phasermoon Posted February 4, 2019 Posted February 4, 2019 Language: C/C++ Platform: Windows x64 OS Version: Windows Packer / Protector: None Description: This is my very first created "CrackMe" and I'd love to get feedback/suggestions on it (especially how I could make it harder without packing/obfuscating/virtualizing the binary)! The challenge is to find the correct password and the correct response. Screenshot: PleaseCrackMe.exe
kao Posted February 4, 2019 Posted February 4, 2019 Spoiler hunter2 Time required - 15 seconds and a simple scan for strings.. To make any decent crackme, you need to learn at least basics of reversing. So, you can start by reading tutorials. For example, "simple crackme tutorial" would be a nice Google search for starters. You can also read solutions for different CTFs (Capture The Flag contests). For example, FLARE-ON always starts with very simple crackmes (and get difficult really quick), and there's plenty of solutions available. Once you know how reversing process works, you'll be able to come up with more complex ways to protect your code. 1
phasermoon Posted February 5, 2019 Author Posted February 5, 2019 6 hours ago, kao said: Reveal hidden contents hunter2 Time required - 15 seconds and a simple scan for strings.. To make any decent crackme, you need to learn at least basics of reversing. So, you can start by reading tutorials. For example, "simple crackme tutorial" would be a nice Google search for starters. You can also read solutions for different CTFs (Capture The Flag contests). For example, FLARE-ON always starts with very simple crackmes (and get difficult really quick), and there's plenty of solutions available. Once you know how reversing process works, you'll be able to come up with more complex ways to protect your code. Haha, I hoped someone would fall for it! hunter2 isn't the correct one, try again :b.
kao Posted February 5, 2019 Posted February 5, 2019 (edited) It accepts the password and prints "Well done" message. Sounds like a solution to me. If the goal was to find any other message, you should have specified that in the crackme description. EDIT: I'm not aware of any specific attack to the hash you're using. So, it boils down to bruteforcing a specific 64bit hash value which is considered out-of-reach for desktop computers. Or am I missing something else? Edited February 5, 2019 by kao
phasermoon Posted February 5, 2019 Author Posted February 5, 2019 (edited) 4 minutes ago, kao said: It accepts the password and prints "Well done" message. Sounds like a solution to me. If the goal was to find any other message, you should have specified that in the crackme description. Sorry, I thought that "haven't you? :X" is clear enough, my bad! To clarify, the correct message includes "tuts4you"! Tip: Spoiler Check the exports. Edited February 5, 2019 by phasermoon
kao Posted February 5, 2019 Posted February 5, 2019 The correct message is Spoiler GJ, tell me on tuts4you! But, as I explained in my previous post, it's pretty much impossible to obtain password which will yield this message. And there are no exports in your file - so your hint is either wrong or I didn't guess the true meaning of it. In either case, I truly hate "do random shit until you figure out what obscure stuff author wants you to do"-style of crackmes, so I'm out.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now