downloadbrowseBlueOwl's UPXed

Download upxed.zip, 28 kb (password: crackmes.de)
Browse contents of upxed.zip

This crackme shows some techs for protecting UPX'ed files."

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows
Language: Assembler

Published: 30. Apr, 2005
Downloads: 1802

Rating

Votes: 5
Crackme is quite nice.

Rate this crackme:

Send a message to BlueOwl »

View profile of BlueOwl »

Solutions

Solution by _khAttAm_, published 03. aug, 2005; download (40 kb), password: crackmes.de or browse.

_khAttAm_ has rated this crackme as quite nice.

Submit your solution »

Discussion and comments

Sinclaire
01. May 2005
Uhmm, good for you, you could have submitted a solution instead od typing it in here!, others would like to solve it too, but hey atleast i got it before you :P, and you should also consider understanding the purpose of the site, good for you if you got the password, but publishsing the password is not needed, you can only ASK ABOUT WHAT YOU DO NOT UNDERSTAND ONLY!
BlueOwl
Author
01. May 2005
TQN, i deleted your post. Please don't give away the password.
Haykuro
01. May 2005
i tried everything to unpack it..
I used the PEiD generic unpacker.
I attatched OllyDbg to it and found the entry point.
but no matter what i try it keeps messing up.

Can someone help me?
Sinclaire
01. May 2005
Haykuro: If you managed to get the OEP then mostly half the work is done, if it keeps messing up, then this is due to a protection used against dumping it, which works as follows, the code gets overwritten so that when you try to dump from memory you get the wrong data, but in my opinion you must be doing something wrong, try again this time make sure you have correct the EP of the dumped programed and reconstruct the IAT.
_HellDashX_
01. May 2005
Haykuro: Hi, in my case i need use a script in Olly using the OllyScript plugin for UPX. Made a script with this code and use it:

eob Break
findop eip, #61#
bphws $RESULT, "x"
run

Break:
sto
sto
bphwc $RESULT
ret

Using this script Olly found the OEP in 1 or 2 seconds, only needs trace a few steps and you can found the password in ASCII.

I hope this help, :)
elfz
03. May 2005
STRIVING FOR PERFECTION:
Before submitting your solution, make sure that you have explained how and why the protections work, how to re-implement them, why is upx foolded; not just way of finding OEP and dumping it!!!
_HellDashX_
03. May 2005
Hi, i explain it in my submited solution in a txt not in the comment, :)
_HellDashX_
03. May 2005
And, when you have the zip file password you can read the author explain about the protections, if you see, but i explain it, ok? :)
_HellDashX_
03. May 2005
But, yes, i forgot put the Anti-Dumping protecction explains in my submited solution, :) Sorry, hehehe...my mind lost sometimes...:)
fjlj
04. May 2005
it was a pretty good crackme but fairly simple lol all i did was step over fallow the esp in dump set a hardware on access dword break and clicked run sepped into the jump and then continued to step into untill it gave me the pass in my registers. also i made the program allert the password instead of "Example using UXP!" or whatever it said lol but overall i liked it
SoN
08. May 2005
This one took me about 2 days but I just got it. I'm glad I figured this one out because it was the first packed crackme I've tried. Thanks for writing it.
_pusher_
08. May 2005
yeah man... its bad that you are not able to publish a tutorial for it..
i even had a Softice solution..
BlueOwl
Author
09. May 2005
Thanks for the positive reactions. :)
Sinclaire
09. May 2005
And thanks for the c00l tr0ll that closed this crackme and destroyed all the fun, we should really thank him, cheers up.
Zero
Moderator
11. May 2005
The "c00l tr0ll" is the automation in the website system ;)
elfz
12. May 2005
c00l tr0ll punished. he won't count rejected submissions before automatically closing the submissions ever again.
Immortal_One
14. May 2005
This one took me about 2 sec
pretty good crackme
snak3
24. May 2005
been trying on this some time now, and finally with some reading i made it :) thx alot for a fun crackme
BlueOwl
Author
03. Jul 2005
I hope it gets solved sometime. I think people could learn from its techniques. (about how to re-implement them)
_khAttAm_
19. Jul 2005
I tried to write a solution and it is accepted, but when I read here, i think my solution is quite lame............. What do you ppl think??
Knight
20. Jul 2005
Before submitting your solution, make sure that you have explained how and why the protections work, how to re-implement them, why is upx foolded; not just way of finding OEP and dumping it!!!

Here's what i think^^^. I think that most of us (not talking about complete newbies) can unpack it without bigger problems. But intreseting part is why upx can't unpack it. I unpacked it, but haven't looked at it's sources, so it would be nice to know that. Also if same technique could be used with other packers/protectors it might be realy useful to develope this.
Takayuki
04. Aug 2005
Well this one was a easy one i think. It took some minutes to understand it I liked this crackme :)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.