c0b01d on 2019-04-16 07:41:
[Click to reveal]Am I missing a part, or is it not working with an unpatched version?
Here is the password (base64 encoded to not spoil anyone) I found:
IWJyZWFrJA==
Xor0 on 2019-04-18 05:47:
That's a lot of anti debug and anti VM :-) Nice challenge though having to learn about those things. Was good for me to solve. Thanks!
c0b01d on 2019-04-18 15:42:
So did I miss like the very last part of the password? Because it looks like when I run the executable w/o a debugger attached it also triggers the anti debugger function and returns the error message
Xor0 on 2019-04-18 18:00:
c0b0ld - Make sure you don't have firefox running. For some reason it checks that as one of the running processes to fail on. Also, all your tools, like IDA and such should be closed.
c0b01d on 2019-04-18 21:34:
Thanks - firefox made it fail :)
nextco on 2019-04-20 22:17:
@Xor0 Congrats!
You achieved the main objectives.
Note for new solvers
[*] Look at some random antidebug tecniques.
[**] Try to bypass/understand simple hash functions.
coyote_0x90 on 2019-05-25 19:56:
I finally found it as well.
it looks like it checks for debuggers attached, checks that an exception that it triggers gets handled properly (i'm curious what this is looking for?), scans the processes running looking for known ones like IDA, and checks for int 3 breakpoints.
it checksums some of these protection functions to look for patches: it looks like it checksums the process scanning function and the int3 breakpoint scanning function.
i enjoyed this one.
coyote_0x90 on 2019-05-26 02:51:
it looks like the function that throws exceptions is checking for VMWare
Solution by Xor0 on 2019-04-18 18:05: Very nice crackme for someone new like me. A lot anti stuff, but in an easy to find and understand way. Good for learners!