ttlhacker's hard

Author:
ttlhacker

Language:
Unspecified/other

Upload:
2019-06-01 14:06

Download

Platform:
Unix/linux etc.

Difficulty:
5.0

Quality:
4.0

Arch:
x86-64

Downloads:
45

Size:
52.12 KB

Writeups:
2

Comments:
14

Description

Another x64 Linux crackme. Reads input from stdin and tells you if it's correct or not after thinking about it for a second or so. Most of the binary was generated by a custom tool. While it's quite large, it doesn't contain any dead code or unused variables. It also doesn't have anti-debugging features, doesn't play weird games with exception handlers, doesn't modify itself and doesn't even have much control flow to speak of. I'm pretty sure it'll be an absolute nightmare to analyze despite this. And I don't think dynamorio will be of much help with this one. ;)

Comments (14)
Writeups (2)

You must be logged in to post a comment

s4r on 2019-06-04 08:04: I hope I'll have time to solve it soon. Looks really complex!

pinnn on 2019-06-07 07:39: Nice! It's been a long time since there was a difficult task.

Zibri on 2019-06-10 14:42: I would love to have your email, ttlhacker.

ttlhacker on 2019-06-10 17:09: You can reach me at this email, Zibri: 74746c6861636b6572406f75746c6f6f6b2e636f6d (hex ascii to keep the spammers out)

x0r19x91 on 2019-06-13 11:58: Highly obfuscated.Got to analyze closely

ttlhacker on 2019-06-29 11:51: Did anyone give this a try yet? If so, I'd love to hear about your progress. And don't hesitate to ask for hints if you're stuck. You can reach out to me via email (ascii 74746c6861636b6572406f75746c6f6f6b2e636f6d) or just leave a comment here.

ker2x on 2019-07-05 20:50: at first glance it feel like it have an obfuscated VM/bytecode. something tricky like the movfuscator

4aca7f6c on 2019-07-06 12:27: [Click to reveal]

pinnn on 2019-07-25 05:07: Very nice crackme! SHA256(password) = 2acf092bf4e0443bed953f1105aafcf15b3691d9b60b8f14959c7946b33ddcdfafed2d09a522cced8afe270b4bc07d546bfcac7e949c3cef9161de9aa7cac731 It's not as hard as I thought at first. My solution coming soon. My solution will be soon.

pinnn on 2019-07-25 05:09: It not sha256, its sha512)

ttlhacker on 2019-07-25 13:21: Very nice, 4aca7f6c and pinnn! I've read your solution, 4aca7f6c, it's just great! Can't wait to read yours as well, pinnn.

4aca7f6c on 2019-07-25 21:18: Thanks @ttlhacker! I'm also looking forward to reading your solution @pinnn... I would love to know the best way to crack this.

pinnn on 2019-07-27 05:33: Check @4aca7f6c solution. Very detailed and nice! My solution is like black box. I found input and output and then guess operation.

4aca7f6c on 2019-07-27 21:30: Thanks @pinnn! I read yours, and it's the third time recently I've had someone talk about pintool. I think I need to learn about it (and dynamorio)!

Show all spoilers

You must be logged in to submit a writeup

Solution by 4aca7f6c on 2019-07-11 12:12:
Tarball containing only text files: a written solution and some accompanying python scripts.

Download

Solution by pinnn on 2019-07-25 19:28:
My way to solve this unusual crackme. If something unclear, fell free to contact me. And big thanks to ttlhacker!

Download

crackmes.one

crackmes.one

ttlhacker's hard_software