Dynasty's ScrewMe #2
| Download ScrewMe2_Dynasty.zip, 108 kb (password: crackmes.de) Browse contents of ScrewMe2_Dynasty.zip ------------------------------------------------------------------
Difficulty: 4 - Needs special knowledge | RatingWaiting for at least 3 votes View profile of Dynasty » |
Solutions
Solution by andrewl.us, published 29. apr, 2008; download (86 kb), password: crackmes.de or browse.
andrewl.us has not rated this crackme yet.
Discussion and comments
| XzzX 23. Apr 2008 | Isn't one RDTSC enough? |
|---|---|
| Dynasty Author 27. Apr 2008 | that was borrowed from someone else :P |
| HMX0101 28. Apr 2008 | This is a level 4??? I think this one is overrated.. probably a level 1 or 2... the junk code/obfuscation isn't good enough after you know how to deal with it ;) and the anti's aren't so good (IsDebuggerPresent & EnumProcess)... its perfect for newbies ;P.. I've just solved it because of supposed level ;PP |
| Dynasty Author 28. Apr 2008 | hmmm... I did make a note saying that i wasnt sure about the difficulty level ! that's pretty much what the ppl who tested it told me to put it up as... so i did |
| HMX0101 28. Apr 2008 | no problem mate ;).... now, just waiting for your next one in this series :) |
| XzzX 28. Apr 2008 | Yes serial algo is trivial and the jumps/RDTSC are just annoying. ;-) @HMX0101: How did you solve the jumps? Did you use some kind of script or did you just step it? |
| HMX0101 28. Apr 2008 | Just put bp where do you think is a good place (intuition, maybe? ;))... stepping it one-by-one sucks.. ;P |
| andrewl.us Moderator 28. Apr 2008 | Dynasty, I thought that the obfuscation was pretty good! But the parts that the obfuscation leads to can be seen in plain text, so they can be breakpointed without stepping through the obfuscation. If you instead decrypted the serial algorithm stuff right before executing it, we would have no choice but step through the junk to reach it. And producing the proper key file is non-trivial at first inspection. HMX0101, you can't give us more than "bp where you think is a good place" ? |
| HMX0101 29. Apr 2008 | I've just set bp where as you says its plain text (this is a good place ;)... its simple intuition... another way can be, determinate the junk code/obfuscation pattern and write a tool/script which do the hard work for you ;) |
| Dynasty Author 29. Apr 2008 | @andrewl.us : Thanks bro, the obfuscation is supposed to be a pain the ass. however, I'm pretty new to the whole coding thing, so I'm still having a hard time making things harder for reversers of your experience... I guess I'll do better next time! But I have to say, the good part is I learned a lot coding this thing ;) |
| Dynasty Author 29. Apr 2008 | @andrewl.us : Awesome tut man, grazze mille and thanks also for taking the time for it ;) |
| andrewl.us Moderator 29. Apr 2008 | :) So is it possible to produce a satisfactory file after all 12 iterations of the loop starting at 00403BF5? I think flooding >1024 bytes and making it exit early is the easy path. Perhaps someone will submit an alternative solution. |
| XzzX 29. Apr 2008 | My approach was very similar to yours. I don't know if there is a way to do it without skipping the iterations. |
| HMX0101 30. Apr 2008 | I've used a different approach (i never reach the 1024bytes)... but it works after you click two times?? a bug?? :S |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.