| patching is always a solution |
==> |
| @pranav well, yup thats why i allow patching , i wanted to achieve a reverse engineering example (little bit of everything), im building something else rn ... its been a while, but the thing im building is just crazy, i just built the first function, and i have a feeling tomorrow when i want to continue i wont know what it is about :) |
==> |
| from the source code:
input_serial = (input_serial ^ 1) + (input_serial ^ 2) + (input_serial ^ 3);
|
==> |
| @pranav : here is a tip (best one you'll have)
follow the input (there might be something that is happening before the compare)
and read the message box at first ;) |
==> |
| @pranav its here: https://github.com/ORCA666/patched-files/tree/main/mohammadali's%20spank%20me%20v1 |
==> |
| the patched file : https://github.com/ORCA666/patched-files/tree/main/pranav's%20Random%20generator |
==> |
| @pranav oh sheee, i didnt realize i did that ! :/ |
==> |
| https://github.com/ORCA666/patched-files/tree/main/TLOD's%20CrackThis |
==> |
| well, its been a while now, there is some nice modifications to the website !!!! i cracked it although i think it is a malware or something, nevertheless ill post the link soon |
==> |
| @4epuxa it can be reversed, it is a simple trick that you must patch, this crackme changes the input (so even if you guessed the right key it would return a fail statement), you must un-call the function that do that by simply changing some assembly code, it is fun, take a look here : https://github.com/ORCA666/patched-files/tree/main/mohammadali's%20spank%20me%20v1 |
==> |
| @pranav okay my man, we'll see, ill be trying couple of days later cz i have some tests and i dont want to mess up, but try my crackme ? its level 4 but i think it is level 3 or something in between, if you cracked that ill crack this :| |
==> |
| hey man, i changed the cookie, u can take a look here : https://github.com/ORCA666/patched-files/tree/main/Drew's%20Drew's%20Cookie%20Challenge |
==> |
| here is the link, post an issue, or contact me via mail on github, cz i really want to figure it out :)
https://github.com/ORCA666/patched-files/tree/main/pranav's%20SecureSoftware%20v1.5 |
==> |
| it is using calling printf but when it does it is exiting, thats why its not printing "enter the key", even though when i run it inside ida it did show the message, and running it directly will show the same message, idk what is happening |
==> |
|
0040190E |. A1 2C824000 MOV EAX,DWORD PTR DS:[] ; |
00401913 |. FFD0 CALL EAX ; \MSVCRT._beginthread
00401915 |. 90 NOP
00401916 | 0FB705 367040 /MOVZX EAX,WORD PTR DS:[407036]
0040191D |. 66:85C0 |TEST AX,AX ; it is stipping into test ax,ax
00401920 |.^ 74 F4 \JZ SHORT 00401916
00401922 |. A1 08404000 MOV EAX,DWORD PTR DS:[404008] ; ASCII "cv2pr"
|
==> |
| i was able to disable the anti-debugging and the "-i" parameter, now when you run it, it will ask u directly about the key, but im stuck in a part that it will exit after entering the key, i cant figure out where is the "success message", not because its encrypted, but because there is a strange loop at some point after asking for the key that will exit although there is no such call to exit !!! |
==> |
| well, i took a look, your calling isdebuggerpresent and placing a anti-patching tech that will put 1 in case of a debugger detected, and you'll compare it later, i think you did the same thing for -i / -u ... ill crack it later, i have some math homeworks to do rn so no re for a while :( |
==> |
| its next to other software in my lil graveyard :: https://github.com/ORCA666/patched-files/tree/main/m4dd1n's%20Advanced%20static%20analysis |
==> |
| i patched it here : https://github.com/ORCA666/patched-files/tree/main/yariza's%20Yariza%20crackme%20%231 |
==> |
| what am i suppose to do ?? |
==> |
| the success message is an algorithm, so expect no "success ! u did it " message, i tried to develop an actual real world program that will simulate the thing you will encounter while reversing a program . |
==> |
| i think it also checked processes, and called isdebugerpresent, i coudnt load it to olly to patch it, but i figured out the pass using ida : 5AquUR%mH4tE=Yn9
the interesting part is it completely exited ida when i loaded it the first time, so if you still got the sc please share it !!!
