Crackmes

Author:
n30np14gu3

Language:
C/C++

Upload:
2:36 PM 03/11/2020

Download

Platform
Windows

Difficulty:
3.0

Quality:
4.0

Arch:
x86

Description

Language: C++ Platform: Windows OS Version : Windows 7,8,8.1,10 Packer / Protector : None Enter correct password for getting flag ;)

Comments
Solutions

korsader on 2:41 PM 03/12/2020: flag = shb{Vir7u41_pr0.3c7_xD} thx!

Terminal_junkie on 4:49 PM 03/18/2020: Been at this for a while. Can you provide some help?

korsader on 8:56 AM 03/19/2020: 83F2 13 XOR EDX,00000013 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] 0345 F0 ADD EAX,DWORD PTR SS:[EBP-10] 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] 3BD1 CMP EDX,ECX 74 25 JE SHORT 00*2145E

LordShy on 10:05 AM 03/22/2020: Some tutorial about how to solve it?

korsader on 12:05 PM 03/22/2020: open crackme ollydbg -F9 - ctrl+G - input: VirtualProtect - enter - break point VirtualProtect - Enter password for decryption- 123456 - enter - ctrl+F9 (ret) - F7 00EF14A7 . 837D C0 10 CMP DWORD PTR SS:[EBP-40],10 00EF14AB . 8D4D AC LEA ECX,[EBP-54] 00EF14AE . 8D45 C4 LEA EAX,[EBP-3C] 00EF14B1 . 0F434D AC CMOVAE ECX,DWORD PTR SS:[EBP-54] 00EF14B5 . 837D D8 10 CMP DWORD PTR SS:[EBP-28],10 00EF14B9 . 51 PUSH ECX 00EF14BA . 0F4345 C4 CMOVAE EAX,DWORD PTR SS:[EBP-3C] 00EF14BE . 50 PUSH EAX 00EF14BF . FF75 90 PUSH DWORD PTR SS:[EBP-70] 00EF14C2 . FF75 8C PUSH DWORD PTR SS:[EBP-74] 00EF14C5 . FF75 98 PUSH DWORD PTR SS:[EBP-68] 00EF14C8 . FF75 94 PUSH DWORD PTR SS:[EBP-6C] * 00EF14CB . FF15 2878EF00 CALL NEAR DWORD PTR DS:[PasswordKeeper.0EF7828];!!!!!!!!!!!!!!! 00EF14D1 . 83C4 18 ADD ESP,18 00EF14D4 . 8D45 9C LEA EAX,[EBP-64] - step(F7) to address: 00EF14CB - F7 00B11170 55 PUSH EBP ; ASCII "l.z" 00B11171 8BEC MOV EBP,ESP 00B11173 83EC 1C SUB ESP,1C 00B11176 8B45 08 MOV EAX,DWORD PTR SS:[EBP+8] 00B11179 8945 E8 MOV DWORD PTR SS:[EBP-18],EAX 00B1117C 8B4D 0C MOV ECX,DWORD PTR SS:[EBP+0C] 00B1117F 894D E4 MOV DWORD PTR SS:[EBP-1C],ECX 00B11182 8B55 10 MOV EDX,DWORD PTR SS:[EBP+10] 00B11185 8955 F4 MOV DWORD PTR SS:[EBP-0C],EDX - ctrl+F - input: xor edx,13 - search 00B11468 8B4D F8 MOV ECX,DWORD PTR SS:[EBP-8] 00B1146B 034D F0 ADD ECX,DWORD PTR SS:[EBP-10] 00B1146E 0FBE11 MOVSX EDX,BYTE PTR DS:[ECX] 00B11471 83F2 13 XOR EDX,00000013 00B11474 8B45 14 MOV EAX,DWORD PTR SS:[EBP+14] 00B11477 0345 F0 ADD EAX,DWORD PTR SS:[EBP-10] 00B1147A 0FBE08 MOVSX ECX,BYTE PTR DS:[EAX] 00B1147D 3BD1 CMP EDX,ECX

x0r19x91 on 4:53 PM 03/28/2020: I don't understand why it's rated 3. It's rating should be 2. Don't get misled by the rating. - fucking_m0rfing

unc4nny on 1:46 PM 01/19/2021: Spent quite a while on this one. Absolutely genius. Lots of techniques used by malware here. It would be absolutely amazing if you could provide the source code for us to study it!

unc4nny on 1:53 PM 01/19/2021: nvm just noticed you put the src on solution :) Great job!

safareto on 9:15 PM 08/02/2023: Hey can anyone explain how the passwords.db file got encrypted? I've been trying to implement my own code in the virtual protection but for some reason it's not working at all because of my encryption method being too different

crackmes.one

crackmes.one

n30np14gu3's Password Keeper