MugoSquero on 5:25 PM 04/23/2024: Seems impossible without patching, because the algorithm includes some checks based on the effective address of a value on the stack. This means it changes every time. I hope I am wrong because it will teach me a lot.
majorsopa on 5:51 PM 04/23/2024: Mugo- correct(ish), however for whatever reason this effective address didn't change between runs on Windows, only compiles. On Linux it changed every run.
I do absolutely think the only practical approach would use patching to bypass the antidebug and derive a password from that, which you can then use on the original binary.
If my observations about effective addresses were incorrect and an artifact of my development environment, then I will remove the crackme. However I do not believe this is the case.
note- patching the binary will change the effective address, so it's not as simple as printf'ing the effective address.
nnxstnt on 11:23 AM 04/24/2024: The answer is clearly runtime dependant. Check out ASLR and how virtual memory works.
Apart from the some anti-debug shenanigans at the start, the algorithm is pretty straigth forward.
majorsopa on 12:42 PM 04/24/2024: it isn't runtime dependent. i have a text file on my pc which gives a correct answer. don't be mad if you can't solve it lol
nnxstnt on 2:23 PM 04/24/2024: Uhh, I patched too much in the anti-debug part, you are correct, my bad
MugoSquero on 4:30 PM 04/24/2024: Every time I hit restart on the original binary in x64dbg, the effective address of the top of the stack changes. What am I missing?
You must me logged to submit a solution
Write a comment
Share how awesome the crack me was or where you struggle to finish it! Stay polite and do not spoil the solution/flag!
Rate the difficulty
How would you rate the difficulty of this crackme ?