m0rfl1ng Posted November 28, 2020 Posted November 28, 2020 View File My first easy CrackMe Hi guys , i write a very simple crack me , i really do not know how i should secure my code just write a very basic one . anyway i know it's very easy but still wanted to know other peoples opinion. if it did not run please let me know , i did not use any packer , or protector , just my own code , and it's written in C++ with visual studio 2019 on windows 10. Submitter: m0rfl1ng Category: CrackMe Virus Total Scan Submitter m0rfl1ng Submitted 11/28/2020 Category CrackMe
Zeptar Posted June 21, 2021 Posted June 21, 2021 On 12/17/2020 at 8:02 PM, m0rfl1ng said: any progress guys? nope.
dtor135 Posted May 26, 2022 Posted May 26, 2022 Had a look at this one, it's not as straightforward as the title suggests, but in hindsight it may look trivial. Tools used: x64dbg, optionally idafree The strings that the program outputs are encrypted, setting a breakpoint at WriteConsole and searching the decryption function starting from main() was kinda slow as the decryption core lies 5 levels deep in the callstack. The Decryption algorithm for the output strings is AES-NI, the encrypted strings are embedded in control flow as single-byte pieces, thereby nodes containing payload are easy to spot in the callgraph. The main function loops until the correct input is entered, some of the program's replies are checked (switch or if). The decryption routine (top level) is at offset 2540. It is called for all strings, no matter if the input is correct or not. The obvious vulnerability is this conditional jump at file offset 5369, patch out the jump and the program will always accept the input. The jump is done when a check-function for the payload of the encrypted string "Correct !" returns 0. Analyzing that check-function (offset 3750) is only necessary to get the genuine password which is left as an exercise to the reader... I was surprised, the strings were well hidden with encryption, I have seen others doing worse. I struggled with the complexity introduced by aes at first, I was used to easier string encryptions like XORing, TEA where one can observe the decryption more or less directly. 1
db123 Posted July 1, 2022 Posted July 1, 2022 This is my solution: 1. add breakpoint at kernel32.dll:WriteFile 2.enter any thing, it will break on output error message. 3. you will find the key codes is in the main function. then you will find the importa jmp codes 4.change jz xxx to nop: 00007FF709525F69 0x2 74 14 90 90 apply patch to file.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now