Author:
genass3

Language:
C/C++

Upload:
8:19 AM 09/04/2025

Download

Platform
Windows

Difficulty:
4.7

Quality:
5.0

Arch:
x86-64

Description

Objective: Find the password (ASCII). Patching is also a valid solution. Changes from previous version: - Improved password verification logic - Enhanced patch protection mechanism (just a little bit) - Added basic code obfuscation - Implemented primitive string encryption - Integrated simple anti-debug techniques Feedback is welcome!

• Comments
• Writeups

You must be logged in to post a comment

trendcrusher on 7:46 PM 09/06/2025: Thank you)Patch working well. Starting application with PatchCRC protection CRC Monitoring Thread Started Key:dfr54435435 - not real) Applicatin finished.

trendcrusher on 7:51 PM 09/06/2025: And corect password without patch - Key:))*;'.(* Applicatin finished. Thank you for this)

zm0d on 2:54 PM 09/18/2025: Is the password stored in the executable? My guess is no. I got the algorithm working and the correct hash-value of 0x84004833. But I'm stuck getting to the key on my own now. Any tips?

arbuzer on 5:32 PM 09/18/2025: @zm0d: You're on the right track — the password isn't stored directly. Since you have the correct hash, try focusing on **reversing the transformation applied before hashing** (XOR obfuscation) and ensure your hash simulation uses **32-bit integer arithmetic**. The key lies in understanding how input is mangled before the hash loop. Keep experimenting with short printable strings — brute-force or smart guessing can get you there.

zm0d on 11:19 AM 09/19/2025: Thanks for the tip. Bypassing the patching protection was quite easy IMO. But I really struggle with that hash algorithm to just "generate" a valid key. My insights: 1) If input key is = 8 characters it uses SIMD processing. Im relativly new to this stuff of reverse-engineering. Right now I would say that the hash results equals each path. However, I'm unsure. Reverse calculation of the hash is from my insights "impossible".

zm0d on 11:21 AM 09/19/2025: Ahh html brackets are removed here... my formation is gone. I meant to write if input key is lower then 8 then is processes byte for byte and if it's higher or equal 8 SIMD processing is used.

genass3 on 3:34 PM 09/19/2025: @zm0d: Theres is many passwords you can find that matches the hash, but you know that you cant reverse the hash, half of the data of correct password is just disappears in the hash algorithm, you can try brute-force to find some collisions, its should take around 1 min if you will use CUDA, if you gonna keep trying to solve that on ur own, it will not lead you to the finish

genass3 on 3:38 PM 09/19/2025: @zm0d: Btw, theres a passwords with 7 chars that should be valid, and probably with 6 and lower (wasnt testing), so the brute-force may took even less than 1 minute

zm0d on 7:06 AM 09/22/2025: Thank you. I got it working. That was a good learn lesson.

genass3 on 4:11 PM 09/22/2025: @zm0d: ur welcome :)

You must be logged in to submit a writeup