| Confirmed. The password is PasE"\x16\x04"!23 |
==> |
| Hi, one day ago I tried again to get the passoword of this crackme, unsuccessfully, Im noob with VB6, so I try to dump and unpack the crackme and finally i got this:
SPOILER:
Private Sub Command1_Click() '401FE0
loc_00401FE0: [ebx+0CEC83ECh] = [ebx+0CEC83ECh] + ecx
loc_00402059: call var_8004 = global_00401000(00000017h, "PasEŠ!", Me, 0, 0, 0)
loc_00402078: var_24 = & var_8004
loc_004020C7: var_20 = Form1.Text1.Text
loc_004020D0: call var_800C = global_004010B0
loc_004020E3: If Len(var_20) 8 Then
loc_004020F0: If Form1.FRI = 0 Then GoTo loc_004022A4
loc_00402102: var_8014 = CheckObj(Me, global_00401BB8, 1784)
loc_0040210D: End If
loc_00402127: If 1 Mid(var_24, 1, 1))
loc_004021C5: If var_8018 = 0 Then
loc_004021DA: GoTo loc_0040211F
loc_004021DF: End If
loc_004021E9: End If
loc_004021EE: If var_1C Then
loc_00402238: var_84 = var_84 + "YEES!!" |
==> |
| Done ! |
==> |
| i cant reverse the CRC32 algoritm :( any tips? |
==> |
| @schuemi im going to fix this crap made by me |
==> |
| Do you find the algorithm? @nigthxyz |
==> |
| ops bug my bad xD |
==> |
| congratulation to timotei, he made a keygen in pure asm |
==> |
| DONE! key in the solution file :D |
==> |
| This is a good challenge for me, this program its going to self modifying its own code, next day i study in the deep this crackme! :D |
==> |
| PasE[0x10,0x4]!23 |
==> |
| the crackme is not written in asm, but in vb6, visual basic use wide char string PasE maybe is the first part of the password and !23 is the last i think anyway the string is this PasE��!23
but is not working becouse the string contain 9 characters insted of 8 |
==> |
| https://youtu.be/-1SbvR2n8DI patching done :D
curious about the password... |
==> |
| @byclone, good but 3rd rule is write a keygen... :D |
==> |
| @byclone nice! you probably found the algorithm, now its time to write a keygen! :D |
==> |
| Read the FAQ, anyway in this site you can download a zip file protected with a password,
the password is "crackmes.one" or if the crackme is imported by the old site "crackmes.de" the password is "crackmes.de" |
==> |
| cant run the program. |
==> |
| Here you find my keygen + source code + text file to explain every steps i made.
https://we.tl/t-gT5Wt5Y5Jo |
==> |
| i know, in fact i made a keygen in C. but i still waiting for approval. |
==> |
| I wait for my solution to be accepted 4 days ago :( |
==> |
| anyway i write a keygen, an code injector to make a self-keygen and a text file when i explain every steps i made to do this. |
==> |
| DONE! |
==> |
| i know in some part of section there is a string reference an "ASM GUARD", but i dont find anything about that |
==> |
| the PE files, are encripted, i see this sections
.SCY
.___rR_
.bb_bb
.keygen_this_dump_SCY
yes, maybe i wrongly unpack :( |
==> |
| this keygen me is so hard cuz the encription is "custom",
i dont know much how to unpack a program.
i try to unpack with UPX -d but this keygenme was packed with a modified UPX packer, i dont know much about this.
then i try to unpack manually and i done!
but something was wrong and when i open the unpacked .exe the GUI show up and disappers immediatelly.
any tips? |
==> |
| curious about the lazarus project.
im new on object pascal. |
==> |
| 3 encryptions level? omg maybe you want me turn a non-dead
|
==> |
| i'm stuck in this keygen me, this is what i understand (maybe)
Seeing what these functions do might help you troubleshoot or understand
how the KEY is generated.
The program starts by checking if a debugger is present and calculating a value
hexadecimal starting from two constants:
cost1 = "pearldarkk"
const2 = 0xDEADBEEF
the string const1 is split by character and put into an array.
string array[11] = "p, e, a, r, l, d, a, r, k, k"
then the XOR operator on const2 is executed for each character of the array[11]
until you get the hexadecimal value:
const2 = 0xDEADBEFE
this could be the generation of the FLAG we need or just a pitfall.
00E61050 the function starts from this address
then follows a function that examines the two values inserted in the GUI; FLAG and KEY and are processed.
00E61140 this function starts here
the flag value is processed with the wcstomb function,
00E61245 here maybe there is a sscanf function.
and finally it is checked and the multibytes of the string are checked via strncmp.
Multibyte value of FLAG "0121317d1d5d0701636e355f4b237e"?? |
==> |
| @plasmagrass no trivial sorry, the key is generated by the username, is not hard to write a keygen, but not so easy :D |
==> |
| Go to the start :) |
==> |
| now try to write a keygen ! :D |
==> |
| thank you! :D |
==> |
| You can decompile the entire source code on autoit executable, using this tool bit.do/myAutToExe |
==> |
| Here https://pastebin.com/KWPXCrCK |
==> |
| if you can post a tutorial for resolve this crackme :D |
==> |