Author:
tesetr1

Language:
.NET

Upload:
5:17 AM 04/06/2023

Download

Platform
Windows

Difficulty:
4.0

Quality:
4.0

Arch:
x86-64

Description

-Try to find key to active that -It won't hard ( trust me :) ) -It contain some basic debugger check, Code Virtualization, String Encrypter -Hash check is broken because server to check hash is down -Key is encrypted - don't worry, exe contain decrypt key -Good luck !

• Comments
• Solutions

natitati on 3:00 PM 04/07/2023: Can you provide a little hint? I just don't know how to approach it. Tried IDA pro like I do every time but it won't even let me debug. Tried .NET decompilers and still nothing.

tesetr1 on 3:23 PM 04/07/2023: Little hint: -Try to hide debugger (pretty easy, dnSpy can do that) -Next try to find encrypt and decrypt function and set breakpoint that -You will be able to see unencrypted key when do that -Good luck

tesetr1 on 3:27 PM 04/07/2023: Maybe it difficulty only 3 or 2 because it's uncomplete version

natitati on 5:26 PM 04/07/2023: Okay yeah, before I saw your comment I discovered dnSpy lol. I think I'm close to solving this now. dnSpy is useful.

natitati on 6:18 PM 04/07/2023: Ok so i think i got it? It's random every time, it's only possible with a debugger techinacally.. i think. Correct me if im wrong please

natitati on 7:57 PM 04/07/2023: Okay, I managed to solve it by patching... I opened it and IDA again with dnSpy on the side, to try find patterns and similar strings. Finally i managed to find the two jump conditions for the if and the flag... and changed them to their opposite to gain access without having to type the password even once. Great crackme!

natitati on 7:58 PM 04/07/2023: Was cool to learn how CIL or MSIL assembly and opcodes work.

tesetr1 on 5:59 AM 04/08/2023: Some fun fact: If key is correct, It'll return false instead of true

BlackHatRCE on 7:19 PM 04/08/2023: It was a very easy one. I do not go for crack often as Unpacking is fun. https://i.imgur.com/u67n3eo.png

byclone on 9:40 PM 04/15/2023: https://imgur.com/ZRUVWh8

Lesoorub on 5:43 PM 04/27/2023: https://i.imgur.com/dsG1MGs.png Spoiler. My solution: task manager take memory dump of activate.exe. Next find in him near some words: KL321nt0, KSTmzuHV^w&t5G8I1Guz, KL321, nt0. It is maybe hashmap... And find near some base64 string, this is a encoded key storage in memory. Decoded him with my decoder (created based on decompiled sources) (https://pastebin.com/n9PpLKZP)

You must me logged to submit a solution