banme Posted April 8, 2018 Posted April 8, 2018 Difficulty : 3 Language : C# (.NET) Platform : Windows x32/x64 OS Version : Windows 7/8/10 Packer / Protector : None [just sum anti-skid stuff] Description : get the password Screenshot : Download: CrackMe.exe 1
Solution 0X7C9 Posted April 9, 2018 Solution Posted April 9, 2018 (edited) I have password my friend. I'm not surprised that the "Password:" is being loaded for so long. This calculation is unique. Where did I just see ... Pass is: 5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9 How did I get the password? I've tried a lot of programs. But always full stack or crash. Programs like (dnSpy ... and other debuggers) They were useless in this case. So I had to explore the entire IL code. I tried profiling in .dot Trace. I found you were using base64 there. So I tried to write a base64 decryption program. Nothing helped. 1) So I used Peek from Jetbrains .dot. 2) I got the source code 3) Created a new project in VS2010 4) Copied your code and tried to run. 5) I commented on parts such as: //Environment.FailFast (""); 6) Found part where you compare if (str2 == @string) 7) Then Console.Writeline (@string) I'm sorry, but I did not understand much about the string (UTF) calculation. Maybe later. Edited April 9, 2018 by !Eddy420CZ Detailed solution.. 1
banme Posted April 9, 2018 Author Posted April 9, 2018 Spoiler 13 minutes ago, !Eddy420CZ said: I have password my friend. I'm not surprised that the "Password:" is being loaded for so long. This calculation is unique. Where did I just see ... Pass is: 5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9 btw: the pw doesnt load long. its just the Threading.Sleep(1000) to prevent boiz to bruteforce
TheCrippledModder Posted May 7, 2018 Posted May 7, 2018 Password: 5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9 Steps: Start app in Windbg When you hit the IsDebuggerPresent exception you simply break at current address Dump strings and you get the password. Difficulty: 1/10 1
TobitoFatito Posted May 5, 2019 Posted May 5, 2019 (edited) Alright, it was really easy to remove Opening the .exe on Dnspy we can see that the methods have some kind of decompiler crashing. So what i did was simply loading the .exe and writing each instruction to console to see what is going on. Well a lot of ldc.i4.6 appeared as you can see here Simply made a quick tool to remove this Now you can open it on dnspy and see the actual code. But there are some anti-debuggers so i modified the tool that i made to remove the antidebuggers too. like this You can simply debug it now CrackMe (1)-Cleaned.exe Edited May 5, 2019 by TobitoFatito Replaced links with images 2
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now