Jump to content
Tuts 4 You
  • 0
Sign in to follow this  
banme

CrackMe for nonskid

Question

banme

Difficulty : 3
Language : C# (.NET)
Platform : Windows x32/x64
OS Version : Windows 7/8/10
Packer / Protector : None [just sum anti-skid stuff]

Description :

get the password

Screenshot :

TASn8Zb_QrmTo47pzqramA.png 

Download:

CrackMe.exe

  • Thanks 1

Share this post


Link to post

5 answers to this question

Recommended Posts

  • 1
0X7C9

I have password :) my friend. I'm not surprised that the "Password:" is being loaded for so long. This calculation is unique. Where did I just see ...

Pass is: 

5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9

How did I get the password?

I've tried a lot of programs. But always full stack or crash. Programs like (dnSpy ... and other debuggers) They were useless in this case. So I had to explore the entire IL code. I tried profiling in .dot Trace. I found you were using base64 there. So I tried to write a base64 decryption program. Nothing helped.

1) So I used Peek from Jetbrains .dot.
2) I got the source code
3) Created a new project in VS2010
4) Copied your code and tried to run.
5) I commented on parts such as: //Environment.FailFast ("");
6) Found part where you compare if (str2 == @string)
7) Then Console.Writeline (@string)

I'm sorry, but I did not understand much about the string (UTF) calculation. Maybe later.

 

cracked.jpg

cracked2.jpg

Edited by !Eddy420CZ
Detailed solution.. (see edit history)
  • Thanks 1

Share this post


Link to post
  • 0
banme
Spoiler

 

13 minutes ago, !Eddy420CZ said:

I have password :) my friend. I'm not surprised that the "Password:" is being loaded for so long. This calculation is unique. Where did I just see ...

Pass is: 



5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9

cracked.jpg

cracked2.jpg

5v9Pk8kmSkymtuHFPMumBA.png

btw: the pw doesnt load long. its just the Threading.Sleep(1000) to prevent boiz to bruteforce

Share this post


Link to post
  • 0
randomusername

Great crackme, thanks :lol:

Share this post


Link to post
  • 0
TheCrippledModder

Password:

5j/bFy;&<A~9!(:e:p<*m%$gXAyh!*%9

 

Steps:

  1. Start app in Windbg
  2. When you hit the IsDebuggerPresent exception you simply break at current address
  3. Dump strings and you get the password. 

 

Difficulty: 1/10

  • Like 1

Share this post


Link to post
  • 0
TobitoFatito
Posted (edited)

Alright, it was really easy to remove :D

Opening the .exe on Dnspy we can see that the methods have some kind of decompiler crashing.

spacer.png

So what i did was simply loading the .exe and writing each instruction to console to see what is going on.

Well a lot of ldc.i4.6 appeared as you can see here spacer.png

Simply made a quick tool to remove this

 spacer.png

Now you can open it on dnspy and see the actual code. But there are some anti-debuggers so i

modified the tool that i made to remove the antidebuggers too. like this spacer.png

You can simply debug it now :D

spacer.png

 

 

 

CrackMe (1)-Cleaned.exe

Edited by TobitoFatito
Replaced links with images (see edit history)
  • Like 1

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...