genass3's Patch protect v2

Author:
genass3

Language:
C/C++

Upload:
2025-09-04 08:19

Download

Platform:
Windows

Difficulty:
4.5

Quality:
4.8

Arch:
x86-64

Downloads:
26

Size:
16.00 KB

Writeups:
0

Comments:
10

Description

Objective: Find the password (ASCII). Patching is also a valid solution. Changes from previous version: - Improved password verification logic - Enhanced patch protection mechanism (just a little bit) - Added basic code obfuscation - Implemented primitive string encryption - Integrated simple anti-debug techniques Feedback is welcome!

Comments (10)
Writeups (0)

You must be logged in to post a comment

trendcrusher on 2025-09-06 19:46: Thank you)Patch working well. Starting application with PatchCRC protection CRC Monitoring Thread Started Key:dfr54435435 - not real) Applicatin finished.

trendcrusher on 2025-09-06 19:51: [Click to reveal]

zm0d on 2025-09-18 14:54: Is the password stored in the executable? My guess is no. I got the algorithm working and the correct hash-value of 0x84004833. But I'm stuck getting to the key on my own now. Any tips?

arbuzer on 2025-09-18 17:32: @zm0d: You're on the right track — the password isn't stored directly. Since you have the correct hash, try focusing on **reversing the transformation applied before hashing** (XOR obfuscation) and ensure your hash simulation uses **32-bit integer arithmetic**. The key lies in understanding how input is mangled before the hash loop. Keep experimenting with short printable strings — brute-force or smart guessing can get you there.

zm0d on 2025-09-19 11:19: Thanks for the tip. Bypassing the patching protection was quite easy IMO. But I really struggle with that hash algorithm to just "generate" a valid key. My insights: 1) If input key is = 8 characters it uses SIMD processing. Im relativly new to this stuff of reverse-engineering. Right now I would say that the hash results equals each path. However, I'm unsure. Reverse calculation of the hash is from my insights "impossible".

zm0d on 2025-09-19 11:21: Ahh html brackets are removed here... my formation is gone. I meant to write if input key is lower then 8 then is processes byte for byte and if it's higher or equal 8 SIMD processing is used.

genass3 on 2025-09-19 15:34: @zm0d: Theres is many passwords you can find that matches the hash, but you know that you cant reverse the hash, half of the data of correct password is just disappears in the hash algorithm, you can try brute-force to find some collisions, its should take around 1 min if you will use CUDA, if you gonna keep trying to solve that on ur own, it will not lead you to the finish

genass3 on 2025-09-19 15:38: @zm0d: Btw, theres a passwords with 7 chars that should be valid, and probably with 6 and lower (wasnt testing), so the brute-force may took even less than 1 minute

zm0d on 2025-09-22 07:06: Thank you. I got it working. That was a good learn lesson.

genass3 on 2025-09-22 16:11: @zm0d: ur welcome :)

Show all spoilers

You must be logged in to submit a writeup

crackmes.one

crackmes.one

genass3's Patch protect v2