InsaneFIDO's InsaneFIDO's UnWrapME
| Download InsaneFIDO_UnWrapMe.zip, 10 kb (password: crackmes.de) Browse contents of InsaneFIDO_UnWrapMe.zip Using similar wrapper concept to the Reflexive Wrapper used on games but I hope it is a little more difficult to reverse than that. On Windows XP the unwrapped file should display with the XP theme. Coded on XPSP2, may not work with W2000 but I hope it does.
Difficulty: 3 - Getting harder | Send a message to InsaneFIDO » View profile of InsaneFIDO » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| EvOlUtIoN 01. Dec 2007 | What is objective of crackme? Just run executable without any other file? Or what? |
|---|---|
| InsaneFIDO Author 01. Dec 2007 | The object is to recover the wrapped exe file so that it is standalone rather than executed by the Insane.exe file. |
| EvOlUtIoN 03. Dec 2007 | Ok, i found a way to do it...but it is hard for me to load it on debugger, so i wrote loader to allow me dump it. |
| EvOlUtIoN 03. Dec 2007 | Yeah! Got it! Really nice unwrapme InsaneFIDO... hxxp://www.sendspace.com/file/tt8rnx Here it is a link of my dumped one, i will write a solution as soos as possible. I think it has a very very good idea to load and debug a temporary file, and also to virtualize some EP code and relocate import table. |
| InsaneFIDO Author 03. Dec 2007 | EvOlUtIoN I'm glad you liked it. Your dumped file is nicely reconstructed. cheers InsaneFIDO |
| REA 04. Dec 2007 | InsaneFIDO, nice unwrapme, look like nanomites in arm. Will tell ya when i got something new. |
| REA 05. Dec 2007 | Hehe, done, nice things. I'll write a tuts soon. http://sharebee.com/a07d7be0 |
| InsaneFIDO Author 05. Dec 2007 | Thanks REA. I look forward to seeing yours and EvOlUtIoN's solutions. cheers InsaneFIDO |
| hardcoder 14. Jan 2008 | Does any one help me with this function 004018B9 /$ 8B15 844D4000 MOV EDX,DWORD PTR DS:[404D84] ; kernel32.7C803518 004018BF |> 8B02 /MOV EAX,DWORD PTR DS:[EDX] 004018C1 |. 0305 5C454000 |ADD EAX,DWORD PTR DS:[40455C] ; kernel32.7C800000 004018C7 |. 8A00 |MOV AL,BYTE PTR DS:[EAX] 004018C9 |. 38C3 |CMP BL,AL 004018CB |. 74 06 |JE SHORT Insane.004018D3 004018CD |. 83C2 04 |ADD EDX,4 004018D0 |. 46 |INC ESI 004018D1 |.^ EB EC \JMP SHORT Insane.004018BF 004018D3 \> C3 RETN It seems it is scanning Export table of Kernel32.dll and when all is found throws an access violation application just terminates here. please any hint will be appreciated |
| InsaneFIDO Author 14. Jan 2008 | hardcoder I sent a reply to your private message but if it still does not help send me another message. cheers InsaneFIDO |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.