CheckMePlease

This crackme is created with Qt v4.8.4,
The goal of this crackme is to make the CheckBox checked,
not to only pass the check when the Check button is pressed.
There is also the options of creating an program which will change the state of CheckBox.
I don't think is trivial task: I can't even enumerate windows.
 

File Information

Submitter CodeExplorer

Submitted 12/20/2020

Category CrackMe

View File

Hello, I do not speak English, I used translation. Winabler - for the problem of not being able to access the qt interface with enabler style programs; 1) First run your program. 2) Then run my program and click it. (I may have misunderstood your request.)

https://dosya.co/htxqwzjqb897/k3sm3z4r.rar.html

Edit: I guess that wasn't the right solution. A real solution was to have full access to the checkbox and button. It will be useful for me to learn the solution. Thanks.

 

Edited December 22, 20204 yr by kesmezar

k3sm3z4r, your solution is something like this:

originalWindow = USER32.GetForegroundWindow;
SetForegroundWindow(USER32.FindWindowW("QWidget", "CheckMePlease"));
Press Tab: USER32.MapVirtualKeyW(tab) & USER32.SendInput;  // 9 = tab
Press Spacebar (check the CheckBox): USER32.MapVirtualKeyW(Space) & USER32.SendInput;  // 32 = Space
Press Tab: USER32.MapVirtualKeyW(tab) & USER32.SendInput;  // 9 = tab
Press Enter: USER32.MapVirtualKeyW(Enter) & USER32.SendInput;
SetForegroundWindow(originalWindow);

Pressing the Enter will press the button,
anyway pressing key may not always be the best solution.
But it seems that childs of main Window don't actually have a native Window, don't know how it is possible.
 

Yes, that's what I did. I've tried almost 30 programs like winspy, winhack, and what they do is just find the Qt class name. It definitely needs a tool for this and I'm working on this.

Edit: I read that the only program that can act like WinSpy is GammaRay Qt.

Edit: My delphi solution;

procedure TForm2.Button1Click(Sender: TObject);
var s:string;
pencere: Hwnd;
i:integer;
begin
pencere :=  FindWindow('QWidget', 'CheckMePlease');
  if pencere=0 then               
    shellExecute(Handle,'open',pchar('CheckMePlease'),pchar(s),nil,SW_SHOWNORMAL);
  while pencere=0 do begin
    pencere :=  FindWindow('QWidget', 'CheckMePlease');
    Sleep(1000);
  end;
  BringWindowToTop(pencere);
  ////pencere :=  FindWindowEx(pencere, 0, 'QWidget', 'QPopup'); //QtGui4.QAbstractButton::isChecked???
  ////pencere :=  FindWindowEx(pencere, 0, 'QWidget', 'QAbstractButton');
  if pencere <> 0 then
  begin
    while GetForegroundwindow<>pencere do
      Sleep(1000);
    PostMessage(pencere,WM_KEYDOWN,9,0); //9 tab
    PostMessage(pencere,WM_KEYUP,9,0);
    PostMessage(pencere,WM_KEYDOWN,32,0);//32 space
    PostMessage(pencere,WM_KEYUP,32,0);
    //Sleep(1000);
    PostMessage(pencere,WM_KEYDOWN,9,0);
    PostMessage(pencere,WM_KEYUP,9,0);
    PostMessage(pencere,WM_KEYDOWN,32,0);
    PostMessage(pencere,WM_KEYUP,32,0);
  end;
end;

 

Edited December 24, 20204 yr by k3sm3z4r

I forget to tell the programming tutorial I've used for learning how to create this crackme:
My first application - Qt for Symbian
https://www.youtube.com/watch?v=AKJsnUluU2E
( You could check it if you want ).

