| Wait i just started and put loollool as enter login and loollool as password and it worked xD |
==> |
| im preety sure the hiden function on 000000000040169B is crashing the program |
==> |
| I only managed to figure out we need a pasword with 28 characters. still digging for more. i think after the length check, it goes into some hidden XOR code that compares if the pasword is correct. I am too noob to solve the XOR (its only my day 3 in reverse eng). Any tips? |
==> |
| if i knew this was actualy a lvl 99 problem i wouldnt have started it 2 days in my reverse eng journey xD |
==> |
| breakpoint on addr 140001624 shows you the generated password. you can find the adress by diggin in ghydra where it looks at the time and loops to generate the pasword. |
==> |
| im a noob so i used ghydra and debugger. found mem comparion in ghydra. set a breakpoint on the memory adress of it in x64dbg and it showed the password to which it is comparing it to :D vpeKE3cT59 |
==> |
| omfg. i got to code, but all the other things in dissasembly got me all woried that it just has to start with "code" and than some wierd year,month,day,hour combinations after it xD never tried Code untill like 2h hahahahahah |
==> |
| Just after you input the password it compares it with your username :D it also shows the password that was generated from your username. from there its just a reverse engineer ASCII.
Really fun one. Took me a long time before i tried that as password since i tought it would be harder hahaha |
==> |
| While debuging saw CANTCRACKME in the heap. but got some cyclic error soon after that |
==> |
| This one nearly killed me as a newbie hahaha. thank god for chatgpt. While debiging i found "Foufs!uif!qbttxpse;!" and "Dpohsbut\"!Nz!ejtdpse;!/mvobmzoy". Asking Chatgpt it said it is Caesar cipher shift. these two strings deciphered are "Enter the password:" and "Congrats! My discord: .lunalyx". than i entered some random paswords, and one of them was 12345678. while debuging i saw some more strings. one was "MvobMzoy" and the other "Jodpssfdu!qbttxpse\"". One decodes to lunalyx the other one to Incorrect password. So i assumed this was what it checked against :D and yep- password is LunaLynx |
==> |
| I got so far to figure out its using XOR. im really a noob and Chatgpt did most of the work i pasted from ghydra hahaha. But what follows after that? My logic was to try to find a hardcoded password and XOR it back with the ofset into the corect password. but i lack the knowledge to find it since debugers get flagged and program closes |
==> |
| yep 5AWAVAUATUSH2
From ascii of encrypted pasword V|za{a{c}vzsr deduct ascii of the hardcoded string !;# % &\")!'+@ (\ is not a part of the string its just saying not to end the string yet)
It was a hard one for a noob like me. Chatgpt and python helped xD |
==> |
| change conditional statement from je to jne on both checks :) |
==> |
| Just send all the jmp checks to the next line instead of the actual check :) |
==> |
| jne to je :) |
==> |
| Maybe its just my inexperiance (only solved 3 crackmes on the page), but is it ok that i allways default to finding test condition and turn them around? I feel like im missing out alot on other tehniques |
==> |
| This is a 32 version...? |
==> |
| As a verry noob person, i changed 2 jne to je to reverse the boolean :) |
==> |
| My first ever "cracking" task. It was great. Could find the password in the texts, or changing the check from je to jne :) |
==> |