Posted June 27, 20196 yr Language : Golang Platform : Windows x86 OS Version : Tested on Windows 10 / Windows 7 Packer / Protector : UPX Description : This is a very simple crack me coded in Go. It is packed with UPX (unmodified) only to shrink the size of the binary. Screenshot : Scan Results : Packed: https://www.virustotal.com/gui/file/d2194772a522b19fdd08d78fb5aaf7a9d1cd856978445e163429819ef273452b/detection Unpacked: https://www.virustotal.com/gui/file/79e746354ad7bf267e9d03660c24eeed49df79d801a453c67c7416b069a3fc6d/detection CrackMe.exe
May 29, 20205 yr Hi Password : @flag{} inline patched file attached CrackMe_inlined.rar Edited May 29, 20205 yr by Sh4DoVV
August 7, 20205 yr On 5/29/2020 at 3:35 PM, Sh4DoVV said: Hi Password : @flag{} inline patched file attached CrackMe_inlined.rar 504.41 kB · 6 downloads nice
March 22, 20232 yr flag is @flag{} if ( v2 == 7 && (LOBYTE(v7[1]) = runtime_memequal(v1, (__int64)"@flag{}", 7LL)) != 0 ) { v14[0] = (__int64)&RTYPE_string; v14[1] = (__int64)&off_4E19D0; *((_QWORD *)&v8 + 1) = fmt_Fprintln( (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer, qword_572238, (__int64)v14, 1LL, 1LL); } else { v13[0] = (__int64)&RTYPE_string; v13[1] = (__int64)&off_4E19E0; *((_QWORD *)&v8 + 1) = fmt_Fprintln( (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer, qword_572238, (__int64)v13, 1LL, 1LL); }
March 23, 20232 yr are there any means in IDA to understand go strings like v14[0] = (__int64)&RTYPE_string; v14[1] = (__int64)&off_4E19D0; and print real string bytes instead of this struct?
April 5, 20232 yr Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741
April 6, 20232 yr On 4/5/2023 at 12:23 PM, REFAIM said: Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741 Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.
April 14, 20232 yr On 4/6/2023 at 5:47 PM, agentjones said: Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries. Thanks!
Create an account or sign in to comment