Upload:
1:56 AM 12/17/2021
Description
Hi there, the rules is on crackme. is not difficult bypass the anti-debugger
but find the key, you'll have to use your neurons...
You must be logged in to post a comment
mucomplex on 5:54 PM 01/09/2022: Password input is bugged. It is not replace inside memory
mstik13 on 8:05 AM 05/19/2022: NiceOne!, that was fun!
db123 on 7:37 AM 06/22/2022: char v15m[16] = { 0x4E, 0, 0x69, 0, 0x63, 0 , 0x65, 0, 0x4F, 0, 0x6E, 0, 0x65, 0, 0x21, 0 };
memcpy(&v15, v15m, sizeof(v15));
char v16m[16] = { 0x2D, 0, 0x5F, 0, 0, 0 , 0, 0, 0x80, 0x50, 0x5D, 0x61, 0xF8, 0x7F, 0, 0 };
memcpy(&v16, v16m, sizeof(v16));
memset(&si128, 0, sizeof(si128));
si128.m128i_i8[0] = (uint8)strlen(username);
si128.m128i_u8[8] = 0x0F;
userpassword[0] = (si128.m128i_i32[0] ^ *(unsigned __int16*)&v15);
userpassword[1] = (si128.m128i_i32[0] ^ WORD1(v15));
userpassword[2] = (si128.m128i_i32[0] ^ WORD2(v15));
userpassword[3] = (si128.m128i_i32[0] ^ WORD3(v15));
userpassword[4] = (si128.m128i_i32[0] ^ WORD4(v15));
userpassword[5] = (si128.m128i_i32[0] ^ WORD5(v15));
userpassword[6] = (si128.m128i_i32[0] ^ WORD6(v15));
userpassword[7] = (si128.m128i_i32[0] ^ HIWORD(v15));
userpassword[8] = (si128.m128i_i32[0] ^ v16.m128i_u16[0]);
userpassword[9] = (si128.m128i_i32[0] ^ v16.m128i_u16[1]);
userpassword[10] = (si128.m128i_i32[0] ^ v16.m128i_u16[2]);
userpassword[11] = 0;
Tomutt on 12:27 PM 08/17/2025: I can't find the part where the username length is assigned to the key calculation logic. Like, "local_38 != (uStack_84 & 0xffff ^ local_50)" the local_50 here, which is supposed to hold username length value. There's no other initialization for that. Thus it's always 0.
Can somebody explain this to me?
You must be logged in to submit a writeup
Solution by dev0:
Thank you bl4ack!
Solution by mstik13:
Thanks for this it was a NiceOne!
Tools Used:
Ghidra, x64dbg