I think during the first phase, the Mersenne Twister pseudorandom number generator (PRNG) is used. The algorithm is seeded with the first four bytes of the key. Then, each byte of the cipher is XORed with the next byte generated by the PRNG. |
==> |
I don't know why, but the last character was playing up for me. I ended up just brute-forcing it. |
==> |
*R10 00007FF6CA83A048 (.data ! aTVgTM) - ("enesibledev")
Password is:enesibledev
Anti Debug Circumvention:
Address:00007FF6CA831946
Original bytes: 74
Patched bytes: 75
|
==> |
ngrok-server - Admin Tool |
==> |
(debug032) - ("You win!") |
==> |
Password:MyLittlePony |
==> |
.text:0040104D cmp ecx, eax
EAX 0000003F /* b'?' */
The answer is:?
You can also just change .text:0040106E cmp eax, 1 to a 0 |
==> |
Is this classed as correct?
Enter your name : Delirium
Enter your serial key here : Delirhijkl
Good password : Delirhijkl |
==> |