Xor0's xor0_crackme

Author:
Xor0

Language:
Assembler

Upload:
2019-05-01 21:53

Download

Platform:
Windows

Difficulty:
3.0

Quality:
4.0

Arch:
x86

Downloads:
20

Size:
25.71 KB

Writeups:
1

Comments:
14

Description

helper.dll MD5 - 55B4C36AE11AE887514FEF98012DD4E8 WhichKeyIsIt.exe MD5 - CBF9019FAA580D7203493862AA420CF5 My first crackme!! I hope you enjoy it!

Comments (14)
Writeups (1)

You must be logged in to post a comment

HN1 on 2019-05-05 10:30: [Click to reveal]

Xor0 on 2019-05-06 01:31: nice HN1, you got 1. Can you solve the other 6?

HN1 on 2019-05-07 04:31: Xor0, yes!

pezi_pink on 2019-05-13 17:06: I had a go at this and wrote some of it up here, thanks! http://pinksquirrellabs.com/blog/2019/05/08/reversing-xor0-crackme-1/

topside844 on 2019-05-14 06:32: Wow, this was fun Xor0! Obviously, there's a different crack for each day of the week. Sunday's answer is provided by HN1. Here is a working solution for Monday: Username: MyUsername Serial: A10-57617274-686F68 Keyfile: https://www.dropbox.com/s/u0fezx00msic0tw/xor0.rox?dl=0 The important parts of the keyfile are the following: bytes[0-3] = LittleEndian(0xDEADC0DE) bytes[4] = Username[4] ^ Serial[5] = 0x46 bytes[27-31] = 0xFACE0FB ^ (bytes[4] * SUM(bytes[5-31])) As you can see, the sum of bytes 5-31 "SUM(bytes[5-31])" is used in the formula to create bytes 27-31. I therefor decided to create a "dummy sum" based on bytes[5-26] all being 0xFF while bytes[27-31] are 0x00. This "dummy sum" ends up being 0x16E9. Then, when I calculate the correct value for bytes[27-31], I then subtract values from bytes[27-31] so that the sum of bytes[5-31] still adds up to this "dummy sum" of 0x16E9. Looking forward to diving into tomorrow's key.

topside844 on 2019-05-14 07:36: Tuesday Solution: Username: MyUsername Serial: T10-1129

ifyGecko on 2019-05-16 04:25: @topside844, your explanation for the Monday key has me lost. The way I am reading it face0fb0==(sum(byte[5-31])*byte[4])^dword[0x1000e39c]. dword[0x1000e39c] being the last 4 bytes of the file i.e byte[28]-byte[32]. I am not seeing how or why byte[4] is defined in terms of username[] and serial[] being xor'd together in your explanation or was this just an arbitrary decision? Could you or anyone chime in? My assembly skills are rather weak so I may just be lost in the woods and do not even know it.

ifyGecko on 2019-05-16 04:26: Correct, i meant byte[27]-byte[31] as being the dword

ifyGecko on 2019-05-16 06:01: disregard my entire question, I just can't do basic math. Thanks for the comment @topside844.

Zediken on 2019-05-16 13:57: what is the password of the .rar file ? please..

Xor0 on 2019-05-20 03:47: I'm glad you guys liked it. It was a lot of fun to code. Next one will not be as straight forward ;-)

LucaC on 2019-06-25 12:41: Easy to crack, hard (for me at least) to create a Keygen! (I see you're a fan of HASHEREZADE tho.)

HempDay420 on 2019-10-18 21:35: can someone say me a solution how to crack it :) would be nice i tried make Breakpoint at MessageBoxW and gone back to return but only found a call ecx?

fondra on 2020-03-25 14:36: @HempDay420 breakpoint on DLL load. once helper.dll is loaded navigate to the start of the .text section in the debugger memory map, breakpoint there.

Show all spoilers

You must be logged in to submit a writeup

Solution by bagolymadar on 2019-06-03 01:49:
2019-06-03: Looks like nobody wants to do solutions. Xor0: I think you made a mistake here. Look at image 23.

Download

crackmes.one

crackmes.one

Xor0's xor0_crackme_1