downloadbrowsecraig@neo's miniVMCrackme1

Download miniVMCrackme1.zip, 3 kb (password: crackmes.de)
Browse contents of miniVMCrackme1.zip

miniVM Crackme v1
=================

Author: Craig Smith
Diffuculty: 2 with VM source
Rules: No Patching
Goal: Find a valid password, write a solution detailing the techniques used to analyze the VM.

Description: This is an example virtual machine crackme used to demonstrate how VMs work. It's a companion crackme to a talk I'm giving at Recon 08 (http://recon.cx/) At the con I will be releasing the code to the Virtual CPU so the difficulty is set assuming you have read the slides and have the VM commented source code handy. You can try with out it but the difficulty is slightly higher. ;)

The algorithm is simple which is why the goal is more focused on documenting ways to analyze VMs. NOTE: even though the VM is called miniVM it's actually rather large :P

Download: After the Con, check out http://labs.neohapsis.com/ for source

Difficulty: 2 - Needs a little brain (or luck)
Platform: Windows
Language: Assembler

Published: 09. Jun, 2008
Downloads: 973

Rating

Votes: 5
Crackme is quite nice.

Rate this crackme:

Send a message to craig@neo »

View profile of craig@neo »

Solutions

Solution by andrewl.us, published 11. jun, 2008; download (2 kb), password: crackmes.de or browse.

andrewl.us has rated this crackme as awesome.

Submit your solution »

Discussion and comments

xylitol
09. Jun 2008		nice strange protection
born2c0de
10. Jun 2008		I think I've figured out the basic idea (about how a global variable is looked up, added to the offset to the "Bad Boy" to get the value of the Good Boy procedure)

The problem is with the code that manipulates the global variable....That's way too many jumps.

I'll need to devote an entire day for this.

I hope your protection is more than just these jumps.

Otherwise, it's an interesting crackme.
Thanks
andrewl.us
Moderator
10. Jun 2008		I can't get a passport in time to make it to RECON :(

Craig, if you're a 29A fan, feel free to spider my Z0mbie mirror:

http://andrewl.us/library/site_z0mbie/
TiGa
11. Jun 2008		If all goes well, the presentation videos from ReCon 2008 "should be" posted on their site the following Monday.
The videos from 2005 and 2006 are already available.

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.