Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Language : C++
Platform : Windows
OS Version : Windows 7,8,8.1,10
Packer / Protector : Own

Description :

Enter correct key and you willl see the flag, and this is result. Post flag to spoiler with wirite up how you decoded it.

eeexxcxx.jpg

CrackMe.exe

Solved by kao

Go to solution
  • Solution

You don't need to know correct key to get the flag:

Spoiler

This_Is_Very_Easy_Eddy^CZ

Is that what you're looking for?

 

How-to:
1) Run and dump from memory;
2) (optional) Fix imports with Scylla;
3) Load dump in IDA;
4) Find WndProc and see how WM_COMMAND is handled;
5) The key check is very convoluted but it all ends up here:

  ... lots of horrible operations with entered key ..

  strncpy(buffer, encryptedFlag, 25);
  for ( n = 0; n < 25; ++n )
  {
    v3 = buffer[n];
    v4 = HIDWORD(v3) ^ HIDWORD(v20) ^ HIDWORD(v21) ^ HIDWORD(v22) ^ HIDWORD(v23) ^ HIDWORD(v11);
    v8[2 * n] = v3 ^ v20 ^ v21 ^ v22 ^ v23 ^ v11;
    v8[2 * n + 1] = v4;
    decryptedFlag[n] = v8[2 * n];
  }

  // check last 2 bytes of decrypted flag
  result = 24;
  if ( decryptedFlag[24] == 'Z' )
  {
    result = 23;
    if ( decryptedFlag[23] == 'C' )
...

Xor key for all bytes is the same. :wacko: 

You know encrypted flag. You know last 2 bytes of decrypted flag. So, you can deduce XOR key and decrypt the flag.

  • Author

Hmm 😂 , Nice cold job kao! I know the XOR key is always the same. Next time there will be RSA for key checking. Very much appreciated that you described the procedure. See you next time 😎

  • 7 months later...

I have an OLE DB provider includes 2 dlls. It is secured:

it calculates some check sum of machine and compare with sum encoded in license file provided by author.

By default the file contains something which allows to work full-functionally 14 trial days.

How to fix the dll  using way described above by kao ?

 

WIN10 cannot run!🙂

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.