Qt way of solving this:
void QtWay()
{
HWND hWnd = FindWindow(TEXT("QWidget"), TEXT("Check Solver"));
QWidget *widget = QWidget::find(hWnd);
        if (widget)
        {
        QCheckBox* checkbox1 = widget->findChild<QCheckBox*>("checkBoxX");
        if (checkbox1)
        checkbox1->setChecked(true);
        
        QPushButton* button = widget->findChild<QPushButton*>("Button1");
        if (button)
        button->click();

        }
}

// Unfortunately QWidget::find only works for current process window and not for other processes.
Native way have other problem, you must create native windows with winId():

void NativeWay()
{
HWND hWnd = FindWindow(TEXT("QWidget"), TEXT("Check Solver"));

QWidget *widget = QWidget::find(hWnd);
QCheckBox* checkbox1 = widget->findChild<QCheckBox*>();
HWND cbh = checkbox1->winId();

        HWND centralhWnd = FindWindowExW(hWnd, NULL, TEXT("QWidget"), TEXT("centralWidget"));

        HWND buthWnd = NULL;
        HWND checkhWnd = NULL;

        if (centralhWnd)
        {
        buthWnd = FindWindowExW(centralhWnd, NULL, TEXT("QWidget"), TEXT("Button1"));
        checkhWnd = FindWindowExW(centralhWnd, NULL, TEXT("QWidget"), TEXT("checkBoxX"));

        if (checkhWnd)
        {  // click the checkbox
        SendMessage(checkhWnd, WM_LBUTTONDOWN, 0, NULL);
        SendMessage(checkhWnd, WM_LBUTTONUP, 0, NULL);
        }

        if (buthWnd)
        {  // click the button
        // SendMessage(buthWnd, WM_LBUTTONDOWN, 0, NULL);
        // SendMessage(buthWnd, WM_LBUTTONUP, 0, NULL);
        }

        }

}

Maybe someone will find them useful...
 

Not sure if it is just me, but the application is not working on Windows 10 64-bit with MinGW installed?

Mind uploading the dlls that you used (i.e. the Qt and standard c++ libs)? I downloaded the Qt dlls manually, but that does not seem to be working properly for me.

@Washi:
You can download dlls from:
https://www.dll-files.com/qtgui4.dll.html
https://www.dll-files.com/qtcore4.dll.html
just make sure you grab Qt v4.8.4.

I have some new ideas:
we have to get the QCheckBox class, (don't know exactly how yet)
setChecked just set one int variable.
More qt programs needed, different qt versions.
 

https://codebrowser.dev/qt5/qtbase/src/widgets/kernel/qwidget.cpp.html#_ZN14QWidgetPrivate11createWinIdEv

void QWidgetPrivate::createWinId()
{
    Q_Q(QWidget);
#ifdef ALIEN_DEBUG
    qDebug() << "QWidgetPrivate::createWinId for" << q;
#endif
    const bool forceNativeWindow = q->testAttribute(Qt::WA_NativeWindow);
    if (!q->testAttribute(Qt::WA_WState_Created) || (forceNativeWindow && !q->internalWinId())) {
        if (!q->isWindow()) {
            QWidget *parent = q->parentWidget();
            QWidgetPrivate *pd = parent->d_func();
            if (forceNativeWindow && !q->testAttribute(Qt::WA_DontCreateNativeAncestors))
                parent->setAttribute(Qt::WA_NativeWindow);
            if (!parent->internalWinId()) {
                pd->createWinId();
            }
            for (int i = 0; i < pd->children.size(); ++i) {
                QWidget *w = qobject_cast<QWidget *>(pd->children.at(i));
                if (w && !w->isWindow() && (!w->testAttribute(Qt::WA_WState_Created)|| (!w->internalWinId() && w->testAttribute(Qt::WA_NativeWindow)))) {
                    w->create();
                }
            }
        } else {
            q->create();
        }
    }
}

At:
void QWidgetPrivate::create()
{
...

void QWidget::setWindowState(Qt::WindowStates newstate)
{
// calls QWidgetPrivate::create()