blank Posted April 22, 2019 Share Posted April 22, 2019 (edited) Language: .NET Platform: Windows x32/x64 OS Version: Tested on Windows 10, with .NET 4.6.2 Packer / Protector: WinterStorm 0.1 (Personal Project) Description: Here is a project I've been working on for the last 6 months. It's a follow-up to my previous DynamicMethod attempts. This time I also included some simple JIT hooking. Everything here was written by myself, except a helper class for loading dlls from memory. I hope you'll find it entertaining. I can't wait to hear your thoughts. This is (arguably) the best iteration of the popular game, MineSweeper. Unfortunately, it's a demo, and it only allows for 5 moves. In order to keep playing you have to purchase the full version (contact me for a price 🙂) or to try and patch it. There are 3 checks for the number of moves, that prevent the player from finishing the game. GOALS: Find and remove the first move counter Find and remove the second check Find and remove the third check, making the game playable to the end. BONUS (if you are really bored): There is a secret 'cheat code' that, when used, gives the player a substantial advantage. Find the secret code to master the game. After achieving one, some, or all of the goals, post the patched file and the steps you took. PS: Sorry if the game is a bit slow. Sometimes you have to give it a second between moves. EDIT: If it doesn't run, make sure you have the C runtime library installed too. (specifically, it asks for ucrtbased.dll) EDIT 2: After Eddy's advice, I recompiled the native parts and tried to get rid of most of the useless dependencies. Please download the second version. Screenshot : minesweeper2.exe Edited April 29, 2019 by blank removed useless dependencies Link to comment Share on other sites More sharing options...
NeoNCoding Posted April 23, 2019 Share Posted April 23, 2019 then it will crash Link to comment Share on other sites More sharing options...
blank Posted April 23, 2019 Author Share Posted April 23, 2019 (edited) 4 hours ago, NeoNCoding said: then it will crash Hi, can you please check your OS and .NET versions? I only tested it on .NET 4.6.2 EDIT: It seems you will also need the C/C++ runtime library from Microsoft Let me know if you are still facing issues. For me and some other people who tested it, it seems to work. Edited April 23, 2019 by blank 1 Link to comment Share on other sites More sharing options...
0X7C9 Posted April 23, 2019 Share Posted April 23, 2019 6 hours ago, blank said: Hi, can you please check your OS and .NET versions? I only tested it on .NET 4.6.2 EDIT: It seems you will also need the C/C++ runtime library from Microsoft Let me know if you are still facing issues. For me and some other people who tested it, it seems to work. Blank , you need recompile native part under VC 2008 runtime Without depencies to new Windows CRT Runtime. Link to comment Share on other sites More sharing options...
blank Posted April 23, 2019 Author Share Posted April 23, 2019 1 hour ago, Eddy^CZ said: Blank , you need recompile native part under VC 2008 runtime Without depencies to new Windows CRT Runtime. Thanks for the advice, I uploaded the new version. Link to comment Share on other sites More sharing options...
Solution kao Posted April 26, 2019 Solution Share Posted April 26, 2019 It builds a lot on your previous crackmes. So, most of the answers are already there. 1) Finding first 2 checks - they are in 2 separate dynamic methods. You can simply patch those; 2) Third check is in yet another dynamic method. You can patch it, and play the game till the end. However, the game never shows success screen. I think it's a bug in the crackme, as I could not find any code that would set the required field; 3) There are different ways to get IL code of the dynamic method, for example, this breakpoint might help: 4) To patch crackme, you need to understand how it stores information about dynamic methods. See previous crackmes and solutions for some details and hints. 5) Also you'll need to understand how jit hook decrypts IL code. There's nothing original in it: VirtualProtect -> decrypt code in-place -> jit it -> encrypt code back -> VirtualProtect. Very easy to break in several different ways. So, attached are 2 different versions of solution. First solution patches all 3 checks, you can play the game till the end but not get the success screen. Second solution gives you instant win and shows success screen. Spoiler Bonus: the secret "cheat" code is checked on timer procedure. If you type it quickly enough, it will show the playing field: Spoiler minesweeper-solution-kao.zip 2 Link to comment Share on other sites More sharing options...
blank Posted April 27, 2019 Author Share Posted April 27, 2019 @kao Thank you, your work is fantastic, as usual 🙂. Now that I checked it, indeed the success screen doesn't show up. I initialized a bool with the wrong value... 🙁 . Anyway, I get how you were able to retrieve the original IL code. However, I can't understand how you put the patched code back. If I alter the string that holds the code, the program doesn't work anymore. Could you please give us some clues on how to do it? Thanks again for taking the time to look into this, and for the detailed explanation! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now