nextco's Crackme 5 by @rextco



10:08 AM 04/09/2019




# Crackme 5 by @rextco Target: Get a valid password Have fun RE

c0b01d on 7:41 AM 04/16/2019: Am I missing a part, or is it not working with an unpatched version? Here is the password (base64 encoded to not spoil anyone) I found: IWJyZWFrJA==

Xor0 on 5:47 AM 04/18/2019: That's a lot of anti debug and anti VM :-) Nice challenge though having to learn about those things. Was good for me to solve. Thanks!

c0b01d on 3:42 PM 04/18/2019: So did I miss like the very last part of the password? Because it looks like when I run the executable w/o a debugger attached it also triggers the anti debugger function and returns the error message

Xor0 on 6:00 PM 04/18/2019: c0b0ld - Make sure you don't have firefox running. For some reason it checks that as one of the running processes to fail on. Also, all your tools, like IDA and such should be closed.

c0b01d on 9:34 PM 04/18/2019: Thanks - firefox made it fail :)

nextco on 10:17 PM 04/20/2019: @Xor0 Congrats! You achieved the main objectives. Note for new solvers [*] Look at some random antidebug tecniques. [**] Try to bypass/understand simple hash functions.

coyote_0x90 on 7:56 PM 05/25/2019: I finally found it as well. it looks like it checks for debuggers attached, checks that an exception that it triggers gets handled properly (i'm curious what this is looking for?), scans the processes running looking for known ones like IDA, and checks for int 3 breakpoints. it checksums some of these protection functions to look for patches: it looks like it checksums the process scanning function and the int3 breakpoint scanning function. i enjoyed this one.

coyote_0x90 on 2:51 AM 05/26/2019: it looks like the function that throws exceptions is checking for VMWare