Jump to content
Tuts 4 You

CheckMePlease

CodeExplorer

By CodeExplorer
in CrackMe

 Share

Recommended Posts

CodeExplorer

CodeExplorer

Posted
Posted
CheckMePlease

View File

CheckMePlease

This crackme is created with Qt v4.8.4,
The goal of this crackme is to make the CheckBox checked,
not to only pass the check when the Check button is pressed.
There is also the options of creating an program which will change the state of CheckBox.
I don't think is trivial task: I can't even enumerate windows.
 

 

  • Like 1
Link to comment
Share on other sites
KesMezar

KesMezar

Posted
Posted (edited)

Hello, I do not speak English, I used translation. Winabler - for the problem of not being able to access the qt interface with enabler style programs; 1) First run your program. 2) Then run my program and click it. (I may have misunderstood your request.)

https://dosya.co/htxqwzjqb897/k3sm3z4r.rar.html

Edit: I guess that wasn't the right solution. A real solution was to have full access to the checkbox and button. It will be useful for me to learn the solution. Thanks.

 

Edited by kesmezar
Link to comment
Share on other sites
CodeExplorer

CodeExplorer

Posted
  • Author
Posted

k3sm3z4r, your solution is something like this:

originalWindow = USER32.GetForegroundWindow;
SetForegroundWindow(USER32.FindWindowW("QWidget", "CheckMePlease"));
Press Tab: USER32.MapVirtualKeyW(tab) & USER32.SendInput;  // 9 = tab
Press Spacebar (check the CheckBox): USER32.MapVirtualKeyW(Space) & USER32.SendInput;  // 32 = Space
Press Tab: USER32.MapVirtualKeyW(tab) & USER32.SendInput;  // 9 = tab
Press Enter: USER32.MapVirtualKeyW(Enter) & USER32.SendInput;
SetForegroundWindow(originalWindow);

Pressing the Enter will press the button,
anyway pressing key may not always be the best solution.
But it seems that childs of main Window don't actually have a native Window, don't know how it is possible.
 

Link to comment
Share on other sites
KesMezar

KesMezar

Posted
Posted (edited)

Yes, that's what I did. I've tried almost 30 programs like winspy, winhack, and what they do is just find the Qt class name. It definitely needs a tool for this and I'm working on this.

Edit: I read that the only program that can act like WinSpy is GammaRay Qt.

Edit: My delphi solution; 

procedure TForm2.Button1Click(Sender: TObject);
var s:string;
pencere: Hwnd;
i:integer;
begin
pencere :=  FindWindow('QWidget', 'CheckMePlease');
  if pencere=0 then               
    shellExecute(Handle,'open',pchar('CheckMePlease'),pchar(s),nil,SW_SHOWNORMAL);
  while pencere=0 do begin
    pencere :=  FindWindow('QWidget', 'CheckMePlease');
    Sleep(1000);
  end;
  BringWindowToTop(pencere);
  ////pencere :=  FindWindowEx(pencere, 0, 'QWidget', 'QPopup'); //QtGui4.QAbstractButton::isChecked???
  ////pencere :=  FindWindowEx(pencere, 0, 'QWidget', 'QAbstractButton');
  if pencere <> 0 then
  begin
    while GetForegroundwindow<>pencere do
      Sleep(1000);
    PostMessage(pencere,WM_KEYDOWN,9,0); //9 tab
    PostMessage(pencere,WM_KEYUP,9,0);
    PostMessage(pencere,WM_KEYDOWN,32,0);//32 space
    PostMessage(pencere,WM_KEYUP,32,0);
    //Sleep(1000);
    PostMessage(pencere,WM_KEYDOWN,9,0);
    PostMessage(pencere,WM_KEYUP,9,0);
    PostMessage(pencere,WM_KEYDOWN,32,0);
    PostMessage(pencere,WM_KEYUP,32,0);
  end;
end;

 

Edited by k3sm3z4r
  • Like 1
Link to comment
Share on other sites
CodeExplorer

CodeExplorer

Posted
  • Author
Posted

I forget to tell the programming tutorial I've used for learning how to create this crackme:
My first application - Qt for Symbian
https://www.youtube.com/watch?v=AKJsnUluU2E
( You could check it if you want ).

