walk through the breaks until the first param is your password, check second param for the real password.
Create an account or sign in to comment