main's VBCrackme
| Download VBCrackme.zip, 5 kb (password: crackmes.de) Browse contents of VBCrackme.zip Find the password which correctly decrypts the file.
Difficulty: 3 - Getting harder | RatingWaiting for at least 3 votes View profile of main » |
Solutions
Solution by JoKa, published 03. oct, 2008; download (10 kb), password: crackmes.de or browse.
JoKa has rated this crackme as quite nice.
Discussion and comments
| main Author 25. Sep 2008 | NOTE that I have only verified that the goodboy appear using windows xp (currently I´m using SP2). This has to do with the nature of the encrypted file´s content. I have not verified if it appears using SP1. |
|---|---|
| xylitol 25. Sep 2008 | tested in windows vista SP1 french, and sucessfully crashed (lolz) your crkme crash after pushing the button |
| MACH4 25. Sep 2008 | It crashes here too! when clicking the button xp sp3 |
| JoKa 26. Sep 2008 | I suppose it must crash if entered password is wrong. |
| JoKa 26. Sep 2008 | I don't suppose I know it |
| main Author 26. Sep 2008 | Yes. The crackme will crash if you enter the wrong password. :) |
| JoKa 26. Sep 2008 | @MACH4,xylitol: try enter "Э" (char 221 or DDh) as password and press button one time. Program must not crash. Press one more time leads to crash again. |
| main Author 26. Sep 2008 | NOTE: I don´t know how much I should say about this crackme. What I _can_ say, is that if the wrong password is entered, the program will probably crash, or it has undefined behavior. This has to do with the nature of the encrypted file´s content (as I said above). Maybe I should say how long the password is... I´ll wait for some time and see what happens. Good luck! |
| main Author 26. Sep 2008 | Maybe you don´t want too much information. But I think this will reduce the amount of work you have to put down in it (for you that not already figured this out): The goodboy will appear as a messagebox. |
| JoKa 29. Sep 2008 | Tested on WinMe. Incorrect password calls hangup, so be carefull. |
| sunkj201 29. Sep 2008 | 郁闷啊。。。。。 |
| main Author 30. Sep 2008 | TIP: Focus on the encrypted file and combine what you know about the app (encryption and behavior) and what you know about the goodboy. |
| main Author 03. Oct 2008 | JoKa is on the right track guys. 1. Understand the simple encryption. 2. Find the adress of the data buffer. 3. Use what you know about the files content to decrypt it! Actually only step 1 and step 3 is needed to solve this crackme. When you have cracked it you can focus on the data buffer and modify the file (if you want) to work on your windows version! |
| JoKa 03. Oct 2008 | @main: I think it is bad idea to use directly addresses of kernel32.dll exported functions, because addresses are different across various kernel32.dll versions. I shall write solution. |
| main Author 03. Oct 2008 | Yes, I know. I thought about changing that with a find method, but I had already posted the crackme at that time. Sorry! I can write a similar crackme in C or asm with find methods (peb, seh). It would be better of course, and more educational perhaps (although I wrote a comment about it only working on xp sp2). Good work! |
| JoKa 03. Oct 2008 | It depends on kernel32.dll version, not OS version My kernel32.dll is 5.1.2600.2945 (xpsp_sp2_gdr.060704-2349) (Russian) |
| JoKa 03. Oct 2008 | You could use some functions that were imported by your crackme (like rtcMsgBox). You could also use address of MessageBoxA instead of finding it by GetProcAddress (in that case crackme will depend on user32.dll version) |
| main Author 03. Oct 2008 | What I mean by "windows version" is implicit to correct the addresses. Yes, good point, I thought of that too, but I didn´t want to implement it that way because it was ment to work stand alone from the beginning. I actually first wrote the crackme so that the file would have to be executed through a buffer overflow. That´s why it looks like it does. Thanks for your comments. |
| main Author 04. Oct 2008 | Nice solution JoKa! You really have good reversing skills. And again, sorry about me not thinking about changing the shellcode so it works across verisions! The reason is above. Thanks. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.