mjesun's Lite Crack
| Download LtCrack.zip, 1 kb (password: crackmes.de) Browse contents of LtCrack.zip This is a beautiful 'packing' routine. You can do everything you want to discover the password, but try to do it without bruteforcing.
Difficulty: 5 - Professional problem to solve | Send a message to mjesun » View profile of mjesun » |
Solutions
Solution by indomit, published 24. oct, 2008; download (3 kb), password: crackmes.de or browse.
indomit has rated this crackme as quite nice.
Solution by rdk3020, published 24. oct, 2008; download (5 kb), password: crackmes.de or browse.
rdk3020 has rated this crackme as awesome.
Discussion and comments
| user2k 19. Oct 2008 | looks like lots of data is lost, shl 3 [losing 3 highest bits from first compare value per cycle] and rcr 3 [lost 2 bits from second value compare] bruteforcing lost bits could be the only solution [or iam doing it wrong :)] |
|---|---|
| Zaphod 20. Oct 2008 | Yeah, it looks like bruteforcing is necessary, but maybe there is another way. There must be, since bruteforcing is forbidden :) |
| indomit 20. Oct 2008 | This algo cannot be reversed, too many passwords to meet check. For example: o)R`4<L k-Rg8;Y t6R{.=V j/;Sx;VJo!Q ~53Fr=V*[KE But with these keys program decodes incorrect code. So we need some additional info about encrypted code, and analyze it. |
| indomit 20. Oct 2008 | P.S. I found these keys using random brute over a couple of minutes. |
| main 20. Oct 2008 | Hmm... How to solve this without bruteforcing? |
| cyclops Moderator 20. Oct 2008 | I think the decrypted code must popup a messagebox. So we may need to code a demo routine+strings, then find the hex codes and compare with 'packed' code. But making a demo code can arise too many possibilities! With only 3 bits of last 6 chars we cant deduce any thing...(Or did all of us schooled?) |
| user2k 20. Oct 2008 | 1 bit from rcr per 72 cycles * 16 password len [ebx] * 3 bits lost from shl [6-th to 72] = only 2*72*16*((72-6)*8) = 1216512 tries : if eax==0 and ecx==-1, is it brute ? :) [calculations after third beer :P] |
| mjesun Author 21. Oct 2008 | hi everybody! first of all, thanks for comment this crackme. Bruteforcing is not forbidden, since I say in the description 'but try to do it without bruteforcing'. I always liked crackme's which wants to resemble real-life protections, so, I like to allow everyting over my crackme. I said that bruteforcing is not recommendable because of the high level of possible combinations, and I think it should be interesting to try to solve it without this technique. |
| indomit 21. Oct 2008 | We can assume there are some operands or text strings in an encrypted code, but ignorance of the length of the key makes decoding more difficult. |
| user2k 21. Oct 2008 | i said 1216512 ? better , al[8 bits] in eax overwrited at the begining of loop, so *256. and now i think there could be a better solution, overwriting that al with enc[idx] could be the answer, [btw the only thing we know that there must be ret at end, calls could be far calls cause of virtual alloc, and could be there getprocaddr] but for now trying to recurse and brute lost bits... we'll see... |
| rdk3020 21. Oct 2008 | mjesun Don't give any clues yet! Hehehe |
| user2k 21. Oct 2008 | there is no need for clues, its as fun as making fallout in 30 minutes :) |
| rdk3020 21. Oct 2008 | Finally! Got it! But I must say it took me quite a lot of time. So mjesun, you are responsible for the health issues caused by late night reversing. |
| rdk3020 21. Oct 2008 | Please, give me some time to write the tut to submit the solution. |
| indomit 23. Oct 2008 | [deep-drawn sigh] Finally, I found it... It took a very very very long time :) |
| mjesun Author 24. Oct 2008 | I am really, really pleased to read both solutions. I encourage anybody that cannot solve this crackme to read both! My congratulations for indomit & rdk3020! And for everybody, i hope you enjoy this crackme, and as i said a few days ago, I always liked crackme's which wants to resemble real-life protections... :D |
| aodrulez 12. Nov 2008 | quite similar to my technique... :) ... n i think urs is much more better :). That was a beautiful one. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.