juansacco's ExploitPack-Challenge



12:00 PM 11/01/2019




Find the correct serial number to win the challenge! This crackme implements some basic protections to get you warm up :-) Rules: - Patched is not allowed! - Have fun!

madlogik on 2:02 PM 11/13/2019: So I found the flag when doing the disassembly, and it works when I hit the button... but I had to patch the exe to get through the IsDebuggerPresent and the other conditional jump above it. (and that is not allowed)... I'm assuming that security cookie must be a file it looks for ... potentially with those 25 numbers strings in it... but I would appreciate some help on how to truly understand it . Thanks a lot!

juansacco on 6:50 PM 11/13/2019: To bypass for example isdebuggerpresent without patching you can use conditional breakpoints for example, great job madlogik!

coyote_0x90 on 8:06 AM 11/14/2019: I found the flag, but I also had to patch out some conditional jumps. There's a check in the WNDPROC of the window for WM_COMMAND, and when it processes that message, it checks if some functions are 0 instead of calling them and checking the return value. dMsg = Msg; if ( Msg 0x10 ) { if ( dMsg != 0x111 ) // dMsg != WM_COMMAND return DefWindowProcW(hWndParent, Msg, wParam, lParam); set_rf_debug_resume_flag_func(); check_debug_registers_func(); if ( sub_401210 || sub_401160 ) // have to patch this out { MessageBoxA(hWndParent, "Try harder! Muahahahaha..", "Exploit Pack -", 0x40u); exit(0); } v65 = (unsigned __int16)wParam; if ( (unsigned __int16)wParam == 100 ) { // ... } }

madlogik on 7:59 PM 11/14/2019: Thanks a lot juansacco and coyote_0x90. I'll move on for now, but will come back here to see if someone has a solution that has no patching involved.

rmfla on 1:31 AM 11/17/2019: Thanks

drunkenmyno on 11:40 AM 11/21/2019: May i'am wrong but should this application be buffer overflowed to change the window handle ?

omniarepair on 8:02 AM 11/23/2019: Patching saves you lots of time :)

juansacco on 8:33 PM 12/18/2019: It's not a buffer overflow as someone said below! But a crack-me and indeed you can use conditional debuggers to avoid some protections! Glad you like this one!

hlvd on 6:19 AM 12/19/2019: How can I unzip this file? Has any password shared for me?

Vadym on 10:03 AM 12/21/2019: Lets look here about archive password

0xC0FFEE on 8:31 PM 12/24/2019: I found the flag without the correct serial number? Is there a right way that involves the serial numbers?

mrT4ntr4 on 5:22 AM 01/20/2020: Tricks ;)