ksydfius's Ksydfius Crackit I
| Download ksydfius1.zip, 1 kb (password: crackmes.de) Browse contents of ksydfius1.zip A little crackme which can be solved in 1 sec
Difficulty: 2 - Needs a little brain (or luck) | RatingVotes: 4 View profile of ksydfius » |
Solutions
Solution by ThePoolGuy, published 02. oct, 2012; download (3 kb), password: crackmes.de or browse.
ThePoolGuy has rated this crackme as awesome.
Solution by freesoul, published 14. sep, 2012; download (7 kb), password: crackmes.de or browse.
freesoul has rated this crackme as quite nice.
Discussion and comments
| mausy131 05. Sep 2012 | First it didn't run.. Just open it in olly and you are able to crack it |
|---|---|
| cyclops Moderator 05. Sep 2012 | ^^It runs perfectly on my machine. Please note: There is no user input as such. You have to modify the code/data (you will see where and what to modify in the disasm) itself to get the good boy msg. |
| bearchik 06. Sep 2012 | Key: 25 75 52 74 05 76 33 72 0E 31 73 52 For solved this crackme need substitute in function's argument value that use in compose. Example: .text:004010D0 pop eax ; in eax part key .text:004010D1 call sub_401091 ; function calculating key .text:004010D6 cmp eax, 19496E48h ; cmp with true value .text:004010DB jnz short loc_40111C Enter in eax 19496E48h before call result == 25755274h Enter in eax 25755274h before call result == 19496E48h Repeat this in all other call. |
| cyclops Moderator 06. Sep 2012 | bearchik: dont spoil the phun. (I have removed the second comment). |
| ksydfius Author 06. Sep 2012 | its very easy to solve, yes sorry to say, but ur key is incorrect although it generates the correct results at the CMP, it doesnt decrypt the goodboy message and, do u understand why that happens when u said: Enter in eax 19496E48h before call result == 25755274h Enter in eax 25755274h before call result == 19496E48h |
| freesoul 06. Sep 2012 | Hey, I'm taking a look at your crackme, I reversed your first functions and I wonder why I get this: Test reverseBits(0x0E86CECE) output: 73736170 ("pass" just for test) Test _decode(0xF8BC9898) output: 73736170 Test decode(0x2F4F5D4C) output: 13736170 <- Actually idk why that 1 I guess solution is on understanding that '1', I'll dig deeper when I've time, greets :) |
| ksydfius Author 06. Sep 2012 | hi freesoul, there are multiple passwords that will work at the CMP, but only 1 will successfully decrypt the goodboy message i can tell u that so far, u seem to be on the right track, but this bit: f(0x2F4F5D4C) = 0x13736170 isnt very important :) also, keep in mind that the password consists of chars in the range 0x20 to 0x7B and that it makes sense good luck :) |
| _sid 06. Sep 2012 | ThE_CoDe_Is: ... well won't spoil this :) Nice & fun. |
| ksydfius Author 06. Sep 2012 | hehe, good job :D my next ones will be more interesting :) |
| redoC 07. Sep 2012 | I can't get it. What is the 12 byte serial? |
| freesoul 07. Sep 2012 | Ow finally I got it lol. I didn't even look at the second part of the crackme, I prefered to permute 2^6 :) |
| ksydfius Author 07. Sep 2012 | hey redoC, this probably isnt as hard as u think just analyze the code a bit, you'll find it :) good luck! |
| pegazuz 10. Sep 2012 | well i figured some of the message but some letters are not readable. any clue? |
| freesoul 10. Sep 2012 | pegazuz: analyzte loop by loop, then change what you've to change :) |
| ksydfius Author 10. Sep 2012 | if u have some of the message then u are very close... just try it some more, u will get it ;) |
| pegazuz 13. Sep 2012 | you were right :) just using the fact u need ascii :) should i post the passkey? |
| ksydfius Author 13. Sep 2012 | nah, write a tutorial instead ! :) |
| ksydfius Author 14. Sep 2012 | freesoul, nice solution! u understand what the crackme is doing and explain very well the loader is a nice one, too thx :) |
| _sid 14. Sep 2012 | hmm, there's nothing to guess or brute; if you revert the ops, you will get the right solution ... |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.