thebovl's Dll injection

Author:
thebovl

Language:
.NET

Upload:
2023-05-20 07:52

Download

Platform:
Windows

Difficulty:
4.0

Quality:
4.5

Arch:
x86-64

Downloads:
10

Size:
15.93 KB

Writeups:
2

Comments:
17

Description

Dont patch, write solution blah blah blah INJECT DLL USING CRACKME!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! I will make a loader of fake cheat if your want ;) (write in comments)

Comments (17)
Writeups (2)

You must be logged in to post a comment

devsoft on 2023-05-23 16:25: [ebp-14C] will always contain the valid key for the instance

garfield on 2023-05-27 12:39: im guessing you trying to make some bad cheat loader in c# and asking people how fast their dumping speedrun on dnspy was right?

thebovl on 2023-05-29 09:41: No. Your wrong!

devsoft on 2023-05-29 10:41: @thebovl, which one? :) The loader is not managed code, and I guess is c++ with a common RunPE, running a .NET payload. So the solution without a patch might only pass by cheating it... :\

thebovl on 2023-05-29 19:02: I wont reveal all of her features! You'll have to guess for yourselves.

devsoft on 2023-05-30 10:53: @thebovl the question is only one. Is it acceptable to cheat the value? Since you defined the no patching rule :\

devsoft on 2023-05-30 11:46: I'll apply for a solution that involves patching. But since it will be refused, I will never see it, because your examples just ask to don't get resolved :\

thebovl on 2023-05-31 06:55: @devsoft The most important task is to solve it, so yes

thebovl on 2023-06-01 16:09: @devsoft I'm glad that this crackme was solved! But in any case, the original task I conceived was to write a crackme for which a person would need to write a program that would read the memory and issue a key, and it was this crackme that should have become it :\ In any case, I'm glad it worked out for you! :)

thebovl on 2023-06-01 16:11: @devsoft I just started learning c++ so don't judge too harshly

devsoft on 2023-06-01 16:32: @thebovl No judgment at all! I'm no big expert myself! I just like breaking stuff ^^. I tried, but the task itself is going to be hard as hell. Somewhere in the sea of RAM, there must be a pointer to the offset, but the "seeker's" I Know they depend on multiple scans. Which is instantly killed due this dynamic key system. Although I know when the value will be at ebp-14C, I can't pause the PID execution to extract it :\. But I'm eager for someone else to post a solution involving either a pointer scan, or an offset extraction. But since I'm thinking while typing, I did realize all strings have a fixed LEN of 16. This constant might be a weakness, but only time will tell. Anyway, this is a complex system with multiple usages and it's always nice to check out, where and how is it being used.

devsoft on 2023-06-01 16:57: Posting a new solution without patching ^^, this is half you want, since it's based on a weakness.

thebovl on 2023-06-01 17:12: @devsoft ^^

Anhmai on 2023-08-03 08:52: nice =)))) i try it but key is random =))) rand(), when i debug and i input correct key, then funtion ShellExecuteA(0, 0, "notepad.exe", 0, 0, 5) = open notepad.exe. And load main.dll, right? -----------------------------------------------; ; ; ; ; ; Injector ; ; ; ; ; ;-----------------------------------------------; [+] Injecting... [+] Inject was successful!

Anhmai on 2023-08-03 08:54: key length is 16 characters ^^

Abino on 2024-03-16 18:58: fumo, ninguém fala em português nessa merda kkk

dredge on 2024-08-09 13:03: [Click to reveal]

Show all spoilers

You must be logged in to submit a writeup

Solution by devsoft on 2023-05-30 13:58:
PDF file with explanation in how to bypass the system

Download

Solution by ByteBrew on 2023-07-29 16:46:
Read solution.py

Download

crackmes.one

crackmes.one

thebovl's Dll injection