ARCHANGEL's Against Driver
| Download Against_Driver.zip, 4 kb (password: crackmes.de) Browse contents of Against_Driver.zip To crack this crackme your need to debug device driver's protection and break it without code modification and brute-force.
Difficulty: 3 - Getting harder | Send a message to ARCHANGEL » View profile of ARCHANGEL » |
Solutions
Solution by rAsM, published 07. feb, 2008; download (70 kb), password: crackmes.de or browse.
rAsM has rated this crackme as nothing special.
Solution by _HellDashX_, published 22. jan, 2008; download (9 kb), password: crackmes.de or browse.
_HellDashX_ has rated this crackme as quite nice.
Discussion and comments
| soychino 15. Jan 2008 | good idea,but the algo only consist of some simple xor and add/minus operations. |
|---|---|
| soychino 15. Jan 2008 | a little hint,xor 3:) |
| ARCHANGEL Author 19. Jan 2008 | soychino, Yes, that's true, but the idea is to test device driver protection - not the algo, by the way, did you submit your solution? |
| soychino 20. Jan 2008 | I used the IDA to analyze the sys file,and I found it tries to clear the debugging register,no other anti measures were found,so how if I use a Int3 breakpoint?BTW,thanks for ur valid username and password wiithout which it may take me more time to analyze it:) |
| rAsM 20. Jan 2008 | I'll submit my solution on February, i have no time now. There is no "protection" if you clear the drx. The driver is easy to understand but for people witch never had debugged a driver the crackme will be harder. |
| _HellDashX_ 21. Jan 2008 | Solution submit, :) |
| rAsM 22. Jan 2008 | Hello _HellDashX_ the name can be shorter than 20 chars but serial must this size BBBBBBBBBBBBBBBBBBBB i've sent you my serial. |
| _HellDashX_ 23. Jan 2008 | rAsm, yes, your serial work using 4 chars in the name, but only in the first check, :) If the crackme will check 2 or more times the serial/name you can get in the second pass nothing, and in the 3 pass you can get a exception and show the bad message. I send you the codes in the 2 pass and 3 pass using the name/serial that you send me. |
| rAsM 23. Jan 2008 | Yes i know this bug,names shorter than 20 only work one time. ARCHANGEL forgot to reset the buffers. Anyway the 2 solutions are right. |
| Dspider0 08. Feb 2008 | why does my OllyDBG always pause the program and i get an error everytime i run? error is always about the origin address |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.