DosX's Obfuscation of C (7 kb crackme)

Author:
DosX

Language:
C/C++

Upload:
2024-04-24 19:14

Download

Platform:
Windows

Difficulty:
2.7

Quality:
4.5

Arch:
x86

Downloads:
24

Size:
7.00 KB

Writeups:
1

Comments:
17

Description

File is obfuscated with obfus.h (open-source C-obfuscator) and packed with UPX (modified with UPX-Patcher) The task: Get text password Good luck!

Comments (17)
Writeups (1)

You must be logged in to post a comment

sporta778 on 2024-05-03 09:10: This difficulity do not accroding presents. I think it difficulity 1.5. What can do you UPX-Patcher, or even just UPX packer, if program just unpacking yourself. Where obfuscation? I do not see it. I will write solution.

sporta778 on 2024-05-03 09:24: your*

sporta778 on 2024-05-03 10:57: I send solution...

DosX on 2024-05-04 15:59: sporta778, obfuscator used: github[dot]com/DosX-dev/obfus.h

sporta778 on 2024-05-05 20:41: see it in debugger, it enough straight forward assembler code... in crackme 11 kb more strange calls.

sporta778 on 2024-05-08 19:35: [Click to reveal]

DosX on 2024-05-09 16:12: sporta778, list all the Trojans you found in this crackme. If the solution to this crackme is not in your power, this does not mean at all that it is stuffed with viruses. Or maybe you'll stop doing bullshit in the comments and finally start developing yourself? Sometimes people's logic boggles the imagination. ¯\_(ツ)_/¯

sporta778 on 2024-05-09 18:42: i send solution...

sporta778 on 2024-05-10 21:52: and it was 3 may... do not angry to me....

ieattrash on 2024-05-12 09:58: Solved! Nice crackme. Got to learn stuff. I mistyped the flag and spent 3 hrs looking at unecessary decompilation LOL!

sporta778 on 2024-05-16 22:40: show off on flat place...;))

khorka900 on 2024-05-20 17:03: void entry(void) { char cVar1; undefined uVar2; char cVar3; undefined4 uVar4; int iVar5; uint uVar6; HMODULE hModule; FARPROC pFVar7; DWORD flNewProtect; DWORD *pDVar8; undefined4 *puVar9; uint uVar10; uint uVar11; FARPROC *ppFVar12; uint unaff_EBP; uint *puVar13; undefined4 *puVar14; int *piVar15; int *piVar16; DWORD *lpProcName; DWORD *pDVar17; DWORD *pDVar18; bool bVar19; bool bVar20; undefined local_80 [72]; undefined4 uStackY_38; puVar13 = &DAT_0041e015; puVar14 = (undefined4 *)&DAT_00401000; LAB_0041f5da: uVar10 = *puVar13; bVar19 = puVar13 1; } if (!bVar19) { iVar5 = 1; bVar19 = CARRY4(uVar10,uVar10); uVar10 = uVar10 * 2; if (uVar10 == 0) { uVar10 = *puVar13; bVar20 = puVar13

survivalizeed on 2024-06-06 22:25: [Click to reveal]

DosX on 2024-06-08 09:16: survivalizeed, if there were no obstacle, then this crackme could be solved in a couple of seconds in any decompiler. It is also worth considering that the main function of protection - virtualization is not used here. Later I will release a more complex crackme with this protection

survivalizeed on 2024-06-26 13:17: @DosX well there is no obstacle tbh. Packers aren't an obstacle since dumping the executable with Scylla does the job in 99% of the cases... Just throwing protection at an executable wont make it "hard". A nice virtualization would be good i guess but still having a packer wont fix your decompiler problem... And as i've said you dont even need a decompiler for this one here.

sporta778 on 2024-07-17 21:37: by the way, my solution posted;)

jeffli6789 on 2026-01-04 06:25: This crackme had been reviewed when it was originally approved and is likely safe. Crackmes often get flagged by antivirus software, EDR systems, or VirusTotal because they may use the same protection techniques found in malware (packers, anti-debugging, self-modifying code, etc.), or simply a false positive. This does NOT mean the crackme is actually malicious. The only way to confirm whether something is truly malware is to reverse engineer it and find proof of malicious code and/or malicious behavior. If you still believe this is actual malware, please report it to us via email: crackmesone@gmail.com. **We encourage everyone to run crackmes in a VM (virtual machine) and exercise caution when executing unknown binaries.** *Disclaimer: We do our best to review submissions, but mistakes can happen. The administrators and crackmes.one cannot be held liable for any damages or losses resulting from the use of files downloaded from this site. Always exercise caution and use a sandboxed environment.*

Show all spoilers

You must be logged in to submit a writeup

Solution by sporta778 on 2024-05-03 10:57:
Solution

Download