ksydfius's The XOR Algorithm II
| Download ksydfius3.zip, 2 kb (password: crackmes.de) Browse contents of ksydfius3.zip well my first edition of the xor algorithm was too easy
Difficulty: 2 - Needs a little brain (or luck) | RatingVotes: 5 View profile of ksydfius » |
Solutions
Solution by morecode, published 16. dec, 2012; download (260 kb), password: crackmes.de or browse.
morecode has not rated this crackme yet.
Solution by ivvei, published 02. nov, 2012; download (2 kb), password: crackmes.de or browse.
ivvei has rated this crackme as quite nice.
Solution by RandolphCarter, published 10. oct, 2012; download (581 kb), password: crackmes.de or browse.
RandolphCarter has rated this crackme as quite nice.
Solution by ThePoolGuy, published 02. oct, 2012; download (40 kb), password: crackmes.de or browse.
ThePoolGuy has rated this crackme as quite nice.
The submission of solutions is closed.
Discussion and comments
| kingdeking 19. Sep 2012 | Hey, great job... seems like that change wasnt of much use ;) anyway the answer is cryptanalysis_ftw Enjoyed this one ;0 |
|---|---|
| ksydfius Author 19. Sep 2012 | wow, very fast :) good job! |
| ivvei 26. Sep 2012 | I have a question: At 00401116 lea esi, dword ptr [403000], here is a string I think may be the key string which starts wih a "W", hex 57, but, 0040111C lea edi, dword ptr [4030F1], here is hardcoded with a HEX 87. Then mov them to al and cl, and cmp al, cl, and there is a JNZ which would surely be taken. It directly jump to the end of this program. So if the above I am not wrong, how could it possible to jump to 00401137 where has a key call? |
| ivvei 26. Sep 2012 | I also tried the answer of "cryptanalysis_ftw", but it did not work. The successful scene seems to like this: pop out a messagebox contains a text of "Nice one!" Sadly, the string "cryptanalysis_ftw" did not get a "Nice one". |
| ksydfius Author 26. Sep 2012 | lol the answer of "cryptanalysis_ftw" is just the answer you tell me :) not the input string for the crackme itself good job btw! |
| ivvei 26. Sep 2012 | e... I still not get your point. Ok, forget about the "cryptanalysis_ftw", that is what kingdeking wrote and I do not know what does it mean. Maybe it is not important, forget about it.... Back to my queston at #3. I found the JNZ jump caused the programme end task and it seems happen before the input string located at 403264 comparing with the stored string which may be located at 403000. Is this a trap set by your intention and I should not stepped into? |
| ksydfius Author 26. Sep 2012 | if im understanding you correctly, the JNZ is just to compare the result of your encrypted text and my encrypted text so if the one pair of corresponding bytes is not equal, then i will exit the program if all the bytes are equal, then the JE 401137 is taken if its still confusing, try debugging it with the correct input key to find out what it does |
| draww 27. Sep 2012 | @ivvei: read 1st crackmes solutions. maybe you'd find out what's going on ;) |
| RandolphCarter 28. Sep 2012 | nice crackme, i enjoyed analyzing it! |
| NukeCrack 07. Jan 2013 | Patched by NukeCrack Time : 2min |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.