Profile

crackmes.one

Piggy63's profile

Number of crackmes:

1

Number of writeups:

0

Comments:

3

Crackmes
Writeups
Comments

Crackmes

Name	Author	Language	Arch	Difficulty	Quality	Platform	Date	Downloads	Writeups	Comments
Crackme Speedrun	Piggy63	C/C++	x86	2.3	6.0	Windows	2021-07-21 10:03	14	1	13

Comments

Crackme	Comment	Date
Crackme Speedrun	Ok, got cut off again at the exact same place. Here is my full comment: https://pastebin.com/raw/nX7pNH58	2021-08-21 00:08
Crackme Speedrun	@Ben_Lolo: You're welcome. I will make more simple crackmes like this in the future. Actually, I just noticed that my previous comment probably exceeded the maximum length, so parts of it got cut off. The lines that got cut off: v5[0] = v2; v5[41] = dword_41F004 - (dword_41F010	2021-08-21 00:05
Crackme Speedrun	@ali0gamer: Correct. How long did it take you to crack this? @Ben_Lolo: This is a very simple crackme, as you only need to know simple arithmetic operations (easier than primary school math). Using Hex-Rays Decompiler, we first find decompile the main function: int __cdecl main(int argc, const char argv, const char envp) { printf("Password: "); scanf("%s", &input); sub_401490(); if ( !strcmp("qwerty", &input) ) printf("Correct"); else printf("Incorrect\nHint: decompile this executable with Hex-Rays Decompiler...\n"); return 0; } As you can see, it compares the user input with "qwerty", but "qwerty" isn't the correct password. This means the function sub_401490 is responsible for checking the user input, and the string comparison in the main function simply acts as a distractor. We then decompile sub_401490 to obtain this: int sub_401490() { char v1[280]; // [esp-118h] [ebp-46Ch] BYREF char v2[280]; // [esp+8h] [ebp-34Ch] BYREF char v3[280]; // [esp+120h] [ebp-234h] BYREF int v4[70]; // [esp+238h] [ebp-11Ch] BYREF dword_4203A8 = 0; qmemcpy(v1, v3, sizeof(v1)); qmemcpy(v4, sub_401040((int )v2), sizeof(v4)); if ( sub_4015A0(v4[41], dword_4203A8) && sub_4015A0(v4[0], dword_4203A8) && sub_4015A0(v4[55], dword_4203A8) && sub_4015A0(v4[40], dword_4203A8) && sub_4015A0(v4[69], dword_4203A8) && sub_4015A0(v4[1], dword_4203A8) ) { sub_4012D0(); } sub_401440(); return sub_401460(); } We can see some very long char arrays, which are most likely custom structures (they are all 280 characters long, so most likely the same structure), and sub_401040 takes that structure. That structure might be something used for containing the decrypted password. If that is the case, then sub_401040 is the function responsible for the decryption. We decompile that: int __cdecl sub_401040(int a1) { int v2; // [esp+14h] [ebp-12Ch] char v3; // [esp+1Ch] [ebp-124h] char v4; // [esp+20h] [ebp-120h] int v5[70]; // [esp+24h] [ebp-11Ch] BYREF int v6; // [esp+150h] [ebp+10h] v6 = dword_41F010 (dword_41F000 / (dword_41F004 + (dword_41F008 dword_41F020) / (dword_41F02C dword_41F034); STACK[0x260] = dword_41F01C / (dword_41F028 + dword_41F020) * ((dword_41F000 dword_41F014) / (dword_41F010 (dword_41F00C + dword_41F008)) * (dword_41F018 v4); v5[55] = dword_41F02C + v5[40]; v5[0] = v2; v5[41] = dword_41F004 - (dword_41F010	2021-08-20 03:34