phyre's Crackme #1 by phyre
| Download crackme_phyre.zip, 4 kb (password: crackmes.de) Browse contents of crackme_phyre.zip Hi!
Difficulty: 4 - Needs special knowledge | RatingWaiting for at least 3 votes View profile of phyre » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| astigmata 13. Mar 2006 | what's the problem with this target ? I can't see it in my process list I can't attach in olly If I load in olly, it's terminated :P |
|---|---|
| Ox87k 13. Mar 2006 | terminated but.. have u a msgbox that tell u "something went wrong"? there are some check anti-debug ;) |
| deroko 13. Mar 2006 | what a nice crackme, really kewl crackme... |
| phyre Author 13. Mar 2006 | thx deroko. did you solve it and are you going to write a solution? |
| deroko 14. Mar 2006 | well still working on serial algo, found that kewl trick to generate always false serial if crackme isn't run from "certain" location, found relations between hashing procs but still it will take a while to find right key. |
| kao 14. Mar 2006 | really nice crackme! :) |
| Vermin 15. Mar 2006 | This crackme is really fun! So far I was able to run it unpacked (a little header-patching was required), but still not within a debugger (at least not in Olly). I reversed your crypting-algo and coded a little prog that crypts and decrypts strings. But thats all useless if i can´t make my way to the serialalgo. Is it possible to attach with SI? If so, I´d consider installing it. |
| klks 17. Mar 2006 | you dont need SI, olly will do. i got all the thing unpacked and patched, runs nicely under olly but all my serials are correct :D. very nice |
| znycuk 27. Mar 2006 | Hi all, Is someone still working on a solution to solve this one ? I think i don't have the level required yet, but i'll be really interrested in a working solution to follow :) I have unpacked it, and i'm able to lauch it in olly, only if i manually change a value, to decrypt correctly library names. Next, i've found is that it executes himself in my olly memory space by invoking CreateRemoteThread. And here i'm stuck... Does someone could give me a little hint, or some good reading, to continue my analysis ? thx |
| TQN 27. Mar 2006 | Do not debug it with OllyDbg, run it from explorer.exe, use OllyDbg to attach to explorer.exe, break on new thread. |
| znycuk 27. Mar 2006 | thanx for the hint TQN. But first, i have to find a way to patch correctly the header (or unpack correctly) my unpacked crackme. coz' at the moment i'm just able to launch it in olly (unpacked of course) by changing the value of ESI just before the first decryption of lib. names. |
| phyre Author 20. Apr 2006 | where are the solutions? :) hint: it always creates a remote-thread in the parent process, the parent-process must be "explorer.exe", otherwise it calculates random crap. |
| Vermin 22. Apr 2006 | aaaarrrrgh, I guess this is the point I missed. I turned the crackme into a "standalone"-program, so no explorer.exe needed anymore. I was not smart enough to see, the crackme needs explorer.exe to calculate right. Thanks for the hint. I will start again with this beautiful crackme. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.