n30np14gu3's Password Keeper

Author:
n30np14gu3

Language:
C/C++

Upload:
2020-03-11 14:36

Download

Platform:
Windows

Difficulty:
3.0

Quality:
4.0

Arch:
x86

Downloads:
9

Size:
17.08 KB

Writeups:
2

Comments:
9

Description

Language: C++ Platform: Windows OS Version : Windows 7,8,8.1,10 Packer / Protector : None Enter correct password for getting flag ;)

Comments (9)
Writeups (2)

You must be logged in to post a comment

korsader on 2020-03-12 14:41: flag = shb{Vir7u41_pr0.3c7_xD} thx!

Terminal_junkie on 2020-03-18 16:49: Been at this for a while. Can you provide some help?

korsader on 2020-03-19 08:56: 83F2 13 XOR EDX,00000013 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] 0345 F0 ADD EAX,DWORD PTR SS:[EBP-10] 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] 3BD1 CMP EDX,ECX 74 25 JE SHORT 00*2145E

LordShy on 2020-03-22 10:05: Some tutorial about how to solve it?

korsader on 2020-03-22 12:05: open crackme ollydbg -F9 - ctrl+G - input: VirtualProtect - enter - break point VirtualProtect - Enter password for decryption- 123456 - enter - ctrl+F9 (ret) - F7 00EF14A7 . 837D C0 10 CMP DWORD PTR SS:[EBP-40],10 00EF14AB . 8D4D AC LEA ECX,[EBP-54] 00EF14AE . 8D45 C4 LEA EAX,[EBP-3C] 00EF14B1 . 0F434D AC CMOVAE ECX,DWORD PTR SS:[EBP-54] 00EF14B5 . 837D D8 10 CMP DWORD PTR SS:[EBP-28],10 00EF14B9 . 51 PUSH ECX 00EF14BA . 0F4345 C4 CMOVAE EAX,DWORD PTR SS:[EBP-3C] 00EF14BE . 50 PUSH EAX 00EF14BF . FF75 90 PUSH DWORD PTR SS:[EBP-70] 00EF14C2 . FF75 8C PUSH DWORD PTR SS:[EBP-74] 00EF14C5 . FF75 98 PUSH DWORD PTR SS:[EBP-68] 00EF14C8 . FF75 94 PUSH DWORD PTR SS:[EBP-6C] * 00EF14CB . FF15 2878EF00 CALL NEAR DWORD PTR DS:[PasswordKeeper.0EF7828];!!!!!!!!!!!!!!! 00EF14D1 . 83C4 18 ADD ESP,18 00EF14D4 . 8D45 9C LEA EAX,[EBP-64] - step(F7) to address: 00EF14CB - F7 00B11170 55 PUSH EBP ; ASCII "l.z" 00B11171 8BEC MOV EBP,ESP 00B11173 83EC 1C SUB ESP,1C 00B11176 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00B11179 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX 00B1117C 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C] 00B1117F 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX 00B11182 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10] 00B11185 8955 F4 MOV DWORD PTR SS:[EBP-0C],EDX - ctrl+F - input: xor edx,13 - search 00B11468 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] 00B1146B 034D F0 ADD ECX,DWORD PTR SS:[EBP-10] 00B1146E 0FBE11 MOVSX EDX,BYTE PTR DS:[ECX] 00B11471 83F2 13 XOR EDX,00000013 00B11474 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] 00B11477 0345 F0 ADD EAX,DWORD PTR SS:[EBP-10] 00B1147A 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] 00B1147D 3BD1 CMP EDX,ECX

x0r19x91 on 2020-03-28 16:53: I don't understand why it's rated 3. It's rating should be 2. Don't get misled by the rating. - fucking_m0rfing

unc4nny on 2021-01-19 13:46: Spent quite a while on this one. Absolutely genius. Lots of techniques used by malware here. It would be absolutely amazing if you could provide the source code for us to study it!

unc4nny on 2021-01-19 13:53: nvm just noticed you put the src on solution :) Great job!

safareto on 2023-08-02 21:15: Hey can anyone explain how the passwords.db file got encrypted? I've been trying to implement my own code in the virtual protection but for some reason it's not working at all because of my encryption method being too different

You must be logged in to submit a writeup

Solution by n30np14gu3 on 2020-03-19 18:42:
[RU] WriteUp + FULL SRC

Download

Solution by jeffli6789 on 2020-03-22 06:17:

Download

crackmes.one

crackmes.one

n30np14gu3's Password Keeper