internetenemy on 2026-03-07 14:02:
[Click to reveal]PWD!!^-12345-!XD
internetenemy on 2026-03-07 14:08:
[Click to reveal]main XOR-decrypts the prompt [>] Enter the password: (key 0x69), reads user input via cin/getline.
validate_password (0x1400017C0) handles three input lengths:
8 chars: Hash loop using i * input[i] (key "Pass1234" stored as decoy)
16 chars: XORs input with "PWD!!^-12345-!XD", sign-extends bytes to dwords, adds i*7 constants, XORs with (i%4)*4, sums all 16 values
27 chars: XOR with "This1st00easyineedh4rders!" + accumulator hash
main independently computes the expected value using the formula ((i*4 & 12) (i*7)) for i=0..15 = 840, then (3 × 840) 0x55 = 2445.
When the input is PWD!!^-12345-!XD, the XOR with the same key produces all zeros, and the SIMD computation yields exactly 840 (3 × 840) 0x55 = 2445, matching the expected value.
On match: prints [+] Congrats, you solved me!; otherwise: [-] You failed, try again.
Frantz04 on 2026-03-10 19:46:
[Click to reveal]PWD!!^-12345-!XD
S3TYB_GNI3SREV3R on 2026-03-10 20:53:
[Click to reveal]1. Anti-debug bypass: The binary uses IsDebuggerPresent with ud2 traps. Bypassed with dbh (hide debugger) + patching
IsDebuggerPresent to xor eax,eax; ret.
2. String encryption: All UI strings are XOR'd with 0x69 at runtime and wiped after use, so no plaintext in memory.
3. Key validation logic (in sub_1400017C0):
- Handles 3 password lengths: 8, 16, and 27 characters
- Length 16 path XORs input with the constant xmmword_1400CD050 = "PWD!!^-12345-!XD", then SIMD-hashes
- The main function computes an expected hash 0x98D from a constant SIMD formula
4. The secret key: PWD!!^-12345-!XD — the 16-byte XOR key constant itself, stored at xmmword_1400CD050 in the binary's
.rdata section.