Upload: 4:19 PM 09/15/2018
Crack noprelo - The goal is to show the Good Boy message.
IDAPRO on 10:31 AM 09/28/2018: Hello kellek,
the behavior of the ptrace function is not well defined. This function only can take two possible values (0 or -1) depending on the number of calls that you have done to it.
This makes impossible to resolve the challenge by line command.
kuroguro on 6:32 PM 09/28/2018: I wonder if the ptrace is there so a parent process can attach to it and manipulate it's memory? Not 100% sure what counts as a valid solution in this case.
kuroguro on 8:35 PM 09/28/2018: Does this count? :D
gdb --batch-silent -ex='catch syscall ptrace' -ex=r -ex=c -ex='set ($eax) = 1337' -ex=c --args ./noprelo __gmon_start__
kellek on 8:06 AM 09/30/2018: IDAPRO: try harder :)
@kuroguro: No solutions in the comments please.
Your solve feels like patching during runtime, you should not modify the binary (even if it's in memory).
kuroguro on 1:12 PM 11/01/2018: Can we get a hint? I can't figure it out :/
kuroguro on 4:10 PM 11/01/2018: Would making the binary load a custom libc wrapper count as a solution or can ptrace really return the value? Or is there some other workaround I haven't noticed?
darksk4 on 12:35 AM 01/03/2019: Hello :) Did you already saw my solution? This is my first time so I really don't know how to sent it.
theroot99 on 7:27 PM 05/23/2019: Hi! Cool Crackme! Does patch the binary where the compare on the return value of ptrace is done count as a solution? Or is there an other way to make ptrace return that value?
You must me logged to submit a solution
Solution by SYS_V:I used DLL injection to substitute libc ptrace with my own version of ptrace. The binary was not modified in any way.
Share how awesome the crack me was or where you struggle to finish it ! (Stay polite)