mohammadali on 12:00 PM 03/22/2021: well, i took a look, your calling isdebuggerpresent and placing a anti-patching tech that will put 1 in case of a debugger detected, and you'll compare it later, i think you did the same thing for -i / -u ... ill crack it later, i have some math homeworks to do rn so no re for a while :(
pranav on 5:20 AM 03/23/2021: hey! Well there is a lot of stuff in it! Make sure you read the Readme fully.
mohammadali on 9:25 AM 03/24/2021: i was able to disable the anti-debugging and the "-i" parameter, now when you run it, it will ask u directly about the key, but im stuck in a part that it will exit after entering the key, i cant figure out where is the "success message", not because its encrypted, but because there is a strange loop at some point after asking for the key that will exit although there is no such call to exit !!!
mohammadali on 9:29 AM 03/24/2021:
0040190E |. A1 2C824000 MOV EAX,DWORD PTR DS:[] ; |
00401913 |. FFD0 CALL EAX ; \MSVCRT._beginthread
00401915 |. 90 NOP
00401916 | 0FB705 367040 /MOVZX EAX,WORD PTR DS:[407036]
0040191D |. 66:85C0 |TEST AX,AX ; it is stipping into test ax,ax
00401920 |.^ 74 F4 \JZ SHORT 00401916
00401922 |. A1 08404000 MOV EAX,DWORD PTR DS:[404008] ; ASCII "cv2pr"
mohammadali on 9:37 AM 03/24/2021: it is using calling printf but when it does it is exiting, thats why its not printing "enter the key", even though when i run it inside ida it did show the message, and running it directly will show the same message, idk what is happening
mohammadali on 9:39 AM 03/24/2021: here is the link, post an issue, or contact me via mail on github, cz i really want to figure it out :)
https://github.com/ORCA666/patched-files/tree/main/pranav's%20SecureSoftware%20v1.5
pranav on 5:36 PM 03/25/2021: mohammadali Are you sure you defeated all the anti-debugging protections?? :wink:
pranav on 5:39 PM 03/25/2021: also try to get a real key in addition to patching it, so that the key works in an unpatched version... And for others no the patching doesn't count as a solution
mohammadali on 3:45 AM 03/26/2021: @pranav okay my man, we'll see, ill be trying couple of days later cz i have some tests and i dont want to mess up, but try my crackme ? its level 4 but i think it is level 3 or something in between, if you cracked that ill crack this :|
4epuxa on 12:29 PM 03/28/2021: This is your hardest crackme, it's great! The main difficulty for me is a bunch of variables. Quite interesting counts of auth file integrity and function integrity counts. Overall, crackme was a success! Generating a password is not too complicated, the most difficult thing is to understand what is happening where what is changing.
Success! The program has been unlocked!
kondeti on 7:18 AM 04/14/2021: A very nice crackme, I have written a keygen which works for me. I will try to submit the solution when i got some spare time. You can find keygen(in python) at below link.
https://pastebin.com/Dmsmg1Ta
pranav on 9:16 AM 04/19/2021: thank you @giacomo270197 for your comprehensive solution. One of the best solution write ups I have ever read.
puelo on 9:32 PM 06/29/2021: Again a very nice crackme. I've solved it statically, but with a decompiler. My solution in the end was to only replace two bytes inside the authdata file. Settings the first to the calculated/needed byte and the second one to 0x00, so that the check at the end would only consider this one byte. I also updated the checksum, which wasn't too bad after understanding how it is calculated.
DeadShot on 7:19 PM 07/26/2021: Solved using full static analysis, by doing so I also learned about anti-debugging techniques used, anyway very good challenge and definitely a lot easier than mentioned.
ReedOnly on 4:59 PM 06/14/2022: Solved with static and dynamic analysis, including anti-debugging bypassing.