0xZER0 on 2022-11-07 12:37:
[Click to reveal]Is it '3This_Is_the_Password' ?
0xZER0 on 2022-11-09 16:16:
The solution (not a very good one) is explained here:
https://0x0000zer0.gitlab.io/0xBLOG/crackme_lilvm2.html
hdbg on 2022-11-10 20:00:
@0xZER0, that's right. Will fix this flaw :)
injuan on 2022-11-20 12:21:
https://i.imgur.com/Qq7D2AZ.png
key in memory
Sems on 2022-11-27 13:52:
The most major hint of this crackme is that it uses symmetric encryption, so when we give the complex expression checked in memcmp back to crackme, it easily gives us the actual password. But I had the same problem as 0xZER0 and I have a theory about it. To 0xZER0: I used IDA just like you and saw that when IDA put the memory value in the assembly code as a comment line, it duplicated the backslash. When I went directly to the address where the data was, I encountered only one blackslash, which means the original state of the asymmetric encrypted data. When I used this, I found exactly the password you guessed correctly in the memory :D So as I understand it, it seems like IDA has a 'problem' rather than an author's error as you said in your writeup.
Sems on 2022-11-27 13:58:
Of course, this is not exactly a 'problem'. We have learned that IDA shows the escape characters in the comment lines thus.