|
==> |
| first this shit is huge so i uploaded it to virustotal :
https://www.virustotal.com/gui/file/979d93ea2d699134eb6c567ecb89e1c45f3d9622e4afb00af208db7868a2d1ef/detection
and wtf is this homie ?? |
==> |
| i think this shit is malicious =
https://www.virustotal.com/gui/file/a39988a5937b570e2b7c5e1ed09168448a601b1ed7998c31f968a1373f682bc0/detection |
==> |
| i patched it , its here now : https://github.com/ORCA666/patched-files/tree/main/chrisK's%20New%20years%20crackme%20v02 |
==> |
| okay ill give it a try !! |
==> |
| i patched it on : https://github.com/ORCA666/patched-files/tree/main/dajoh's%20CrackMe2%20-%20Classical%20cipher
:) |
==> |
| i coundnt resist and here u go : https://github.com/ORCA666/patched-files/tree/main/pranav's%20FindMySecret |
==> |
| ill be looking for a reply here so just type something to make sure u read them :) |
==> |
| and im targeting your crackmes for a while, when i patch them ill comment the link of the patched version on a post of yours, but im kinda busy college shit and a lot of math homeworks , so ill start next week. just track my comments to a github link and then youll find my email, have a nice day now ! |
==> |
| hey man i just wanted to reply for what u said to me on:
https://crackmes.one/crackme/6043d8b833c5d42c3d016d32
thanks, and dont give a fuck about people saying ur doing things bad and wtf, just be u man, i honestly would love to reverse engineer executables like the way u do, but i have a lot of problems with my ida and idk, i just like patching. good job on what u did, i am posting this here i figure u will at least may read what ppl cmnts so here i am, i dont have a discord account but we can chat on a mail of mine, ill send u my telegram account. |
==> |
| i patched it at : https://github.com/ORCA666/patched-files/tree/main/Sir_Zed's%20Keygen%20Me%20Part%201 |
==> |
| i patched it here: https://github.com/ORCA666/patched-files/blob/main/chrisK's%20Find%20the%20pass/link |
==> |
| i patched it in a funny way:
https://github.com/ORCA666/patched-files/tree/main/n0ve3mber's%20My%20Dog5 |
==> |
| someone help me i am always using olly :( and i am always having hard time understanding the code, so im patching it |
==> |
| im keep patching man i am cracking some serious challenges in a minute, it is wrong but anyone help me, ida is always printing a error im using v7 the free one, the error:
The input file was linked with debug information
and the symbol filename is:
'C:\Projects\NativeApp\bin\Release\NativeApp.pdb'
Do you want to look for this file at the specified path
and the Microsoft Symbol Server?
sometimes i try to reverse my programs using c/c++ Microsoft compiler, (there is a .pdb file with the executable), but it is always with this error keep popping on my screen, so what is the solution |
==> |
| hey man idk why my windows 10 is detecting it as a malware, it may be a false true, but if you compiled it with gcc compiler, try to compile it with Microsoft c\c++ compiler next time ...
|
==> |
| posting it on github will make it easier to reverse it, specially with your readme |
==> |
| @4epuxa i know you can solve it without making a keygen, and you can understand nothing from the program and yet be able to solve it, the fun part is in understanding what are you doing and having fun reversing not just dumping ecx for the password... read the last paragraph from the faq anyways good job reversing it , im cooking something else you may not be able to reverse it |
==> |
| i would love to see your work in English next time !!! :) |
==> |
| OKAY PEOPLE THIS CHALLENGE IS BROKEN (DO NOT TRY TO REVERSE IT).
i even tried to patch it, it appears that the success message is missing, idk wtf i was doing back then, but i wish i can delete it. anyways do not download it. ITS BROKEN |
==> |
| @MaxP hey man, i actually wrote it and never checked whether it is working, but ill try to solve it when im done with the university's shit, i submitted a crackme (2nd version of this challenge), but i checked it, and im building something else rn that well be a true hit, (anti-patchable && anti-debugged), with some crazy ass techs, if you love challenge keep your eyes on the next upload. |
==> |
| @profdracula No, it is not, you must achieve a specific numbers of chars as well as specific number (in the ascii value),the sum of the chars you entered will be translated to ascii and added to each other ... this is a big hint :)
the problem is I uploaded this crackme a month ago, but it wasn't downloaded till now on the website, so I forgot the ascii value your password must achieve but I think it is 1,7-- something ... idk |
==> |
| that is what i mean, i need more time, idk there is a crackme with messagebox to show the password. i can hook printf() or strcmp() or strlen() ... but in the example on github the hook was to replace the function in the same process. hooking in a different process is a whole different thing. you can google it, it is called global api hooks. this way i can run an api monitor on the crack me, get the api calls, and hook the interesting calls. but i need help! |
==> |
| @pranav : sorry i didnt know there is a limits in the comments
you can view: https://github.com/jayo78/basic-hooking/blob/master/hook_v1.cpp to see what i am talking about
although this code hooks from inside the same process, we can do more work to make it a (global api hook). so then we can hook function(s) called by crackme.exe and place our function(s) instead |
==> |
| @pranav: example:
/*
** Simple MessageBoxA hook using the classic 5 byte relative jump technique without a trampoline.
** Instead of bypassing the hook in the proxy function when passing execution to MessageBoxA, we
** will simply re-write the original bytes, unhooking the function.
*/
#include
#include
#pragma comment(lib,"user32.lib")
char saved_buffer[5]; // buffer to save the original bytes
FARPROC hooked_address= NULL;
// The proxy function we will jump to after the hook has been installed
int __stdcall proxy_function(HWND hWnd, LPCSTR lpText, LPCSTR lpCaption, UINT uType)
{
std::cout |
==> |
| i guess why to find the password if the purpose is to crack it, i patched the last assembly line in before the if statement
just replace the jnz with jz and type whatever you want and you will be in :) |
==> |
| i am actually working on a way to patch all the crackmes, if any one wants to help please mail me at zakazeke8@gmail.com , i am planning to patch every crackme by building another executable that do api hooks, so that when an specific api function is called in the crackme, the hook will be triggered and we will place our code after, i got some nice ideas :) any help ?! plz (c/cpp project) |
==> |
| @Snowball wow mate, you upload my code !, damn i didnt had much attention from a while lol |
==> |
| damn homie |
==> |