i only found that the result is in the r12 register , i dont understand whats going on on .sg2 , please provide your discord i wanna ask u questions |
==> |
KEY = 1337 + Patched ez |
==> |
any one find a solution to patch this ? |
==> |
does this include antidebugging techniqques |
==> |
C:\Users\PC\Desktop\CMEs\Releasevm.exe
Enter the key: yourMom
Executing program...
Key check passed
Key is correct. |
==> |
C: \Users\cat\Desktop\Coding\C++\ xD |
==> |
C:\Users\PC\Desktop\CMEsanti-debug.exe
Iniciando o programa...
Try password: *******
SUCCESS |
==> |
Checksum Passed.
::Hacktooth crackme #4
Insert your username: dzwassim95
Insert your serial: 123
License to: dzwassim95
|
==> |
what are you doing with the disks ? ... |
==> |
can you add me on discord 'cyrus_thevirus' i wanna ask u somth |
==> |
C:\Users\PC\Desktop\CMEscrackme.exe
in the password input, you can enter 'giveup' if you want to reveal the password
password: fuck you
wow... you did it |
==> |
"ff645bb2ac0b2be10a239a252b7b4b54d99b63cd47484e5286b6e3b82388d024" ok ok |
==> |
"as09832n5kl4893yt4yn3986ync69y43096yn3498v60yn934ytv3nv89y61n" is not 64 char's long ... |
==> |
is this loads the binary at run time ? is there any anti-patching checks? |
==> |
wtf is "sygmqsk.4u.vOyMxkg" |
==> |
if ( passwd != si128.m128i_i64[name[0] % 2] % 64 )
v7 = "Sorry, but you're wrong!\n"; |
==> |
i made it , but only by changing the execution flow so i can get to the comparison part , because i cant get to the part where it asks for input which led me to run in an infinite loop, so it was comparing "cqt+r?9_)*lv0)+ex4rn2fpbh*?w0*50x?b1u?j*bjqv8bem564" with 0 because i didn't provide any input. |
==> |
i forgot to mention the key length should be 12 and you should choose the next 4 chars from "PZZZWZZZJZZZIZZZLZZZCZZZ" to multiply with each loop, for example the second loop should choose ZZZW , the third ZZZJ .... then start again ZZZP ... |
==> |
so i think i figued out the first check , which appears to be a type of hash check or checksum , the hash of the correct password should be 3A2h , so i started to find the how the hash is created , then i reached the 2nd check (after 3A2h) and i got bored and i just patched it , this is how the hash or checksum is created : take the first charecter of your key convert it to ascii then multiply the hex value of it with THE HEX value of ZZZP (from PZZZWZZZJZZZIZZZLZZZCZZZ) which is 5A 5A 5A 50 then add FF to it then take the last byte of the result (eg. 5A5A5A50 + 34 = 125A5A5840-- 40) then subtract FF from it. the result is added to the other results when looping through each char of your key with the same previous steps, (the result buffer is initialized to 0) |
==> |
C:\Users\PC\Desktop\CMEscrackme.exe
Enter the password: r56g4
Access Granted! |
==> |
cracked under 1 min |
==> |
i didnt get it , and i found the "0D0A0C0F1C1A0A171C170C17160F191E" thing , but i didnt know im supposed to use it as a reverence to find the answer, i got frustrated and i patched the hell out of it:
Enter the serial number (format: NNNNN-TOM-NNNNNNN-NNNNN): 11111-TOM-1111111-11111
Correct! Here is your flag: WPVUF@PMFMVMLUCD |
==> |
Name: easy
Serial: 10011010100111101000110010000110
Valid serial number! |
==> |
ez af last serial: nuf-si-gnireenigne-esrever |
==> |