sporta778 on 9:10 AM 05/03/2024: This difficulity do not accroding presents. I think it difficulity 1.5. What can do you UPX-Patcher, or even just UPX packer, if program just unpacking yourself. Where obfuscation? I do not see it. I will write solution.
sporta778 on 9:24 AM 05/03/2024: your*
sporta778 on 10:57 AM 05/03/2024: I send solution...
DosX on 3:59 PM 05/04/2024: sporta778, obfuscator used: github[dot]com/DosX-dev/obfus.h
sporta778 on 8:41 PM 05/05/2024: see it in debugger, it enough straight forward assembler code... in crackme 11 kb more strange calls.
sporta778 on 7:35 PM 05/08/2024: maybe here trojan ;) if author trying to hide something...
DosX on 4:12 PM 05/09/2024: sporta778, list all the Trojans you found in this crackme. If the solution to this crackme is not in your power, this does not mean at all that it is stuffed with viruses. Or maybe you'll stop doing bullshit in the comments and finally start developing yourself? Sometimes people's logic boggles the imagination. ¯\_(ツ)_/¯
sporta778 on 6:42 PM 05/09/2024: i send solution...
sporta778 on 9:52 PM 05/10/2024: and it was 3 may... do not angry to me....
ieattrash on 9:58 AM 05/12/2024: Solved! Nice crackme. Got to learn stuff. I mistyped the flag and spent 3 hrs looking at unecessary decompilation LOL!
sporta778 on 10:40 PM 05/16/2024: show off on flat place...;))
khorka900 on 5:03 PM 05/20/2024: void entry(void)
{
char cVar1;
undefined uVar2;
char cVar3;
undefined4 uVar4;
int iVar5;
uint uVar6;
HMODULE hModule;
FARPROC pFVar7;
DWORD flNewProtect;
DWORD *pDVar8;
undefined4 *puVar9;
uint uVar10;
uint uVar11;
FARPROC *ppFVar12;
uint unaff_EBP;
uint *puVar13;
undefined4 *puVar14;
int *piVar15;
int *piVar16;
DWORD *lpProcName;
DWORD *pDVar17;
DWORD *pDVar18;
bool bVar19;
bool bVar20;
undefined local_80 [72];
undefined4 uStackY_38;
puVar13 = &DAT_0041e015;
puVar14 = (undefined4 *)&DAT_00401000;
LAB_0041f5da:
uVar10 = *puVar13;
bVar19 = puVar13 1;
}
if (!bVar19) {
iVar5 = 1;
bVar19 = CARRY4(uVar10,uVar10);
uVar10 = uVar10 * 2;
if (uVar10 == 0) {
uVar10 = *puVar13;
bVar20 = puVar13
survivalizeed on 10:25 PM 06/06/2024: A nice crackme but the difficulty rating is too high imo.
The string length check is easy to find (0xB) and after that you dont even need to run it in order to understand the asm. Don't really see any obfuscation except for a heavy packer...
Since there is no real solution to post... Here is the password:
FLAG{a(#3_}
DosX on 9:16 AM 06/08/2024: survivalizeed, if there were no obstacle, then this crackme could be solved in a couple of seconds in any decompiler. It is also worth considering that the main function of protection - virtualization is not used here. Later I will release a more complex crackme with this protection
survivalizeed on 1:17 PM 06/26/2024: @DosX well there is no obstacle tbh. Packers aren't an obstacle since dumping the executable with Scylla does the job in 99% of the cases... Just throwing protection at an executable wont make it "hard". A nice virtualization would be good i guess but still having a packer wont fix your decompiler problem... And as i've said you dont even need a decompiler for this one here.
sporta778 on 9:37 PM 07/17/2024: by the way, my solution posted;)