BeatriX's octopus
| Download OCTOPUS.zip, 12 kb (password: crackmes.de) Browse contents of OCTOPUS.zip This crackme is coded in asm and compiled with masm32. It is protected against analysis with some easy junkcode. It is not the real difficulty here but it can be a good introduction to learn how to defeat obfuscation. The register scheme is quite funny I think :) There are no maths, no crypto, no anti-debug tricks.
Difficulty: 4 - Needs special knowledge | Send a message to BeatriX » View profile of BeatriX » |
Solutions
Solution by jE!, published 09. jul, 2008; download (2 kb), password: crackmes.de or browse.
jE! has not rated this crackme yet.
Discussion and comments
| basfreak 06. Jul 2008 | Im a noob but i found: ASCII "=::=::" And 3 msgboxes with wrong serial Also that you need a file I tried passing by the msgboxes but it didnt work |
|---|---|
| BeatriX Author 06. Jul 2008 | ok :) try to understand how the crackme uses the file. MsgBoxes are not really useful I think. |
| basfreak 06. Jul 2008 | I think the password must be inside. After getting the size of the file it checks if the size is above 500kb isnt it? CMP EAX,1F4 JA SHORT octopus.00401426 if so it jumps to 00401426 wich says: PUSH DWORD PTR DS:[40C25A] CALL <JMP.&kernel32.CloseHandle> close the file after closing the file it shows a msgbox and exit. Am i right? |
| basfreak 06. Jul 2008 | Ah, i think i've got an idea. The file-size must be onder 500kb? |
| BeatriX Author 06. Jul 2008 | basfreak, stop investigations in this forum :) use private messages if you need hints. |
| basfreak 06. Jul 2008 | Ok you may remove my comments |
| jE! 07. Jul 2008 | so unhappy i was on no other crackme :( |
| BeatriX Author 09. Jul 2008 | waow :) incredible solution jE! ... all is done only by hand ! my god :) So, I have to conclude that it wasn't enough complex to discourage you ;) thank's for this solution. Did you find why this crackme is so called "octopus" ? |
| Ox87k 09. Jul 2008 | @BeatriX: Read the last line on jE's solution :P @jE: Very good work! Thanks for the solution! |
| BeatriX Author 09. Jul 2008 | "Read the last line on jE's solution :P" hihi, yes, off course, nice idea but...there is really an octopus somewhere in this crackme :) |
| simonzack Moderator 04. Aug 2008 | sorry, I'm really a noob, but where does int3 return to? I know it's somehow used to intercept programs for debugging, but i don't know where it leads, and can't trace at all. I read jE's solution and don't know how all the different paths came by. Can somebody help me??? |
| BeatriX Author 24. Aug 2008 | int3 generates an exception catched by the SEH Handler installed by the program itself. You just have to put a BP on the entry of that handler and trace into it once the exception occured |
| simonzack Moderator 31. Aug 2008 | thanks, i get it now, shoud've read je's tut a bit more :p |
| simonzack Moderator 25. Jan 2009 | finally solved this by myself after trying it again after so long time my keyfile was 120 bytes! :) thanks for great crackme, one of my favourites |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.