j0n3s91 on 9:13 PM 04/01/2023: Hi,
I am a bit stuck with this challenge. After the call to wcstombs I encounter some data in the text section and I dont get how execution could continue here. A small advice would be appreciated.
hacktooth on 11:29 PM 04/03/2023: Go to the start :)
ClashRoyaleKing on 6:38 PM 04/04/2023: Can I use debugger or this task about static analysis?
hacktooth on 12:47 PM 04/06/2023: i'm stuck in this keygen me, this is what i understand (maybe)
Seeing what these functions do might help you troubleshoot or understand
how the KEY is generated.
The program starts by checking if a debugger is present and calculating a value
hexadecimal starting from two constants:
cost1 = "pearldarkk"
const2 = 0xDEADBEEF
the string const1 is split by character and put into an array.
string array[11] = "p, e, a, r, l, d, a, r, k, k"
then the XOR operator on const2 is executed for each character of the array[11]
until you get the hexadecimal value:
const2 = 0xDEADBEFE
this could be the generation of the FLAG we need or just a pitfall.
00E61050 the function starts from this address
then follows a function that examines the two values inserted in the GUI; FLAG and KEY and are processed.
00E61140 this function starts here
the flag value is processed with the wcstomb function,
00E61245 here maybe there is a sscanf function.
and finally it is checked and the multibytes of the string are checked via strncmp.
Multibyte value of FLAG "0121317d1d5d0701636e355f4b237e"??
TyfoC on 3:49 PM 05/25/2023: So, I restored the function with checking the flag and key, suddenly it will come in handy for someone:
Link - pastebin.com/2Xa28tSw
Password - crackmes.one
filenort on 8:26 PM 06/13/2023: I took like 1 hours to analyze and decode took short brake and cracked it in less then 5 minutes. Great crackme man =]