Jump to content
Tuts 4 You

A Simple Go CrackMe


jameswoods

Recommended Posts

Language : Golang
Platform : Windows x86
OS Version : Tested on Windows 10 / Windows 7
Packer / Protector : UPX 

Description :

This is a very simple crack me coded in Go.  It is packed with UPX (unmodified) only to shrink the size of the binary. 

Screenshot :

image.png.4979512342b6b3aa10429ffbe14ca8a2.png

 

Scan Results :

Packed: https://www.virustotal.com/gui/file/d2194772a522b19fdd08d78fb5aaf7a9d1cd856978445e163429819ef273452b/detection
Unpacked: https://www.virustotal.com/gui/file/79e746354ad7bf267e9d03660c24eeed49df79d801a453c67c7416b069a3fc6d/detection

 

CrackMe.exe

  • Like 1
Link to comment
Share on other sites

  • 11 months later...
  • 2 months later...
  • 2 years later...
pendos1111111

flag is @flag{}    

if ( v2 == 7 && (LOBYTE(v7[1]) = runtime_memequal(v1, (__int64)"@flag{}", 7LL)) != 0 )
    {
      v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v14,
                               1LL,
                               1LL);
    }
    else
    {
      v13[0] = (__int64)&RTYPE_string;
      v13[1] = (__int64)&off_4E19E0;
      *((_QWORD *)&v8 + 1) = fmt_Fprintln(
                               (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer,
                               qword_572238,
                               (__int64)v13,
                               1LL,
                               1LL);
    }

Link to comment
Share on other sites

are there any means in IDA to understand go strings like

 v14[0] = (__int64)&RTYPE_string;
      v14[1] = (__int64)&off_4E19D0;

 

and print real string bytes instead of this struct?

Link to comment
Share on other sites

  • 2 weeks later...
On 4/5/2023 at 12:23 PM, REFAIM said:

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

  • Like 1
Link to comment
Share on other sites

On 4/6/2023 at 5:47 PM, agentjones said:

Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries.

Thanks!

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...