| The key-generating function upon an username is located at: 00401220.
|
==> |
| strcmp K4FlAXxF4LZ |
==> |
| Well, i did not notice it in the strings like friend flcksr did, but i found it at 00007FF6519A380B nearby Enter password and Incorrect password prints. |
==> |
| can be made by floss or debugger breakpoint and reading the ECX registry. |
==> |
| Well, kind of way to solve this is to jump to Access granted! at 00x49C07D but could not get the password in any way. |
==> |
| Put a breakpoint at a flag and read the value.
m4rcuzCrack.
It is even written in static strings. |
==> |
| Patched the JE to JMP.
0049CD15 | E9 5B020000 | jmp crackme.49CF75 |
==> |
| Malware, operates on registers, connects to C2. |
==> |
| Unpack with UPX then skip a checking part for example with changing JE to JMP or filling the warning jump with NOP's. |
==> |
| The key is held in Environment.GetEnvironmentVariable("key").
Please Enter the Key to Continue
8C18ED5F09BFB0BE63E7670592E893D0785DD9C28D3404ACBAA1169E2EEABDEEB8BF2FAA2371973F7D4AA68063D688C3AD259FEB2CDFBCA3F33DD939D41817D5
Congrats you got the Passcode! |
==> |