Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Password Keeper

ShockByte
ShockByte
in CrackMe

Featured Replies

Posted

Language: C++
Platform: Windows
OS Version : Windows 7,8,8.1,10
Packer / Protector : None
Virus Total :Scan result

image.png.c2e63701f5c3e254dfb08834e8cd6b9a.png

Enter correct password for getting flag ;)


 

Password Keeper.zip

Edited by ShockByte

    • Thanks 1

    passwords.db? xd

     пароль: F * * king_m0rfing 

    2020-03-16_09-59-13.png

    Edited by KSDR

    • Like 2
    • 2 weeks later...
    • Author
    On 3/15/2020 at 4:22 PM, KSDR said:

     пароль: F * * king_m0rfing 

    2020-03-16_09-59-13.png

    Good Job xD

    • 3 weeks later...

    Someone should post a guide ❤️

    Nice challenge :)

    Quote

    Key: f**ck*ng_m0rfing     (replace the * with the obvious, seems the editor censors it)

    Flag: shb{Vir7u41_pr073c7_xD}

    Approach:

    Spoiler

    Tools used: x64dbg, ghidra, cyberchef

    Open in ghidra, navigate to user main method (FUN_004020b0)

    Notice in this code we are executing a function FUN_00401d90 and if it fails, we output check passwords.db file and skips the main program. This must be reading the passwords db that was provided (renamed to read_passwords_db in picture below):

    Screenshot_20200423_153959.png.c8b57950532a12a9fb3e652b24857c03.png

    Navigate to read_passwords_db, notice strings are obfuscated, but ends with a call to fopen_s, fread_s and some other function FUN_00401850 (in the picture renamed to process_file_contents) that processes the read file contents. Taking a brief look into this function, it seems this function decrypts the contents in some way or another, then returns a newly allocated buffer containing the decrypted file contents. This result is then stored in some global variable DAT_00407828 (in the picture renamed to DECRYPTED_FILE_BUFFER).

    Screenshot_20200423_154453.png.c10f35d883e8add012f5fd533005a00f.png

    Let's let the program decrypt it for us. Fire up x64dbg, execute till this point, dump contents, a trained eye will see this is x86 code (it starts with a very recognizable function prologue push ebp; mov esp, ebp etc). Open this new file in ghidra, let it analyse it, and long and behold the actual verification code:

    Spoiler

    Screenshot_20200423_155020.png.9bf785b3fe8a189c91723e042151a4b9.png

    We can see the encrypted password is XOR'ed with a key of 0x13, and then compared to the input key. If it fails, the bad message is shown and the program exits. Using cyberchef to decrypt the password results in the correct password string.

    Using this as a string will result in the flag being decrypted and shown.

     

    Edited by Washi
    add censoring to the end result

    • Like 1

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.