| thank you @giacomo270197 for your comprehensive solution. One of the best solution write ups I have ever read. |
==> |
| By the way, the password for solution_file.rar : solutionbypranav007 |
==> |
| strngl Hey! Got your solution! Nice one! Also you can use a file to write null characters to stdin(the way I used), but this is new info to me!! Good job! |
==> |
| and for all yes, you are allowed to patch out the anti-debugger if it is failing to work properly.. |
==> |
| This is an older crackme, which is not actively supported.. anyway, yes it can sometimes fail, but not always.. It's a side effect of my early anti debugger.. but most of the cases it should be fine.. message me on pranavappu007 at the discord server on crackmes.one, if you want more help. |
==> |
| I do not have the debug version of visual C++ runtime.. please make sure to upload release versions of the code, as otherwise I have to install visual studio Windows 10 SDK for crack.. |
==> |
| Thanks! Upload a writeup, I'll love to read it! |
==> |
| I'll try but I haven't ever tried a L3 or L4 yet.. |
==> |
| also try to get a real key in addition to patching it, so that the key works in an unpatched version... And for others no the patching doesn't count as a solution |
==> |
| mohammadali Are you sure you defeated all the anti-debugging protections?? :wink: |
==> |
| hey! Well there is a lot of stuff in it! Make sure you read the Readme fully. |
==> |
| This one have just the right amount of difficulty to be interesting..! I have identified that you process the string first and then validation is performed.. Anyway I'll probably upload a solution when I crack it! |
==> |
| Me too, didn't have a discord account at first, but it's worth it. I'm also kinda busy, so I'll email you when I get time. |
==> |
| thanks!.. Well, you can join the discord server, and I'm there along with a very good community. It's fun! |
==> |
| oh, so mohammadali, s4gr00_x, me are all idiots. Okay. I just simply asked why don't you superior intellectuals put your stuff into some higher levels, so that idiots like us won't crawl into your shit? For me, I never had to crack an md5 or similar in a *L2 crackme*. That's all. Please don't misguide us idiots into shit like this. Thanks. |
==> |
| what? *sighs* well, as I understand, you take the input string, creates the md5 hash of the input string, and compares it to the md5 string stored in the system. For a valid input to work, we have to find an input that gives the exact same md5 as what you've stored. And how to get it? Reversing the hash.
I talked to one of the "solvers" and he said he just googled the hash to get a solution. That is not how a crackme's solution should be found. You can say we're crying and all, but that doesn't change that your idea of this crackme is flawed.
Comparing hashes to check password is actually a commercial way of storing password, because it is that secure. You can do it here, as long as the algorithm is not that strong and can be reversed. MD5 is a real algorithm that is commercially being used!
Please check the FAQ. It is mentioned that no commercial packing/encrypting systems can be used. Since you used a commercial method to hash your password, you violated the rules. Just simple as that. |
==> |
| mohammadali dude you did it! HAHA lol. Hey are you on the discord server? I'm there at pranavappu007 |
==> |
| mohammadali you are a strong patcher, you patch everything.. A new crackme by me is coming, I suggest you try patching that.. also do a writeup! |
==> |
| s4gr00_x He didn't even design it, he straight up copied some md5 implementation, wrote a wrapper and there you go! This is how you should not build a crackme. |
==> |
| what? he said it is extremely hard as I understand...and btw you won't get the solution by understanding the last cmp instruction, you have to reverse the goddamn md5 to get the real input and thus the solution... It is actually banned to use commercial or open source strong algorithms in the crackme.. let alone something like md5 |
==> |
| You can request in the discord server to remove the crackme. Or maybe even update it? |
==> |
| I don't even have IDA pro |
==> |
| ali0gamer please post a solution writeup |
==> |
| Nice classical cipher. Liked it very much! |
==> |
| Personal opinion ofc, but I think it should be L3 for the sole reason it's C++. It feels like searching for a tiny piece of gold in a whole river |
==> |
| Hey! Is the challenge is to reverse the md5 hash of a string???? |
==> |
| It is intended to me a keygenme |
==> |
| ali0gamer well if it's really easy then generate a valid .key file instead of patching the .auth file. You were actually supposed to do that, although I'll allow patching on .auth for now |
==> |
| ragnar_crackbeard87 well, you have to follow the thread start after printing InitialChecks.. It's actually an anti patching mechanism, you have to prevent it from executing. For more details, join the website discord server and find me as PranavAppu007. |
==> |
| MaxP unless ebp-0x10 is accessible from another thread.. |
==> |
| ragnar_crackbeard87 yes, there are anti debugging/patching implemented. You can disable it if you wanted, although it is not preferred. You are generally expected to use static analysis to reverse the crackme |
==> |
| Scopes how did you do that? Did you patch the crackme? |
==> |
| 4epuxa just 2 numbers? |
==> |
| mohammadali I couldn't completely understand what is going on in hook installation.. But I can see that you have modified MEssageBoxA function with a jump to some custom function, so that if you call MessageBoxA your function will be called. Also, is your project working on crackmes? Have you tried it with my crackme? |
==> |
| https://discord.gg/2pPV3yq
open this link and you can join crackmes discord server.. I'm inside that( you might want to create an account..) |
==> |
| mohammadali wow that is some hard stuff! could you please explain using an example? |
==> |
| 4epuxa join on the discord server and look for PranavAppu007.. |
==> |
| 4epuxa not really, it generated the number randomly, so the solution is just explaining how you cracked it. Post it in the solutions. |
==> |
| Well, for all crackmes in this website, they add their on password, which is crackmes.one. Check FAQ. |
==> |
| You might want to use a tool tho, I think it's a little big to handle without a tool, but then again if you are a pro then you can handle |
==> |
| Yes, there is a small mathematic equation for randomization.. Message me at PranavAppu007 on discord if you want help.. |
==> |
| It would be better to have the program in english... |
==> |
| For those who said it was too easy for Level 3, I didn't knew the standards as this was my first attempt... I have posted a new one which now I think should be L3, consider this as L1 from now. |
==> |
| The password of the ZIP file is 'crackmes.one', if you are from outside |
==> |
| Windows Defender complained it is a trojan virus.. |
==> |