CrackMe Native

[0X7C9]

Language : C++
Platform : Windows
OS Version : Windows 7,8,8.1,10
Packer / Protector : Own

Description :

Enter correct key and you willl see the flag, and this is result. Post flag to spoiler with wirite up how you decoded it.

CrackMe.exe

[kao]

You don't need to know correct key to get the flag:

Spoiler

This_Is_Very_Easy_Eddy^CZ

Is that what you're looking for?

 

How-to:
1) Run and dump from memory;
2) (optional) Fix imports with Scylla;
3) Load dump in IDA;
4) Find WndProc and see how WM_COMMAND is handled;
5) The key check is very convoluted but it all ends up here:

  ... lots of horrible operations with entered key ..

  strncpy(buffer, encryptedFlag, 25);
  for ( n = 0; n < 25; ++n )
  {
    v3 = buffer[n];
    v4 = HIDWORD(v3) ^ HIDWORD(v20) ^ HIDWORD(v21) ^ HIDWORD(v22) ^ HIDWORD(v23) ^ HIDWORD(v11);
    v8[2 * n] = v3 ^ v20 ^ v21 ^ v22 ^ v23 ^ v11;
    v8[2 * n + 1] = v4;
    decryptedFlag[n] = v8[2 * n];
  }

  // check last 2 bytes of decrypted flag
  result = 24;
  if ( decryptedFlag[24] == 'Z' )
  {
    result = 23;
    if ( decryptedFlag[23] == 'C' )
...

Xor key for all bytes is the same.  

You know encrypted flag. You know last 2 bytes of decrypted flag. So, you can deduce XOR key and decrypt the flag.

[0X7C9]

Hmm 😂 , Nice cold job kao! I know the XOR key is always the same. Next time there will be RSA for key checking. Very much appreciated that you described the procedure. See you next time 😎

[zhuk]

I have an OLE DB provider includes 2 dlls. It is secured:

it calculates some check sum of machine and compare with sum encoded in license file provided by author.

By default the file contains something which allows to work full-functionally 14 trial days.

How to fix the dll  using way described above by kao ?

 

[kuazi GA]

WIN10 cannot run!🙂