0x00ach's Win32FTW
| Download challenge.zip, 30 kb (password: crackmes.de) Browse contents of challenge.zip Zip password: "challenge"
Difficulty: 5 - Professional problem to solve | RatingWaiting for at least 3 votes View profile of 0x00ach » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| barun 12. Sep 2014 | You forgot to do some error checking. If calc.exe is not present on the system then it will hang for ever. |
|---|---|
| nadav12456 13. Sep 2014 | hi dude, your obsfucation techniques are realy cool, but ain't machine-independent, e.g: it depneds on my ntdll.dll version... so which OS version have u used in your tests? app is crashing all time, when trying access to ntdll.dll+0x1000, which isn't mapped... |
| barun 14. Sep 2014 | This won't run on a AMD processor. Hint: _KUSER_SHARED_DATA, sysenter, syscall |
| ShihabSoft 17. Sep 2014 | the pasword is not working.Wasting time |
| ShihabSoft 17. Sep 2014 | oops sorry.Not noted |
| barun 18. Sep 2014 | Keygenning finished! Name: S0urceC0de Serial: TVqQAFBFAAByjsPV503hQwAA To the author: However note that this is NOT the password of src.zip. I have found out that for the name "S0urceC0de" (or for any name) there are 65,536 possible serials all of which are valid. However only one of them is the correct password for src.zip. Extra Info: This keygenme will only work on Intel processor and only on non ASLR aware systems like Win XP. |
| 0x00ach Author 07. Oct 2014 | @nadav12456 : I used a Win XP SP3 x86 version, I should parse the ntdll PE header to find the .text section :] |
| 0x00ach Author 13. Oct 2014 | You're all right : it only works on win XP x86 Intel machines... If I got some free time, I'll update it with a AMD and ALSR aware code. (well, it's also part of the challenge... ... ... okay, sorry, my mistake :']). I'll check the serial issue asap ! |
| MacIn 19. Nov 2014 | What version of ntdll.dll file you used? On my system (XPSP3) ntdll doesn't have anything reasonable at ndlll+1000+120F, which is used as initial EIP for worker thread. Or is it intentional? I'd like to find the solution very much, it is very interesting crackme indeed, but it seems impossible to complete it if program won't run. Don't want to leave it half-way done. |
| MacIn 19. Nov 2014 | Also, trick with pow doesn't work on XP SP3. In SP2 there's a NOP before it, in SP3 - RETN. |
| MacIn 20. Nov 2014 | Ok, I was wrong about pow, didn't notice off by one offset for this procedure. Also bogus command at 120f doesn't matter because of TF. So it works. Wonderful crackme, very interesting obfuscation technique. But unfortunately I came to same results as barun described: keygened same key for S0urceC0de, and it doesn't match .zip password. |
| MASOUD 07. Apr 2015 | @0x00ach: it seems you don't want to share source code with anyone cause its for long time ago and no news yet. |
| barun 07. Apr 2015 | @Masoud The password of the zip is actually a simple modification of the serial. I have already completed keygenning this long ago, will try upload the solution soon. |
| MASOUD 12. Apr 2015 | @barun: Thanks for your reply. How did you find the correct password? did you brute-force it? btw, Waiting for your solution. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.