September 15Sep 15 [ Crackme ] Unknown .NET Protection [ VM ] Hi,First of all i have to say " this is not my project and some friend ask me to upload challenge here "Compiler : .NETProtection : [+] Binary Obfuscation[+] Code Virtualization[+] Anti-Debugging / Anti-Tampering[+] Maybe some other protectionRule :Patch file to accept any password or find real password ( both accepted )i will appreciate if you write something about you have doneHint :Run & Analyze file inside VM or isolated environment becuase of file isn't mine so i'm not responsible for anything Regards File Information Submitter Gladiator Submitted 09/16/2025 Category CrackMe View File
October 12Oct 12 1 hour ago, CodeExplorer said:When I run the file is just erase itself. Is this normal?Same issue I think its Anti debug If something is detected then the exe is removed.
October 13Oct 13 this is just another pasted and pasted. Double anti tamper from cfex, a simple jit which we can invoke the dictionary and get the jitted method data, restore. Double or triple proxy call. Reference Proxy. Most of it from Inx, iirc the jit was made by gabriel and pasted to other obf especially inx
October 13Oct 13 6 hours ago, Mr-Toms said:this is just another pasted and pasted. Double anti tamper from cfex, a simple jit which we can invoke the dictionary and get the jitted method data, restore. Double or triple proxy call. Reference Proxy. Most of it from Inx, iirc the jit was made by gabriel and pasted to other obf especially inxYes your write Another call is here
October 17Oct 17 Solution .NET is kinda cool. Anyways AOB scan 0F 84 71 01 00 00 81 C6 then just flip JE -> JNE.051B9F43 - 0F84 71010000 - je 051BA0BA in my case its on this address.
10 hours ago10 hr Hello,perhaps really old information but since i have patched it i wanted to find valid password for it as well.AOB Scan : 8B 55 80 FF 15 ?? ?? ?? ?? 85 C0Asm code around it : mov edx,[ebp-80] ; Load user inputcall [comparison] ; Compare with passwordtest eax,eax ; Check resultje FAIL ; Jump if wrongPlace breakpoint on mov edx first instruction,type something random inside crackme and let it run,after it breakpoints step over and hover to EDX.Check EDX in memory view and it holds :[Header bytes] [Length: 4 bytes] [Unicode characters: 2 bytes each]DC AB DC 71 15 00 00 00 <- Header + Length (0x15 = 21 chars) 65 00 30 00 64 00 30 00 <- 'e' '0' 'd' '0' 66 00 36 00 66 00 39 00 <- 'f' '6' 'f' '9'You have to convert each UNICODE to ASCII and final password is : e0d0f6f9c77f9d9a3f4d!
Create an account or sign in to comment