lxmxnx's CrackMe#1 - VM
| Download crackme#1.zip, 17 kb (password: crackmes.de) Browse contents of crackme#1.zip The crackme.exe checks the passphrase string (It is a random sequence of characters from www.random.com and it is fully stored, i.e. no one way hashes).
Difficulty: 3 - Getting harder | Send a message to lxmxnx » View profile of lxmxnx » |
Solutions
Solution by Cat2, published 07. mar, 2009; download (4 kb), password: crackmes.de or browse.
Cat2 has rated this crackme as awesome.
Solution by kao, published 02. mar, 2009; download (3 kb), password: crackmes.de or browse.
kao has not rated this crackme yet.
Discussion and comments
| main 30. Jan 2009 | My ESET NOD32 reports this as trojan. Do you know why? Is this a false positive? |
|---|---|
| andrewl.us Moderator 30. Jan 2009 | Probably, I stepped through a little, very interesting lxmxnx! Did you make it yourself? Can any EXE be transformed into such a mess? |
| lxmxnx Author 30. Jan 2009 | 1. I'm sorry to hear that NOD32 marks it as trojan. It is definitely a false positive. There is nothing nefarious in the exe file, just overly complicated strcmp :-)) 2. Yes, I did it all myself, no third party tools involved. Without revealing too much, I have a generator that produces such a mess, however the input to said generator is not another ('clear text') exe. |
| main 31. Jan 2009 | Yeah, really strange. It says something like "probably a variant of Kryptik/W.Trojan". It´s probably just because of an "error" in the heuristics. Anyway, yes, indeed a very interesting crackme! |
| andrewl.us Moderator 02. Mar 2009 | A very cool solution! A similar approach that didn't work: a program was written that held the crackme's execution under the trap flag and just counted the number of instructions executed for different serials. Idea being that strcmp() would exit early on bad characters. Your method is complete! |
| TFB 07. Mar 2009 | Awesome crackme, managed to solve it. Writing tutorial now :) |
| Cat2 07. Mar 2009 | Nice Kao. Just submitted a solution myself, and then checked out yours (I dont look at solution before I solve, or else I'm cheating :P ) Kind of interesting how you did it, I wonder if same thing would work in IRL scenarios sometimes with things like Themida VM. Prolly not :P |
| andrewl.us Moderator 07. Mar 2009 | awaiting TFB's solution - hopefully we'll have collected three difference ways to crack this :) |
| simonzack Moderator 07. Mar 2009 | hei maybe i'll try it too :) |
| Cat2 07. Mar 2009 | TFB's is the same as mine, we kind of colluded on this one, and I ended up doing the writing :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.