Upload:
4:17 PM 12/03/2021
Description
A relatively easy crackme that I wrote for my colleagues during work, Ping me @FalconPunch in discord server.
bl4ack on 11:42 PM 12/10/2021: the key is: hn
kondeti on 5:35 AM 12/11/2021: Hi @bl4ack, Thanks for trying... The key isn't constant, It's different for every user. It's more of a keygen than a crackme, Should've mentioned that in the description
NoMercy on 5:11 PM 12/11/2021: crackme takes the username of the system and mutates it, so everyone has their own universal key.
example: lolxp3010 - username, nfnML - mutated valid key. thanks for the crackme.
kondeti on 1:41 PM 12/12/2021: @NoMercy, Noice...I should've considered that some usernames have numbers in'em, It hasn't crossed my mind.
Husenjan on 12:59 PM 12/14/2021: Tips to beginners look at the comparison between the two strings.
sophie1p on 4:19 AM 12/16/2021: windows name two, turned into t6f
saw that it does some weird shit to the name but i couldnt really follow what it does after a while lol
xEnsar69 on 12:52 PM 12/20/2021: key: iIgtn
worked for me
Blepperton on 8:30 PM 12/24/2021: i feel harrassed by your encoding algorithm
nikvothe on 6:31 PM 01/21/2022: What is the password for the rar file?
nikvothe on 6:34 PM 01/21/2022: Nevermind... Yes this is my first crackme 😂
ansejrtj on 12:01 AM 02/11/2022: easy..
jinzi0113@163.com on 7:17 AM 10/18/2022: Generates a key based on the computer user name,the key is password, example username is ADMINISTRATOR, key is TsgtOtgtnTtfn
dzh1gurd4 on 7:05 PM 06/06/2023: Interesting crackme, but you forgot to take into account that username can consist not only of Latin letters.
You must me logged to submit a solution
Solution by 7cherubin:
- The program calls GetUserNameA to get the logged on user's name.
- It converts the username into all capitalized letters.
- It generates a key by using each letter of the username as an index, based on its ascii code, against an offset pointer to a secret key string ("ThisIsAStringOfLength26MW2"). *It should be noted that, instead of being a normal sequence of bytes, each letter is offset by four bytes.*
- This aforementioned string begins at the hardcoded address .data.00421084 and is offset by the ascii code of the letter 'A' which is 0x41. Thus, the first letter of the string begins at .data.421000.
- This key is generated *after* the user is asked to provide a key of their own.
- If the user inputs the same key as the one that was generated, the program enters its success branch.
- It should be noted that the program does not take into account usernames that contain characters other than letters since the characters of the secret string correspond only to the ascii characters of the capitalized letters. Thus, any other character in the username would point to randomized memory *around* the secret string.
Solution by mstik13:
the program makes a key based on your computer logged username, it also have a table Hardcoded, after the program get the username it convert it to uppercase, then it use it to index the table, also the table get "decrypted" before it usage, after this, it finally build a key based on that.
for (int i = 0; i