crackmes.one

7eRoM's 1st one challenge

Author:
7eRoM

Language:
C/C++

Upload:
6:32 PM 05/11/2019

Level:
2

Platform
Windows

Description

Find the password!

HN1 on 12:10 AM 05/23/2019: Found the password: - Password any special characters!

7eRoM on 11:10 AM 05/24/2019: It`s a specific word. Hint: When you see "Congratz!", you are right!

coyote_0x90 on 6:32 PM 05/24/2019: spoiler alert "Simple?" It cleverly sends us on a wild goose chase if a debugger is attached. I'm not sure how this debugger detection works yet, but if it is detected, then it runs different code that accepts all kinds of passwords that include chars over 128 and prints "You did it!"

Kesaya on 12:19 PM 05/25/2019: The detection is done via the Win32 Thread Information Block (fs:[18]) which accesses offset +30 (Process Environment Block) from which offset +2 is accessed (BeingDebugged Field). The value is written in esp+14 which is later checked and then either one of the two code blocks is executed.

7eRoM on 2:45 PM 05/25/2019: @coyote_0x90 Congratz!

7eRoM on 2:46 PM 05/25/2019: @Kesaya You are totally right!

7eRoM on 2:48 PM 05/25/2019: For more information about how hidden strings has been generated: https://github.com/7eRoM/Ftring