Jump to content
Tuts 4 You
  • 0
Nickitee

Custom protect

Question

Nickitee

Difficulty : 10
Language :  .NET
Platform : Windows x86
OS Version : All
Packer / Protector : Custom protect (with native packaging)

Challenge : Figure out the correct string for the textbox.

 

screen.png

Crack_me_2_protected.exe

Edited by Nickitee (see edit history)
  • Like 2

Share this post


Link to post

3 answers to this question

Recommended Posts

  • 1
atom0s

Part 1. Bypassing Native Protection

This is rather simple, just write a loader that hooks VirtualProtect. You will want to force all pages being protected to use PAGE_EXECUTE_READWRITE instead. Once done and you have loaded the crackme with your loader, use a tool like MegaDumper to do a full .NET Dump which will yield the real Crack_Me.exe file.

Part 2. Obtaining the Password

More or less a cheap method, but this is just a normal if (str1 == str2) so open the real Crack_Me.exe inside of a .NET debugger tool such as dnSpy. Once open begin debugging and then navigate to mscorlib -> System -> String -> op_Equality. Set a breakpoint here.

Enter a string into the text box such as asdf1234, press the button. Walk through the breaks until the first param is your password, check second param for the real password.

  • Like 6

Share this post


Link to post
  • 0
atom0s

I suck with .NET related things anymore, haven't kept up with all the new things people do. But here is the actual crack me file removed from the protector (native code). Bypassing the protector is fairly easy. I wrote a simple loader that hooks VirtualProtect (this protect heavily relies on it) and just changed all pages to be a PAGE_EXECUTE_READWRITE. This allows any dumping tool such as MegaDumper to get the original crackme within the protection.

So someone with .NET unpacking skills can handle it from here.

Crack_me.7z

  • Like 1

Share this post


Link to post
  • 0
atom0s

Ok finished.

Password is: SSSSSSSSSSHarp27012017

  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...