0xZER0 on 12:37 PM 11/07/2022: Is it '3This_Is_the_Password' ?
0xZER0 on 4:16 PM 11/09/2022: The solution (not a very good one) is explained here:
https://0x0000zer0.gitlab.io/0xBLOG/crackme_lilvm2.html
hdbg on 8:00 PM 11/10/2022: @0xZER0, that's right. Will fix this flaw :)
injuan on 12:21 PM 11/20/2022: https://i.imgur.com/Qq7D2AZ.png
key in memory
Sems on 1:52 PM 11/27/2022: The most major hint of this crackme is that it uses symmetric encryption, so when we give the complex expression checked in memcmp back to crackme, it easily gives us the actual password. But I had the same problem as 0xZER0 and I have a theory about it. To 0xZER0: I used IDA just like you and saw that when IDA put the memory value in the assembly code as a comment line, it duplicated the backslash. When I went directly to the address where the data was, I encountered only one blackslash, which means the original state of the asymmetric encrypted data. When I used this, I found exactly the password you guessed correctly in the memory :D So as I understand it, it seems like IDA has a 'problem' rather than an author's error as you said in your writeup.
Sems on 1:58 PM 11/27/2022: Of course, this is not exactly a 'problem'. We have learned that IDA shows the escape characters in the comment lines thus.
You must me logged to submit a solution
Write a comment
Share how awesome the crack me was or where you struggle to finish it! Stay polite and do not spoil the solution/flag!
Rate the difficulty
How would you rate the difficulty of this crackme ?