tesetr1's Active

Author:
tesetr1

Language:
.NET

Upload:
2023-04-06 05:17

Download

Platform:
Windows

Difficulty:
4.7

Quality:
4.0

Arch:
x86-64

Downloads:
8

Size:
2.29 MB

Writeups:
0

Comments:
11

Description

-Try to find key to active that -It won't hard ( trust me :) ) -It contain some basic debugger check, Code Virtualization, String Encrypter -Hash check is broken because server to check hash is down -Key is encrypted - don't worry, exe contain decrypt key -Good luck !

Comments (11)
Writeups (0)

You must be logged in to post a comment

natitati on 2023-04-07 15:00: Can you provide a little hint? I just don't know how to approach it. Tried IDA pro like I do every time but it won't even let me debug. Tried .NET decompilers and still nothing.

tesetr1 on 2023-04-07 15:23: Little hint: -Try to hide debugger (pretty easy, dnSpy can do that) -Next try to find encrypt and decrypt function and set breakpoint that -You will be able to see unencrypted key when do that -Good luck

tesetr1 on 2023-04-07 15:27: Maybe it difficulty only 3 or 2 because it's uncomplete version

natitati on 2023-04-07 17:26: Okay yeah, before I saw your comment I discovered dnSpy lol. I think I'm close to solving this now. dnSpy is useful.

natitati on 2023-04-07 18:18: Ok so i think i got it? It's random every time, it's only possible with a debugger techinacally.. i think. Correct me if im wrong please

natitati on 2023-04-07 19:57: Okay, I managed to solve it by patching... I opened it and IDA again with dnSpy on the side, to try find patterns and similar strings. Finally i managed to find the two jump conditions for the if and the flag... and changed them to their opposite to gain access without having to type the password even once. Great crackme!

natitati on 2023-04-07 19:58: Was cool to learn how CIL or MSIL assembly and opcodes work.

tesetr1 on 2023-04-08 05:59: Some fun fact: If key is correct, It'll return false instead of true

BlackHatRCE on 2023-04-08 19:19: It was a very easy one. I do not go for crack often as Unpacking is fun. https://i.imgur.com/u67n3eo.png

byclone on 2023-04-15 21:40: https://imgur.com/ZRUVWh8

Lesoorub on 2023-04-27 17:43: https://i.imgur.com/dsG1MGs.png Spoiler. My solution: task manager take memory dump of activate.exe. Next find in him near some words: KL321nt0, KSTmzuHV^w&t5G8I1Guz, KL321, nt0. It is maybe hashmap... And find near some base64 string, this is a encoded key storage in memory. Decoded him with my decoder (created based on decompiled sources) (https://pastebin.com/n9PpLKZP)

You must be logged in to submit a writeup

crackmes.one

crackmes.one

tesetr1's Active