| What do you mean by "find the code"? It's totally random every time the program runs.
It uses RNGCryptoServiceProvider wiht little use of SHA256 to generate values and just dumps them in the environment variables.
You can bypass it in several ways:
1.Obviously, you can patch it or change the code to reveal the key.
WinAPI/Hooking: There are ways to do this without changing the executable. Just use some hooking or WinAPI tricks to get the values directly. |
==> |
| @Helel UPX is just for making files smaller not for protection. To unpack it, just use: :upx.exe pr.exe -d ( u need to install upx ofc).
For other packers, try DiE or PEiD. They can spot most common ones. After that, a quick Google search will show you how to unpack them.
Ofc, if you wanna get fancy, you can use a debugger to unpack UPX manually. Lots of tutorials out there for that.
Good luck! |
==> |
| Well i think ur algorithm is broken :)
import random,string
print("12345678" + (random.choice(string.ascii_letters) * 3))
Res :
12345678ppp
12345678ccc
12345678(any random character)
....
...
|
==> |
| @noobvariable Good job! Be ready for next part :) |
==> |
| @pranav i know what you mean, but as i said in hint file : "If i were you i wouldn't use IDA pro because its just make it harder :D the key validation algorithm is just 6 lines but in IDA pro its just too much and complicated." |
==> |
| @4epuxa GJ, Be ready for the next part :) |
==> |
| @ToMKoL I don't think so man :) take a look at the hint file! |
==> |
| @4epuxa Hi, Good job i think you made it! i think it would be great if you submit your solution with tutorial. GJ again! |
==> |
| @mohammadali I actually compiled it with MSVC and i dont know why it detected as a malware anyways i can give u the source code if u want! |
==> |