Jump to content
Tuts 4 You

CrackMe Native

Go to solution Solved by kao,

Recommended Posts

Language : C++
Platform : Windows
OS Version : Windows 7,8,8.1,10
Packer / Protector : Own

Description :

Enter correct key and you willl see the flag, and this is result. Post flag to spoiler with wirite up how you decoded it.



Link to comment
  • Solution

You don't need to know correct key to get the flag:



Is that what you're looking for?


1) Run and dump from memory;
2) (optional) Fix imports with Scylla;
3) Load dump in IDA;
4) Find WndProc and see how WM_COMMAND is handled;
5) The key check is very convoluted but it all ends up here:

  ... lots of horrible operations with entered key ..

  strncpy(buffer, encryptedFlag, 25);
  for ( n = 0; n < 25; ++n )
    v3 = buffer[n];
    v4 = HIDWORD(v3) ^ HIDWORD(v20) ^ HIDWORD(v21) ^ HIDWORD(v22) ^ HIDWORD(v23) ^ HIDWORD(v11);
    v8[2 * n] = v3 ^ v20 ^ v21 ^ v22 ^ v23 ^ v11;
    v8[2 * n + 1] = v4;
    decryptedFlag[n] = v8[2 * n];

  // check last 2 bytes of decrypted flag
  result = 24;
  if ( decryptedFlag[24] == 'Z' )
    result = 23;
    if ( decryptedFlag[23] == 'C' )

Xor key for all bytes is the same. :wacko: 

You know encrypted flag. You know last 2 bytes of decrypted flag. So, you can deduce XOR key and decrypt the flag.

  • Like 3
  • Thanks 1
Link to comment

Hmm 😂 , Nice cold job kao! I know the XOR key is always the same. Next time there will be RSA for key checking. Very much appreciated that you described the procedure. See you next time 😎

Link to comment
  • 7 months later...

I have an OLE DB provider includes 2 dlls. It is secured:

it calculates some check sum of machine and compare with sum encoded in license file provided by author.

By default the file contains something which allows to work full-functionally 14 trial days.

How to fix the dll  using way described above by kao ?


Link to comment

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...