Snowball on 9:56 PM 01/22/2021: Is it expected that we reverse without a decompiler like IDA's. I'm currently trying to solve it in assembly, and a specific function is currently troubling me due to what looks like floating point stuff
pranav on 2:35 AM 01/23/2021: Yes, there is a small mathematic equation for randomization.. Message me at PranavAppu007 on discord if you want help..
pranav on 2:44 AM 01/23/2021: You might want to use a tool tho, I think it's a little big to handle without a tool, but then again if you are a pro then you can handle
Snowball on 12:48 PM 01/23/2021: Thanks a lot for the reply. I'll keep trying in pure assembly, and I am currently studying floating point calculations in assembly for the first time, so if I am still stuck after studying, then I'll contact you. Thanks for an interesting challenge so far!
Snowball on 12:49 PM 01/23/2021: I am using IDA though (Just not their C - decompiler)
idoed on 1:34 PM 01/23/2021: i cant unzip it because it request password. is it part of the challenge?
pranav on 2:55 PM 01/23/2021: Well, for all crackmes in this website, they add their on password, which is crackmes.one. Check FAQ.
4epuxa on 1:17 AM 01/26/2021: 3313 answer
pranav on 1:57 AM 01/26/2021: 4epuxa not really, it generated the number randomly, so the solution is just explaining how you cracked it. Post it in the solutions.
4epuxa on 4:57 AM 01/29/2021: pranav i did it
4epuxa on 5:24 AM 01/29/2021: But during the analysis crackme didnt want to run and also there were some endless loops or what? Could you please tell me about anti-debugging you have used?
mohammadali on 11:08 AM 01/29/2021: i am actually working on a way to patch all the crackmes, if any one wants to help please mail me at zakazeke8@gmail.com , i am planning to patch every crackme by building another executable that do api hooks, so that when an specific api function is called in the crackme, the hook will be triggered and we will place our code after, i got some nice ideas :) any help ?! plz (c/cpp project)
pranav on 2:39 PM 01/29/2021: 4epuxa join on the discord server and look for PranavAppu007..
pranav on 2:40 PM 01/29/2021: mohammadali wow that is some hard stuff! could you please explain using an example?
4epuxa on 7:20 PM 01/29/2021: What a discord server? Could you please help me?
pranav on 2:58 AM 01/30/2021: https://discord.gg/2pPV3yq
open this link and you can join crackmes discord server.. I'm inside that( you might want to create an account..)
mohammadali on 4:36 AM 02/02/2021: @pranav: example:
/*
** Simple MessageBoxA hook using the classic 5 byte relative jump technique without a trampoline.
** Instead of bypassing the hook in the proxy function when passing execution to MessageBoxA, we
** will simply re-write the original bytes, unhooking the function.
*/
#include
#include
#pragma comment(lib,"user32.lib")
char saved_buffer[5]; // buffer to save the original bytes
FARPROC hooked_address= NULL;
// The proxy function we will jump to after the hook has been installed
int __stdcall proxy_function(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
std::cout
mohammadali on 4:39 AM 02/02/2021: @pranav : sorry i didnt know there is a limits in the comments
you can view: https://github.com/jayo78/basic-hooking/blob/master/hook_v1.cpp to see what i am talking about
although this code hooks from inside the same process, we can do more work to make it a (global api hook). so then we can hook function(s) called by crackme.exe and place our function(s) instead
pranav on 5:53 AM 02/02/2021: mohammadali I couldn't completely understand what is going on in hook installation.. But I can see that you have modified MEssageBoxA function with a jump to some custom function, so that if you call MessageBoxA your function will be called. Also, is your project working on crackmes? Have you tried it with my crackme?
mohammadali on 12:51 PM 02/03/2021: that is what i mean, i need more time, idk there is a crackme with messagebox to show the password. i can hook printf() or strcmp() or strlen() ... but in the example on github the hook was to replace the function in the same process. hooking in a different process is a whole different thing. you can google it, it is called global api hooks. this way i can run an api monitor on the crack me, get the api calls, and hook the interesting calls. but i need help!
juansacco on 9:26 AM 02/14/2021: __int16 *result; // eax
double input_key; // [esp+10h] [ebp-8h]
if ( !byte_406034 )
{
real_key = real_key * 10000.0;
byte_406034 = 1;
}
input_key = (double)*a1;
if ( real_key
juansacco on 9:27 AM 02/14/2021: Enter the secret number5837
Success! You have completely reverse engineered and found the secret number!
MaxP on 3:06 PM 02/22/2021: I'm stumbling over this loop:
00401844 | 0FB745 F0 | MOVZX EAX,WORD PTR SS:[EBP-0x10]
00401848 | 66:85C0 | TEST AX,AX
0040184B | 75 F7 | JNE findmysecret.401844
Why isn't that an infinite loop? The data copied to EAX should be constant, so the jump condition should never change. But it does after roughly 30 rounds, and it also changes the random number stored at 0x4063E8. Why and how?
pranav on 3:50 PM 02/25/2021: MaxP unless ebp-0x10 is accessible from another thread..
bus@cu on 7:47 PM 02/28/2021: I sent my solution on February 5th and it is not yet validated???
mohammadali on 4:36 PM 03/14/2021: i coundnt resist and here u go : https://github.com/ORCA666/patched-files/tree/main/pranav's%20FindMySecret
puelo on 4:11 PM 06/27/2021: int timestamp = time();
rndNumber = (timestamp % 50) / 50; (until rndNumber 0.0)
int i = 5;
while (i != 0) {
rndNumber = (1.0 - rndNumber) * 3.8 * rndNumber;
i--;
}
puelo on 4:13 PM 06/27/2021: forgot at the end: rndNumber = floor(rndNumber * 10000);
Adherty on 11:53 PM 12/26/2022: Indeed, the estrogen level in the peripheral blood in premenopausal women is higher compared with postmenopausal women 44 cialis pills for sale They are can doxycycline hyclate 100mg cause erectile dysfunction neither the acupuncture points of the Meditation Apps For Erectile Dysfunction can doxycycline hyclate 100mg cause erectile dysfunction human body nor the method of moving blood through luck