Upload: 5:33 AM 03/09/2019
No nopping… Get the password :)
Yuri on 11:44 PM 03/11/2019: DO NOT READ IF YOU DO NOT WANT SPOILERS!
I may have figured it out, there seems to be a lot of functionality that is not really used. Maybe filler code to throw us off?
Seems the password is a fixed value added by 1, however, it is put into the heap at a random location within the get_pwd().
If my understanding is correct I will try to write a solution and explain within it.
kuroguro on 10:02 AM 03/12/2019: @Yuri - yep, came to the same conclusion
LinuxH11 on 5:42 PM 03/12/2019: Type w then enter
_Dante_ on 2:01 PM 03/15/2019: SPOILER ALERT:
The password is w0nit4, but like said in the comment above even if you type w and enter it will work anyway, it might a mistake
_Dante_ on 2:02 PM 03/15/2019: *w0n1t4
rmfla on 6:13 PM 03/19/2019: w
Flyour on 2:38 AM 04/29/2019: w
coyote_0x90 on 6:41 AM 05/22/2019: w works for a password. It looks like it only checks the first char:
.text:004015E5 movzx eax, byte ptr [eax]
.text:004015E8 cmp dl, al
.text:004015EA jz short loc_4015F3
But if you step through the get_pwd function, you can see it generate all the chars in "w0n1t4"
You must me logged to submit a solution
Solution by kuroguro:Testing out ghidra's decompiler :3
Solution by Luke:
Solution by LinuxH11:Solution
Solution by _Dante_:Crackme Solution. I used GHIDRA and x32dbg.
Share how awesome the crack me was or where you struggle to finish it ! (Stay polite)