| hey, nice, would you mind posting a solution? |
==> |
| You can dm me on discord if you want any more info: 0xdog |
==> |
| Nice! I am sorry though, this crackme has a nasty race condition, which triggers sometimes, I've fixed it and uploaded the fixed version with a bunch more tricks, however it was not yet approved |
==> |
| Custom packer is very respectable, however it being followed by a simple strcmp is not so much :) |
==> |
| As a hint on that topic you can read about how GetModuleHandle and GetProcAddress are used and what for. Also you can check out their custom implementation, this will shine some light on the PEB stuff |
==> |
| The main challenge is the anti-debugging stuff. Winning string will clearly tell you that you got it right. The password as stated in the description is in {}. Due to the nature of the algorithm, it cannot pause after outputing whether you succeded or not, thus you should start it from a console, or discover how it even prints. The uh oh string is triggered by an internal error and is triggered by an internal race condition, however during my tests on a couple machines it occured very rarely :D |
==> |
| Uhh, I patched too much in the anti-debug part, you are correct, my bad |
==> |
| The answer is clearly runtime dependant. Check out ASLR and how virtual memory works.
Apart from the some anti-debug shenanigans at the start, the algorithm is pretty straigth forward. |
==> |
| No patching
Proceeds to add anti-debugging checks and screws up static analysis :D
Anyways cool idea with the indefinite decoys, managed to write a keygen, fun one.
Really interested how the source code looks |
==> |
| Why is this a Windows crackme, if its an elf binary? What is there to crack if the flag is just printed after execution? |
==> |
| Neat one :D |
==> |
| Its funny how an empty input also works :D |
==> |
| Great crackme had a lot of fun |
==> |