4epuxa on 5:05 PM 02/20/2021: Create .KEY file without name and enter into 0x99 0x43
pranav on 6:09 AM 02/21/2021: 4epuxa just 2 numbers?
4epuxa on 9:09 AM 02/21/2021: pranav Yes, because the dividend is 0xCF and 0xFF, and then there are zeros. We need these two numbers to be divisible and the remainder is 0x36. We divided them and received the remainder of 0x36, and since we have more than 0x00, the program simply transfers them to the message of successful registration
Scopes on 1:50 PM 02/24/2021: just jmp to loc_401703
pranav on 2:45 PM 02/24/2021: Scopes how did you do that? Did you patch the crackme?
ragnar_crackbeard87 on 1:08 PM 02/25/2021: Hello. Are there anti-debugging tricks involved? I don't seem to see any but if I try to debug this in say x32DBG or ollydbg it won't properly run.
I see there are new threads being created but in x32DBG for example it never returns from a simple call to Sleep.
@ 0x00401675 it calls sleep, as shown in this picture but if I hit step over, it exits the program. And doesn't run as it does when not in a debugger.
https://imgur.com/a/QMm8PxD
pranav on 3:47 PM 02/25/2021: ragnar_crackbeard87 yes, there are anti debugging/patching implemented. You can disable it if you wanted, although it is not preferred. You are generally expected to use static analysis to reverse the crackme
ragnar_crackbeard87 on 5:07 PM 02/25/2021: Okay, pranav.
I see where to do it. But I can't figure out exactly what byte is being read and returned during the calls to fread when it reads the AUTH and KEY files. I'll keep trying to do it with IDA.
However, could you tell me which tricks are utilized so I could google them and practice removing them for future scenarios, please?
ragnar_crackbeard87 on 7:40 PM 02/25/2021: pranav, I got the answer. My first crackme back after quite awhile so my brain didn't realize to check the auth file for myself and to write a binary file for my answer. Not just put my answer into a regular txt file lol.
Thanks!
I'd still like to know how to reverse the anti-debugging tricks if you could teach me!
pranav on 1:49 AM 02/26/2021: ragnar_crackbeard87 well, you have to follow the thread start after printing InitialChecks.. It's actually an anti patching mechanism, you have to prevent it from executing. For more details, join the website discord server and find me as PranavAppu007.
ali0gamer on 6:51 PM 03/03/2021: This is really easy just create two files:
.key and .auth, then put '\0' in the .auth and run the program.
pranav on 4:30 AM 03/04/2021: ali0gamer well if it's really easy then generate a valid .key file instead of patching the .auth file. You were actually supposed to do that, although I'll allow patching on .auth for now
pranav on 4:31 AM 03/04/2021: It is intended to me a keygenme
ali0gamer on 6:27 AM 03/04/2021: Ok. Thank you for the challenge.
mohammadali on 4:11 PM 03/14/2021: hey man i just wanted to reply for what u said to me on:
https://crackmes.one/crackme/6043d8b833c5d42c3d016d32
thanks, and dont give a fuck about people saying ur doing things bad and wtf, just be u man, i honestly would love to reverse engineer executables like the way u do, but i have a lot of problems with my ida and idk, i just like patching. good job on what u did, i am posting this here i figure u will at least may read what ppl cmnts so here i am, i dont have a discord account but we can chat on a mail of mine, ill send u my telegram account.
mohammadali on 4:14 PM 03/14/2021: and im targeting your crackmes for a while, when i patch them ill comment the link of the patched version on a post of yours, but im kinda busy college shit and a lot of math homeworks , so ill start next week. just track my comments to a github link and then youll find my email, have a nice day now !
mohammadali on 4:16 PM 03/14/2021: ill be looking for a reply here so just type something to make sure u read them :)
pranav on 2:53 AM 03/15/2021: thanks!.. Well, you can join the discord server, and I'm there along with a very good community. It's fun!
pranav on 2:55 AM 03/15/2021: Me too, didn't have a discord account at first, but it's worth it. I'm also kinda busy, so I'll email you when I get time.
mohammadali on 3:52 AM 03/15/2021: okay ill give it a try !!