Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Difficulty : 2
Language : NET 4.0
Platform : Windows  x32/x64
OS Version : Windows 7,8,10 (All windows with .NET Framework 4)
Packer / Protector : None / Not obfuscated!

Description :

Hello community :)

I created some reversing challenge for you. Lets check it!

Can you get correct password from my application? 

Please if you done this. Post screenshot of program after you sumbmited password and password.

!Eddy420.CZ

Download:

CrackMeForTuts4You.zip

CrackMe V1 2018 - !Eddy420.CZ.jpg

Solved by banme

Go to solution
  • Solution

Unable to get pw, but cracked.

1. Preparation: (I used dnSpy)
Go to the entrypoint and nop all the calls to the protection!
Replace the 'Startup.checkApplication()' with 'Program.openCrackme()'

2. Debug'n'Dump
In dnSpy, set the breakpoint to the Encrypted Dll call, then open up the modules window and dump 'AppSec'

3. Modify
Lookup which method is called and replace the Dll-Call with the method content with the stuff which is executed when the passwordcheck is successful.
[note the dependencies]

Replace the obj.ToString() with "YES!"

Done

3YJrq7KVS4e897EvgXgDWQ.png

  • Author

You're good enough! :D But to tell the truth it was easy: D What else do you say about the program? do not mind that you did not find the password :): P 

2 minutes ago, !Eddy420CZ said:

You're good enough! :D But to tell the truth it was easy: D What else do you say about the program? do not mind that you did not find the password :): P 

You are comparing the password against a SHA512 hash, and as we all know SHA512 is no reversible. The only way is brutoforce. 

PASSWORD SHA512 is : a5034098f0e6f4b60796145cd59ad2f800ed4971a194816781aa3ac18b02cd9b6a583b73c210ad4fbf341fee718c9de706f6752bf4cd5e3c152d3cfc6ec39db6

Capture.PNG

  • Author
6 minutes ago, GautamGreat said:

You are comparing the password against a SHA512 hash, and as we all know SHA512 is no reversible. The only way is brutoforce. 

PASSWORD SHA512 is : a5034098f0e6f4b60796145cd59ad2f800ed4971a194816781aa3ac18b02cd9b6a583b73c210ad4fbf341fee718c9de706f6752bf4cd5e3c152d3cfc6ec39db6

Capture.PNG

Yes you are right :) Otherwise it was not possible. When I saw the others getting a password easily. My opinion is that. Obfuscation is the only solution. Good job guys.

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.