You must be logged in to post a comment
potichek on 4:55 PM 02/21/2024: The password is generated randomly
cnathansmith on 7:19 PM 02/21/2024: @potichek it's a timing attack
TEA on 1:14 AM 02/22/2024: where the password of the rar file
cnathansmith on 3:32 AM 02/22/2024: @TEA It's always crackmes.one
tanjid01 on 7:52 AM 02/22/2024: stupid program, exit the moment you hit enter. no massage shows
cnathansmith on 12:54 PM 02/22/2024: @tanjid01 Most challenges are console applications. You need to launch them in a cmd window
kestas69 on 3:57 PM 02/25/2024: somehow managed to randomly click the function that generated the password. Password is generated based on time, solved.
sporta778 on 3:39 PM 02/28/2024: Nice cnathansmith.
sporta778 on 8:16 PM 02/28/2024: In really i think it big word that this timing attack. _time64
return time with resoultion 1 second. I think here can be maded stay along application and it will can give several result's in which we can find true password.
sporta778 on 8:27 PM 02/28/2024: p.s. do not swear to me , i am figuratively know that is time attack:))
sporta778 on 8:36 PM 02/28/2024: p.p.s and yet , one second for microprocessor this is how one year for us:)))
Crayon on 7:16 AM 02/29/2024: @cnathansmith sorry for noob question. How do I run the keygen? With Visual Studio Code?
sporta778 on 12:53 PM 02/29/2024: One second enough time to run in 2 cmd windows's 2 application's
: crackme and keygen, and the will have same time received by the _time64(<ime).
cnathansmith on 8:09 PM 02/29/2024: @Crayon open the .sln file in Visual Studio or VS Code and build it to get the executable. TARGET needs to contain the path to the challenge exe.
sporta778 on 8:48 PM 02/29/2024: i give up , i can just it make in yourself program
but i do not understand physical meaning:
call
add rbp,1
mov edx,eax
cdqe
imul rax,rax,FFFFFFFF84210843
mov ecx,edx
sar ecx,1F
shr rax,20
add eax,edx
sar eax,5
sub eax,ecx
imul eax,eax,3E
sub edx,eax
movsxd rdx,edx
movzx eax,byte ptr ss:[rsp+rdx+20]
mov byte ptr ss:[rbp-1],al
cmp rbp,rbx
jne untitled1.7FF710F315E0
how it can be some %62 ?
i do not understand
sporta778 on 8:49 PM 02/29/2024: 62 look like %0x3e
sporta778 on 9:03 PM 02/29/2024: maybe i do not understand but how you can transofmate this code in just random%62.
sporta778 on 10:23 PM 02/29/2024: *myself
cnathansmith on 4:09 PM 03/01/2024: @sporta778 It's magic number modulo division. Take a look at the function in Ghidra and it can work the math out for you
cnathansmith on 4:31 PM 03/01/2024: http://icodeguru.com/Embedded/Hacker%27s-Delight/065.htm
sporta778 on 12:30 PM 03/04/2024: it's strange how in two applications random can give some subsequence identical numbers???
sporta778 on 6:24 PM 03/19/2024: ehhhh sorry , i thinked Ghidra it is super secret algorithm,
it is just disassembler... it hard to me speculative analyze code.... just debugger....
justAuser on 6:50 PM 03/22/2024: @sporta = rseudorandom
ShadowD on 8:40 PM 10/16/2024: It's for password finding but I think it's also good as a rerouting exercise for beginners (it's still a jnz - jz but not as straight forward)
junfer001 on 10:50 AM 10/28/2024: breakpoint on addr 140001624 shows you the generated password. you can find the adress by diggin in ghydra where it looks at the time and loops to generate the pasword.