| I used procyon decompiler, amazed how it works flawlessly. |
==> |
| Played it on x64dbg only and enjoyed every moment. The quality of the decompilation was bad, so I dumped it. This crackme was worth solving. It certainly taught me a lot. |
==> |
| Every time I hit restart on the original binary in x64dbg, the effective address of the top of the stack changes. What am I missing? |
==> |
| Seems impossible without patching, because the algorithm includes some checks based on the effective address of a value on the stack. This means it changes every time. I hope I am wrong because it will teach me a lot. |
==> |
| Time Wasted Debugging: ~08:07:00
Learned a lot from it. It was a shame I didn't know how to unpack UPX manually before (took several hours on its own, now its a matter of seconds). I hope someone writes a comprehensive solution for it because I would like to learn how to bypass its Anti-Decompilation technique. |
==> |
| Seeing “asdasd” being translated into “qfnqfn” was the eureka for me. |
==> |
| Reversed the algorithm. But I don't have a clue how to write a keygen for it. |
==> |
| I really enjoyed it. Analyzing both statically and dynamically in parallel helped a lot. |
==> |
| Another one from me: https://pastebin.com/uVGR2P1b
The program can also be patched to serve as THE keygen. Just find this sequence of bytes "83C418B88B20400050" with a hex editor program and replace the last byte 50 (push eax) with 90 (nop). RE the program yourself as to why this works. |
==> |