Jump to content
View in the app

A better way to browse. Learn more.
Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

My first easy CrackMe

m0rfl1ng
m0rfl1ng
in CrackMe

Featured Replies

Posted

My first easy CrackMe

Hi guys , i write a very simple crack me , i really do not know how i should secure my code just write a very basic one . anyway i know it's very easy but still wanted to know other peoples opinion. if it did not run please let me know , i did not use any packer , or protector , just my own code , and it's written in C++ with visual studio 2019 on windows 10.

Submitter: m0rfl1ng

Category: CrackMe

Virus Total Scan

File Information

Submitter m0rfl1ng

Submitted 11/28/2020

Category CrackMe

View File

My first easy CrackMe

  • 3 weeks later...
  • Author

any progress guys?

  • 6 months later...
On 12/17/2020 at 8:02 PM, m0rfl1ng said:

any progress guys?

nope.

  • 11 months later...

Had a look at this one, it's not as straightforward as the title suggests, but in hindsight it may look trivial.

Tools used: x64dbg, optionally idafree

The strings that the program outputs are encrypted, setting a breakpoint at WriteConsole and searching the decryption function starting from main() was kinda slow as the decryption core lies 5 levels deep in the callstack.

The Decryption algorithm for the output strings is AES-NI, the encrypted strings are embedded in control flow as single-byte pieces, thereby nodes containing payload are easy to spot in the  callgraph.

main.png.4ceb12d20a95aed8af8a7b1e5629752c.png

The main function loops until the correct input is entered, some of the program's replies are checked (switch or if). The decryption routine (top level) is at offset 2540. It is called for all strings, no matter if the input is correct or not.

The obvious vulnerability is this conditional jump at file offset 5369, patch out the jump and the program will always accept the input.

The jump is done when a check-function for the payload of the encrypted string "Correct !" returns 0.

Analyzing that check-function (offset 3750) is only necessary to get the genuine password which is left as an exercise to the reader...

I was surprised,  the strings were well hidden with encryption, I have seen others doing worse.

I struggled with the complexity introduced by aes at first, I was used to easier string encryptions like XORing, TEA where one can observe the decryption more or less directly.

 

 

 

    • Like 1
    • 1 month later...

    This is my solution:

    1. add breakpoint at kernel32.dll:WriteFile

    2.enter any thing, it will break on output error message.

    3. you will find the key codes is in the main function. then you will find the importa jmp codes

    4.change jz xxx to nop:

    00007FF709525F69    0x2    74 14     90 90 

    apply patch to file.

    Create an account or sign in to comment

    Go to topic listing

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.