A Simple Go CrackMe

[jameswoods]

Language : Golang
Platform : Windows x86
OS Version : Tested on Windows 10 / Windows 7
Packer / Protector : UPX 

Description :

This is a very simple crack me coded in Go.  It is packed with UPX (unmodified) only to shrink the size of the binary. 

Screenshot :

 

Scan Results :

Packed: https://www.virustotal.com/gui/file/d2194772a522b19fdd08d78fb5aaf7a9d1cd856978445e163429819ef273452b/detection
Unpacked: https://www.virustotal.com/gui/file/79e746354ad7bf267e9d03660c24eeed49df79d801a453c67c7416b069a3fc6d/detection

 

CrackMe.exe

[Sh4DoVV]

Hi

Password : @flag{}

inline patched file attached

CrackMe_inlined.rar

Edited May 29, 2020 by Sh4DoVV

[GioTiN]

On 5/29/2020 at 3:35 PM, Sh4DoVV said:

Hi

Password : @flag{}

inline patched file attached

CrackMe_inlined.rar 504.41 kB · 6 downloads

nice

[pendos1111111]

flag is @flag{}    

if ( v2 == 7 && (LOBYTE(v7[1]) = runtime_memequal(v1, (__int64)"@flag{}", 7LL)) != 0 )
    {
      v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v14,
                               1LL,
                               1LL);
    }
    else
    {
      v13[0] = (__int64)&RTYPE_string;
      v13[1] = (__int64)&off_4E19E0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v13,
                               1LL,
                               1LL);
    }

[jackyjask]

are there any means in IDA to understand go strings like

 v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;

 

and print real string bytes instead of this struct?

[REFAIM]

Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741

[agentjones]

On 4/5/2023 at 12:23 PM, REFAIM said:

Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

[REFAIM]

On 4/6/2023 at 5:47 PM, agentjones said:

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

Thanks!