jameswoods Posted June 27, 2019 Share Posted June 27, 2019 Language : Golang Platform : Windows x86 OS Version : Tested on Windows 10 / Windows 7 Packer / Protector : UPX Description : This is a very simple crack me coded in Go. It is packed with UPX (unmodified) only to shrink the size of the binary. Screenshot : Scan Results : Packed: https://www.virustotal.com/gui/file/d2194772a522b19fdd08d78fb5aaf7a9d1cd856978445e163429819ef273452b/detection Unpacked: https://www.virustotal.com/gui/file/79e746354ad7bf267e9d03660c24eeed49df79d801a453c67c7416b069a3fc6d/detection CrackMe.exe 1 Link to comment Share on other sites More sharing options...
Sh4DoVV Posted May 29, 2020 Share Posted May 29, 2020 (edited) Hi Password : @flag{} inline patched file attached CrackMe_inlined.rar Edited May 29, 2020 by Sh4DoVV 1 Link to comment Share on other sites More sharing options...
GioTiN Posted August 7, 2020 Share Posted August 7, 2020 On 5/29/2020 at 3:35 PM, Sh4DoVV said: Hi Password : @flag{} inline patched file attached CrackMe_inlined.rar 504.41 kB · 6 downloads nice Link to comment Share on other sites More sharing options...
pendos1111111 Posted March 22, 2023 Share Posted March 22, 2023 flag is @flag{} if ( v2 == 7 && (LOBYTE(v7[1]) = runtime_memequal(v1, (__int64)"@flag{}", 7LL)) != 0 ) { v14[0] = (__int64)&RTYPE_string; v14[1] = (__int64)&off_4E19D0; *((_QWORD *)&v8 + 1) = fmt_Fprintln( (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer, qword_572238, (__int64)v14, 1LL, 1LL); } else { v13[0] = (__int64)&RTYPE_string; v13[1] = (__int64)&off_4E19E0; *((_QWORD *)&v8 + 1) = fmt_Fprintln( (__int64)&go_itab__ptr_os_File_comma__ptr_io_Writer, qword_572238, (__int64)v13, 1LL, 1LL); } Link to comment Share on other sites More sharing options...
jackyjask Posted March 23, 2023 Share Posted March 23, 2023 are there any means in IDA to understand go strings like v14[0] = (__int64)&RTYPE_string; v14[1] = (__int64)&off_4E19D0; and print real string bytes instead of this struct? Link to comment Share on other sites More sharing options...
REFAIM Posted April 5, 2023 Share Posted April 5, 2023 Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741 1 Link to comment Share on other sites More sharing options...
agentjones Posted April 6, 2023 Share Posted April 6, 2023 On 4/5/2023 at 12:23 PM, REFAIM said: Full solution including manual unpacking of UPX: https://refaim.medium.com/a-simple-go-crackme-manual-upx-unpacking-e27d83bb8741 Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries. 1 Link to comment Share on other sites More sharing options...
REFAIM Posted April 14, 2023 Share Posted April 14, 2023 On 4/6/2023 at 5:47 PM, agentjones said: Nice article, well laid out. One small correction: the PUSHAD instruction and similar were gutted from the 64bit instruction set, this is why you see multiple individual push instructions in new binaries. Thanks! Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now