| Great one! You can also bypass the debuggerispresent ... I changed the je to jmp x629 where the good job message is on all checks... but easy to read and provites what's needed as a level 2 crackme. thanks |
==> |
| Thanks a lot juansacco and coyote_0x90.
I'll move on for now, but will come back here to see if someone has a solution that has no patching involved. |
==> |
| So I found the flag when doing the disassembly, and it works when I hit the button... but I had to patch the exe to get through the IsDebuggerPresent and the other conditional jump above it. (and that is not allowed)...
I'm assuming that security cookie must be a file it looks for ... potentially with those 25 numbers strings in it... but I would appreciate some help on how to truly understand it .
Thanks a lot!
|
==> |
| Thanks for this multi-stage challenge.
My solution goes straight to stage 3 and provides you with the answer :D
[url=https://ibb.co/ZX5xMvb][img]https://i.ibb.co/ZX5xMvb/madlogik-cracked.png[/img][/url] |
==> |
| I'm able to unpack the file, then in x64dbg I can trace and find my serial... (madlogik/5081)
But I would need help understanding how to RE the actual formula / calculations made from the username to get the serial.
I still struggle to RE the serial generation, even with the rust code in the solutions... and I know the rust code is only working with numbers (doesn't do chars properly from some reason) .
Any plugins recommended for x64dbg to make that bit easier? pm me!! TY |
==> |
| Name: madlogik
Reg Num: RS-1232564-2147508240
Exactly the same as saduz's, break on LEA to get the serial, or just push the address to the wrong serial message like I did to saduz's crackme.
Result:
https://i.imgur.com/5wwwZ6U.png |
==> |
| Changing the push data from "Try Again" to the serial makes a bad try a keygen straight to the messagebox ;)
(In the try again change the push from : PUSH 405034 to: PUSH 19F744 )
madlogik
1232564 |
==> |