toaster's VIP_access

Author:
toaster

Language:
C/C++

Upload:
2019-06-13 13:38

Download

Platform:
Windows

Difficulty:
2.3

Quality:
4.0

Arch:
x86

Downloads:
67

Size:
795.00 KB

Writeups:
2

Comments:
20

Description

This is a console application where you want to find a way to access the vip membership. The thing is, that you are not in the vip membership unless your name is on the vip list and you have the vip code of the person. Anyway, if you succeed, you'll have a simple art image on the screen! good luck! And oh, by the way, the code may be encrypted there.

Comments (20)
Writeups (2)

You must be logged in to post a comment

toaster on 2019-06-16 17:36: By encrypted code i meant the VIP code

HN1 on 2019-06-16 17:51: [Click to reveal]

HN1 on 2019-06-16 17:54: Very easy crackme! Well anyway it was interesting! So thank you for another crackme!

HN1 on 2019-06-16 18:24: [Click to reveal]

toaster on 2019-06-16 19:38: Thanks! The reason why I posted it is because I couldn't do it by myself. I'm using x64dbg, im a beginner, and when im debugging the file I managed to find only the input string, initial names and vip codes but not the decrypted codes. Can you explain how you found it in the solutions/comment please?

HN1 on 2019-06-16 19:48: This function 00401AA0 is responsible for encryption and decryption of the VIP key. And so, you put breakpoint on the address of the function 00401CF0 and in the EDX register the address will be not encrypted code, then go to the dump, and there after the execution of the function 00401CF0 in the dump you will see how the code has changed.

cqpwx on 2019-06-24 15:28: [Click to reveal]

gerbik on 2019-07-09 02:56: Why are there so many functions in this program? There are over 2000 functions, but it looks like most of them do things like check for exceptions or do very small operations like moving registers around. Is this IDA not functioning correctly or just the a byproduct of the compiler?

DrSpawn on 2019-09-25 14:08: Subject can be patched a little bit. vip_access_me.exe 000B680F:0F-90 000B6810:84-90 000B6811:BF-90 000B6812:03-90 000B6813:00-90 000B6814:00-90

illQuo on 2019-10-03 14:23: This needs to at least be a medium. I need someone to write a write up of every step on how they solved it. Forever stuck.

va1erk on 2019-10-04 15:47: Can you help me by steps how to "crack" this program?

b1h0 on 2019-10-05 14:51: Only works VIP Codes for user joe and monkey. The function that really matters to us. The one that decrypts the VIP Code. It is in the address **00401CF0**. Just put a breakpoint at address **00401D67** and check that it is what is loaded into the **EAX** register that contains the memory address where the **VIP CODE** is. My solution in Github. https://github.com/gabimarti/crackmes-solutions/tree/master/crackmes.one/toaster-VIP_access_me

juansacco on 2019-10-10 13:49: [Click to reveal]

niros on 2019-11-12 19:09: Are you a vip member? (y/n): y What is your name?: joe Please enter your vip code: f5gz51xyxy6ggj96j1mlgz21j Welcome vip member joe! ####################################### # _ # # -=\`\ # # |\ ____\_\__ # # -=\c``) # # `~~~~~/ /~~` # # -==/ / # # # ####################################### Press any key to continue . . . Are you a vip member? (y/n): y What is your name?: monkey Please enter your vip code: iyi922jyjyjy2o6gd2l6g89x6 Welcome vip member monkey! ####################################### # _ # # -=\`\ # # |\ ____\_\__ # # -=\c``) # # `~~~~~/ /~~` # # -==/ / # # # ####################################### Press any key to continue . . .

ayushdosaj on 2019-12-14 12:20: yay! solved.

droireas on 2020-02-20 16:38: Here is a video solution walkthrough that I have created: https://www.youtube.com/watch?v=M265OsQl8Js

Slaktaren on 2020-09-26 21:00: This is not "Very Easy". However, very fun one. The users and the encrypted passwords are quite obvious how to get. But I had trouble finding where and how encryption/decryption was done. I checked the youtube video above, but honestly, that didn't really explain much. I was only using x32dbg at first but I installed Ghidra later which helped a lot. I found a place where it compares the lengths of the input password and of the decrypted password. If you have the same length, then it came to a memcmp call comparing the passwords. That was enough to convince me that I understood how to solve this.

askuytr78 on 2022-04-02 12:12: Are you a vip member? (y/n): y What is your name?: joe Please enter your vip code: f5gz51xyxy6ggj96j1mlgz21j Welcome vip member joe! ####################################### # _ # # -=\`\ # # |\ ____\_\__ # # -=\c``) # # `~~~~~/ /~~` # # -==/ / # # # #######################################

PopaCracker on 2022-06-30 14:56: Дмитрий, я вас взломаю. Довольно изичный кряк

PopaCracker on 2022-06-30 15:10: MOV DWORD PTR SS:[ESP+4],4BC078 Here

Show all spoilers

You must be logged in to submit a writeup

Solution by b1h0 on 2019-10-05 14:48:
The function that really matters to us. The one that decrypts the VIP Code. It is in the address **00401CF0**. Just put a breakpoint at address **00401D67** and check that it is what is loaded into the **EAX** register that contains the memory address where the **VIP CODE** is. But only works VIP Codes for user joe and monkey.

Download

Solution by Stingered on 2020-03-12 22:33:
Solution in .TXT format, for D/L. Ciao, Stingered

Download

crackmes.one

toaster's VIP_access_me