Matteo's Matteo KeygenMe
| Download Matteo_CrackMe.zip, 7 kb (password: crackmes.de) Browse contents of Matteo_CrackMe.zip Hi!
Difficulty: 4 - Needs special knowledge | Send a message to Matteo » View profile of Matteo » |
Solutions
Solution by tamaroth, published 19. may, 2015; download (454 kb), password: crackmes.de or browse.
tamaroth has rated this crackme as quite nice.
Solution by baderj, published 19. may, 2015; download (88 kb), password: crackmes.de or browse.
baderj has not rated this crackme yet.
Discussion and comments
| tamaroth Moderator 25. Mar 2015 | Is it intended that you calculated a checksum for 3 overlapping memory areas in code starting at 0x401041? You point there to memory at 0x401DCF and 22h iterations of lodsd are done, which means it ends at the address 0x401E57 which is way further than next check address 0x401CE1 which in turns overlap with next part of memory? |
|---|---|
| tamaroth Moderator 25. Mar 2015 | Don't mind me, I'm an idiot. I retract previous statement. |
| Matteo Author 26. Mar 2015 | seems that you unpacked first part, now you need to unpack second part and then starting to solve it. feel free to ask anything, i will be happy to answer :) |
| desert2500 27. Mar 2015 | This crackme checks a file with the name 'thekey.k'.I have a problem.At first,it comapare its 0x17 bytes with '0xD'.But then it check whether its 0x5th-0x20th identify with '0x0'.I think it is a logic fault.Or maybe I miss someting? |
| Matteo Author 27. Mar 2015 | i think you miss something here it compare 0x15 bytes (push 15h) not 0x17 with 0xD there are 3 compares two with 0xD and the last with 0x0 (tip: 0xD = \r = CR Carriage Return) (tip2: check the returned value of the call ......) that point shouldn't be hard but let me know :) |
| desert2500 27. Mar 2015 | yes,i made a mistake. I will try again. |
| desert2500 27. Mar 2015 | Hi,Matteo,when I try to unpack it,the function 'CloseHandle' can not be fixed correctly by Import fixer.It is the only bad function. As try to correct it when it is loaded in the memory,the crackme works well.Do you know how to solve it? |
| Matteo Author 28. Mar 2015 | I've sent you a private message |
| desert2500 30. Mar 2015 | Ii is such a difficult crackme for me to solve,but luckily i found the correct anwnser in the end.For three days i didn't sleep well.Thanks to Matteo,a very good crackme~ |
| tamaroth Moderator 30. Mar 2015 | desert2500: you plan on releasing the solution? I'm basically on the last part now, with my limited time I should be able to release a solution at the end of the week. Full one with the description of anti-debug methods and decryption routines. |
| Matteo Author 30. Mar 2015 | happy to see that you solved, and very happy to see that you liked it :) |
| desert2500 30. Mar 2015 | tamaroth:Also i have no time until weekdays,maybe a tutorial later than you:) (And i am not sure if i can explain it Accurately).Anything would like to discuss please send a message to me. |
| Matteo Author 30. Mar 2015 | desert2500 sent me a working key file and thanks to it i have found that there is a "bug": the program will accept keyfile that is not alphanumeric only. I knew that the operation on the second serial was "wrong" because i was using all characters but i said to myself "who cares, there will be only 0s after and it will make no difference" i was wrong! it makes difference :) should i upload new version or not? i have no idea... my idea was that only alphanumeric chars were allowed but feel free to solve also with his trick :) after all is my fault if it accepts "invalid" keys... |
| tamaroth Moderator 30. Mar 2015 | Just out of curiosity, desert2500 did you brutforce the seeds for srand in the last part? Because that's a lot of combinations ... |
| Matteo Author 30. Mar 2015 | i don't know what he have done but i have brutefurced it. if you optimize it a bit in 7 min you can check all the keyspace (every seed). if i'm not wrong there are 4 valid seeds (and only one other) but 2 of the 4 create a key that is not alphanumeric and "should" be wrong |
| desert2500 30. Mar 2015 | Matteo,I have made a keygen with python.It can produce all legal keyfile format.I have mail it to you.Please check it. |
| desert2500 30. Mar 2015 | tamaroth,yes ,you have to bruteforce the seeds. |
| Matteo Author 30. Mar 2015 | it doesn't ask for name, and your name length is fixed at 4 but it works :) |
| tamaroth Moderator 01. Apr 2015 | keygen also done, write up should be done by the end of the week hopefully. |
| Matteo Author 07. Apr 2015 | IMPORTANT NOTE: WRONG EMAIL IN THE DESCRIPTION my email is GMAIL.COM AND NOT .IT i have read it many times before publish and there are still bugs in the description :) |
| andrewl.us Moderator 19. May 2015 | "bumping" this thread to the top to show baderj and tamaroth's thorough solutions, congrats |
| tamaroth Moderator 19. May 2015 | That "week" took over a month :D |
| Matteo Author 20. May 2015 | fantastic solutions! congratulations to both!! pacman trick still missing... will someone document it? although it doesn't work on newer windows it can be understood and documented. check the last call, the one that show MessageBox, is full of tricks :) i'm still amazed by your solutions! now i need to make something new :) see you soon... |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.