| Solved. Have a nice day |
==> |
| Solved. Have a nice day. Post your solution? |
==> |
| Hello.
Can I ask for some direction? I understood that the entered key is used in this code:
mov ecx,13
lodsb
rol al,cl
add ebx,eax
But then I get a division by zero exception and I hit the ud2 instruction and I can't find the place where this entered key is checked.
Have a nice day. |
==> |
| Hello. Solved. Have a nice day. |
==> |
| Hello.
Can I ask for some guidance on how to solve this task? I’ve read about obfuscation using LLVM, and it indeed generates a lot of so-called ‘dead code.’ Is the ‘ud2’ instruction intentional to divert attention? Thank you very much for pointing me in the right direction, and have a nice day! |
==> |
| Solved.Have a nice day |
==> |
| Solved. |
==> |
| Solved. 15-30 minutes of work |
==> |
| Hello everyone.
I started playing with this crackme today and read about Control Flow Flattening to understand what it’s all about. It’s a method of obfuscating code by making a big switch (in this case, as many as 13 cases). But all I’ve tracked down is that during the execution of the program, it operates at the location of the executing program. And at the beginning, “uncrackable3.ex” appears on the stack, which reminds me very much of an executable file (probably because of the .ex ending where the ‘e’ comes to mind :D ). Could I ask for some guidance, direction, etc.? |
==> |
| @ZeroXHeiku
Welcome.
Could you please guide what needs to be done to display the correct flag. I am sitting on this in my spare time after classes at university. And I have found a function such as _vault which is run with code 420 etc. But I still can't find a way to display the flag ?. And I don't hide that I'm very curious how to solve this correctly. P.s: Is the correct flag the one found in the solution ?
Have a nice day.
Translated with DeepL.com (free version) |
==> |
| Solved.Have a nice day. |
==> |
| Thank you very much for your advice and direction. Solved |
==> |
| @Spangled
I looked at the code with the information I got and it is indeed a hash function :D. Did I track correctly that the hash function is djb2 ? Because if so, looking for strings that will give the same hash is a challenge or a big luck. |
==> |
| @Spangled
Hi. I don't want to give away too many details here to spoil the fun for others, but I've reached the end of this crackmy, which means I've found what the correct key is and I've deciphered the algorithm that generates the key based on the one given. The only problem I have is to find a string which generates such a correct key, but I'm not asking for a direct answer, I'm just asking for directions which will make it easier to find the right key to enter, because this fixed correct key is a very large number. Thank you very much for any answer and crackme itself is very cool because it allows you to practice or repeat some techniques. |
==> |
| Hello everyone.
I'm writing with a question because I'm interested in this crackme because it's my first contact with Heaven's Gate and yesterday I spent about 5 or 6 hours on it. I learned a little about it from the internet. And my question is: To find the flag, do I need to convert the code after the instructions:
push 33
call $+5
add albod ptr ss:[esp],5
ret far
for x64 assembler is this the wrong way and it would be nice if you could get a short description of what to look for where, because it will allow you to learn how to analyze programs containing Heaven's Gate and may be useful for future users. | |
==> |