RedXen's C File CrackMe

Author:
RedXen

Language:
C/C++

Upload:
2022-07-25 13:05

Download

Platform:
Windows

Difficulty:
1.4

Quality:
3.4

Arch:
x86

Downloads:
7

Writeups:
0

Comments:
14

Description

A CrackMe written in C that uses a file for authentication.

Comments (14)
Writeups (0)

You must be logged in to post a comment

xlISinner on 2022-08-10 23:48: W269N-WFGWX-YVC9B-4J6C9-T83GX at data:00404004 _password

shadow299 on 2022-08-11 08:07: Easy one. just put the key in that bin file. if yo want to change the password just edit the memory.

mohamed_haroon on 2022-09-09 21:45: password is V2VsbCBkb25lISBUaGlzIGFwcGxpY2F0aW9uIHdhcyB3cml0dGVuIGluIHB1cmUgQywgYW5kIHlvdSBjcmFja2VkIGl0Lg==

mohamed_haroon on 2022-09-09 21:52: W269N-WFGWX-YVC9B-4J6C9-T83GX

ShadowCracker on 2022-09-14 01:29: this app open password.bin file with rb mode and check content with W269N-WFGWX-YVC9B-4J6C9-T83GX .:)

sweety on 2022-09-19 14:46: data - 0x404004 | _password password - W269N-WFGWX-YVC9B-4J6C9-T83GX

juniorrumiche on 2022-09-27 17:19: password=W269N-WFGWX-YVC9B-4J6C9-T83GX using xdbg go to 00401576 go change jne to je.... also using hex workshop open the file and go to offset 00000976 and change 75 to 74

elegance on 2022-10-05 22:54: W269N-WFGWX-YVC9B-4J6C9-T83GX super easy

Jeudy on 2022-10-10 14:34: Solution by: Jeu Type of compiler: Visual C++/C Difficulty: Medium 00401501 /$ 55 PUSH EBP 00401502 |. 89E5 MOV EBP,ESP 00401504 |. 83EC 48 SUB ESP,0x48 00401507 |. E8 D9FFFFFF CALL C_File_C.004014E5 0040150C |. 83F8 01 CMP EAX,0x1 0040150F |. 75 07 JNZ SHORT C_File_C.00401518 00401511 |. B8 01000000 MOV EAX,0x1 00401516 |. EB 4F JMP SHORT C_File_C.00401567 00401518 | C74424 04 835MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; ||||ASCII "rb" 00401520 |. C70424 765040MOV DWORD PTR SS:[ESP],C_File_C.00405076 ; ||||ASCII "password.bin" 00401527 |. E8 8C260000 CALL ; |||\fopen 0040152C |. 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX ; ||| 0040152F |. 8D45 D6 LEA EAX,DWORD PTR SS:[EBP-0x2A] ; ||| 00401532 |. 894424 08 MOV DWORD PTR SS:[ESP+0x8],EAX ; ||| 00401536 |. C74424 04 865MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; |||ASCII "%s" 0040153E |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] ; ||| 00401541 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; ||| 00401544 |. E8 5F260000 CALL ; ||\fscanf 00401549 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] ; || 0040154C |. 890424 MOV DWORD PTR SS:[ESP],EAX ; || 0040154F |. E8 6C260000 CALL ; |\fclose 00401554 |. C74424 04 044MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; |ASCII "W269N-WFGWX-YVC9B-4J6C9-T83GX" 0040155C |. 8D45 D6 LEA EAX,DWORD PTR SS:[EBP-0x2A] ; | 0040155F |. 890424 MOV DWORD PTR SS:[ESP],EAX ; | 00401562 |. E8 01260000 CALL ; \strcmp 00401567 | C9 LEAVE 00401568 \. C3 RETN Well, he is the part of the assembler code with the program uses apis and functions to compare your passwords.bin keyfile to autentification... Use the serial is the easy way but patching is hard. You see cmp eax,1 and conditional jump down mov eax,1 this nopping conditional jump you patching the authentification program algorithm. Remember XOR EAX,EAX to patch the algorithm of the program. Just like that: 00401501 /$ 55 PUSH EBP 00401502 |. 89E5 MOV EBP,ESP 00401504 |. 83EC 48 SUB ESP,0x48 00401507 |. E8 D9FFFFFF CALL C_File_C.004014E5 0040150C |. 83F8 01 CMP EAX,0x1 0040150F 90 NOP 00401510 90 NOP 00401511 31C0 XOR EAX,EAX 00401513 90 NOP 00401514 90 NOP 00401515 90 NOP 00401516 |. EB 4F JMP SHORT C_File_C.00401567 00401518 | C74424 04 835MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; ||||ASCII "rb" 00401520 |. C70424 765040MOV DWORD PTR SS:[ESP],C_File_C.00405076 ; ||||ASCII "password.bin" 00401527 |. E8 8C260000 CALL ; |||\fopen 0040152C |. 8945 F4 MOV DWORD PTR SS:[EBP-0xC],EAX ; ||| 0040152F |. 8D45 D6 LEA EAX,DWORD PTR SS:[EBP-0x2A] ; ||| 00401532 |. 894424 08 MOV DWORD PTR SS:[ESP+0x8],EAX ; ||| 00401536 |. C74424 04 865MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; |||ASCII "%s" 0040153E |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] ; ||| 00401541 |. 890424 MOV DWORD PTR SS:[ESP],EAX ; ||| 00401544 |. E8 5F260000 CALL ; ||\fscanf 00401549 |. 8B45 F4 MOV EAX,DWORD PTR SS:[EBP-0xC] ; || 0040154C |. 890424 MOV DWORD PTR SS:[ESP],EAX ; || 0040154F |. E8 6C260000 CALL ; |\fclose 00401554 |. C74424 04 044MOV DWORD PTR SS:[ESP+0x4],C_File_C.0040; |ASCII "W269N-WFGWX-YVC9B-4J6C9-T83GX" 0040155C |. 8D45 D6 LEA EAX,DWORD PTR SS:[EBP-0x2A] ; | 0040155F |. 890424 MOV DWORD PTR SS:[ESP],EAX ; | 00401562 |. E8 01260000 CALL ; \strcmp 00401567 | C9 LEAVE 00401568 \. C3 RETN And you write this nops and xors you bypass the authetification and break the algorithm of the program because the serial number is in strings reference and is the easy way, but patching not. By Jeu.

fa0xke on 2022-10-12 18:23: W269N-WFGWX-YVC9B-4J6C9-T83GX

Pavlovich on 2022-11-14 22:33: Simple revers :) Password is W269N-WFGWX-YVC9B-4J6C9-T83GX

wimm on 2022-12-07 19:34: W269N-WFGWX-YVC9B-4J6C9-T83GX

Ivy04 on 2023-03-24 14:56: W269N-WFGWX-YVC9B-4J6C9-T83GX

mr.penis on 2024-08-09 14:14: Stream = fopen("password.bin", "rb"); fscanf(Stream, "%s", Str1); fclose(Stream); return strcmp(Str1, password);

You must be logged in to submit a writeup

crackmes.one

crackmes.one

RedXen's C File CrackMe