Qt way of solving this:
void QtWay()
{
HWND hWnd = FindWindow(TEXT("QWidget"), TEXT("Check Solver"));
QWidget *widget = QWidget::find(hWnd);
        if (widget)
        {
        QCheckBox* checkbox1 = widget->findChild<QCheckBox*>("checkBoxX");
        if (checkbox1)
        checkbox1->setChecked(true);
        
        QPushButton* button = widget->findChild<QPushButton*>("Button1");
        if (button)
        button->click();

        }
}

// Unfortunately QWidget::find only works for current process window and not for other processes.
Native way have other problem, you must create native windows with winId():

void NativeWay()
{
HWND hWnd = FindWindow(TEXT("QWidget"), TEXT("Check Solver"));

QWidget *widget = QWidget::find(hWnd);
QCheckBox* checkbox1 = widget->findChild<QCheckBox*>();
HWND cbh = checkbox1->winId();

        HWND centralhWnd = FindWindowExW(hWnd, NULL, TEXT("QWidget"), TEXT("centralWidget"));

        HWND buthWnd = NULL;
        HWND checkhWnd = NULL;

        if (centralhWnd)
        {
        buthWnd = FindWindowExW(centralhWnd, NULL, TEXT("QWidget"), TEXT("Button1"));
        checkhWnd = FindWindowExW(centralhWnd, NULL, TEXT("QWidget"), TEXT("checkBoxX"));

        if (checkhWnd)
        {  // click the checkbox
        SendMessage(checkhWnd, WM_LBUTTONDOWN, 0, NULL);
        SendMessage(checkhWnd, WM_LBUTTONUP, 0, NULL);
        }

        if (buthWnd)
        {  // click the button
        // SendMessage(buthWnd, WM_LBUTTONDOWN, 0, NULL);
        // SendMessage(buthWnd, WM_LBUTTONUP, 0, NULL);
        }

        }


}

Maybe someone will find them useful...
 

  • Like 1
Link to comment
Share on other sites
  • 5 weeks later...
Washi

Washi

Posted
Posted

Not sure if it is just me, but the application is not working on Windows 10 64-bit with MinGW installed?

image.png.14b6b4f7910906501bf68b21995cee0e.png

Mind uploading the dlls that you used (i.e. the Qt and standard c++ libs)? I downloaded the Qt dlls manually, but that does not seem to be working properly for me.

Link to comment
Share on other sites
  • 4 months later...
CodeExplorer

CodeExplorer

Posted
  • Author
Posted

@Washi:
You can download dlls from:
https://www.dll-files.com/qtgui4.dll.html
https://www.dll-files.com/qtcore4.dll.html
just make sure you grab Qt v4.8.4.

I have some new ideas:
we have to get the QCheckBox class, (don't know exactly how yet)
setChecked just set one int variable.
More qt programs needed, different qt versions.
 

Link to comment
Share on other sites
  • 2 years later...
CodeExplorer

CodeExplorer

Posted
  • Author
Posted

https://codebrowser.dev/qt5/qtbase/src/widgets/kernel/qwidget.cpp.html#_ZN14QWidgetPrivate11createWinIdEv 

void QWidgetPrivate::createWinId()
{
    Q_Q(QWidget);
#ifdef ALIEN_DEBUG
    qDebug() << "QWidgetPrivate::createWinId for" << q;
#endif
    const bool forceNativeWindow = q->testAttribute(Qt::WA_NativeWindow);
    if (!q->testAttribute(Qt::WA_WState_Created) || (forceNativeWindow && !q->internalWinId())) {
        if (!q->isWindow()) {
            QWidget *parent = q->parentWidget();
            QWidgetPrivate *pd = parent->d_func();
            if (forceNativeWindow && !q->testAttribute(Qt::WA_DontCreateNativeAncestors))
                parent->setAttribute(Qt::WA_NativeWindow);
            if (!parent->internalWinId()) {
                pd->createWinId();
            }
            for (int i = 0; i < pd->children.size(); ++i) {
                QWidget *w = qobject_cast<QWidget *>(pd->children.at(i));
                if (w && !w->isWindow() && (!w->testAttribute(Qt::WA_WState_Created)|| (!w->internalWinId() && w->testAttribute(Qt::WA_NativeWindow)))) {
                    w->create();
                }
            }
        } else {
            q->create();
        }
    }
}

At:
void QWidgetPrivate::create()
{
...

void QWidget::setWindowState(Qt::WindowStates newstate)
{
// calls QWidgetPrivate::create()
 

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...