Jump to content
Tuts 4 You
  • 0
banme

CrackMe for nonskid v2 // AntiSkid

Question

banme

Difficulty : 3
Language : C# (.NET)
Platform : Windows x32/x64
OS Version : Windows 7/8/10
Packer / Protector : AntiSkid (own)

Description :

get the password.

Screenshot :

d3iJ2WmWSc_7G_XPgpbSpA.png

 

CrackMe-antiskid.exe

Share this post


Link to post

6 answers to this question

Recommended Posts

  • 0
Eddy^CZ

Great. Very nice. Interestingly. But I got the password.

1) I first tried Reflector
2) Then dot.Peek
3) DnSpy turned off about four times.
4) Then I used de4dot (Ivancito Gui), That allowed me to read the code
5) I searched for a moment where my password is being taken. (and it's base64), then you search in the int field. Maybe..
6) I opened the original crackme in DnSpy
6) I have modified the condition (if) to always return the truth.
7) And I used the debuger. Your password turned out pretty fast. I thought for a moment. Put it in the original CrackMe. And success.

I just wonder what kind you used the obfuscation. Thank you so please write to me in PM.

An password is: 

Spoiler

99dCcnz4d5t9xeWNU7pt4M6anKjPRm7Y

 

passwordGood.jpg

debugger.jpg

Edited by !Eddy420CZ (see edit history)
  • Like 1

Share this post


Link to post
  • 1
TheCrippledModder

Unfortunately, all your antiskid crack me's have the same flaw. You can simply execute application in a debugger such as Dnspy and when you hit the IsDebuggerPresent you can simply break and dump strings... 

Screenshot_1.png

Share this post


Link to post
  • 0
TobitoFatito
Posted (edited)

Nothing really different from your last crackme, just need to run it on de4dot before running on the quick tool i made.

 

(Some stuff copy paste from the last tutorial i made for your last crackme)

 

Tutorial:

(Run through de4dot first or it will give errors, no idea why)

Opening the .exe on Dnspy we can see that the methods have some kind of decompiler crashing.

 

So what i did was simply loading the .exe and writing each instruction to console to see what is going on.

Well a lot of ldc.i4.6 appeared as you can see here 

spacer.png

Simply made a quick tool to remove this

spacer.png

Now you can open it on dnspy and see the actual code. But there are some anti-debuggers so i

modified the tool that i made to remove the antidebuggers too. like this 

spacer.png

You can simply debug it now :D

spacer.png

spacer.png

Spoiler

99dCcnz4d5t9xeWNU7pt4M6anKjPRm7Y

CrackMe-antiskid-cleaned-Cleaned.exe

Edited by TobitoFatito (see edit history)
  • Like 1

Share this post


Link to post
  • 0
Rainbow

Its too easy .. do a harder one please

i just put it in de4dot and then debug it in dnspy ..

str,@string = code

code:

Spoiler

99dCcnz4d5t9xeWNU7pt4M6anKjPRm7Y

 

 

Share this post


Link to post
  • 0
73214

Nothing special, just changing flag to true will make file cracked.

spacer.png

CrackMe-antiskid_Done.exe

Share this post


Link to post
  • 0
Security_ Egypt
Posted (edited)

❤️

yujy.png

Edited by Security_ Egypt (see edit history)

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...