Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Language : Golang
Platform : Windows x86
OS Version : Tested on Windows 10 / Windows 7
Packer / Protector : UPX 

Description :

This is a very simple crack me coded in Go.  It is packed with UPX (unmodified) only to shrink the size of the binary. 

Screenshot :

image.png.4979512342b6b3aa10429ffbe14ca8a2.png

 

Scan Results :

Packed: https://www.virustotal.com/gui/file/d2194772a522b19fdd08d78fb5aaf7a9d1cd856978445e163429819ef273452b/detection
Unpacked: https://www.virustotal.com/gui/file/79e746354ad7bf267e9d03660c24eeed49df79d801a453c67c7416b069a3fc6d/detection

 

CrackMe.exe

  • 11 months later...

Hi

Password : @flag{}

inline patched file attached

CrackMe_inlined.rar

Edited by Sh4DoVV

  • 2 months later...
  • 2 years later...

flag is @flag{}    

if ( v2 == 7 && (LOBYTE(v7[1]) = runtime_memequal(v1, (__int64)"@flag{}", 7LL)) != 0 )
    {
      v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v14,
                               1LL,
                               1LL);
    }
    else
    {
      v13[0] = (__int64)&RTYPE_string;
      v13[1] = (__int64)&off_4E19E0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v13,
                               1LL,
                               1LL);
    }

are there any means in IDA to understand go strings like

 v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;

 

and print real string bytes instead of this struct?

  • 2 weeks later...
On 4/5/2023 at 12:23 PM, REFAIM said:

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

On 4/6/2023 at 5:47 PM, agentjones said:

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

Thanks!

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.