Jump to content
Tuts 4 You
Sign in to follow this  
SimplyMercurial

Poetic AutoIt (string/integer obfuscation)

Recommended Posts

SimplyMercurial

Poetic AutoIt (string/integer obfuscation)


This is a simple CrackMe consisting of an input. The correct input is two stanzas of a particular poem and will reveal a label of the poem title and author upon success. Otherwise, "Try again..." will be displayed.

If I'm allowed to be picky, I'm primarily interested in scripted efforts to RegEx analyze strings/integers. Very little effort (as in none) went into hiding the correct string. The script was merely passed-through a self-made obfuscator.

Full disclosure:  It contains rudimentary debugger and compilation checks which, if failed, falls into a while loop with a one second sleep (harmless). But, as stated above, this isn't the focus of what I'm after.

 

 


 

Share this post


Link to post
SHADOW_UA

Short way: search for memory (could be complex if you don't know what to search)

Spoiler

1.png.641389a71272c59a430a1ab40d9a8d74.png

Longer way: Unpack with UPX, use AutoIt Decompiler on the file. If we launch decompiled script, it will freeze. That is because there is a certain check that prevents us from running.

$_1111111ll11 = @Compiled
; ...
If NOT $_1111111ll11 Then _ll11lll1111() ; we have to comment this to be able to run

A correct "good boy" password can be obtained without analyzing how strings are stored as we can always print any variable to a messagebox.

Spoiler

2.png.b0f06e992d5f9ba8d5b6299ff341d054.png

 

  • Like 1

Share this post


Link to post
SimplyMercurial

Nicely done, though that wasn't particularly what I was requesting.

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  
×
×
  • Create New...