
sharpe's [Unlockme] Crackme #8 by sharpe
Download eight.zip, 3 kb (password: crackmes.de) Browse contents of eight.zip Introduction:
Difficulty: 3 - Getting harder | Send a message to sharpe » View profile of sharpe » |
Solutions
Solution by asterix, published 24. jun, 2009; download (6 kb), password: crackmes.de or browse.
asterix has not rated this crackme yet.
Discussion and comments
tony 09. Jun 2009 | It's hard to guess the unlock code! |
---|---|
DigitalAcid 09. Jun 2009 | Maybe, maybe not. We see how the badboy is made, so maybe we can think about the structure of the goodboy :). |
AbsshA 09. Jun 2009 | insnt a unloock code, is "hide secret". |
tony 10. Jun 2009 | hidden information is a picture!I guess one correct byte.but i can't guess remainder bytes |
hardcoder 11. Jun 2009 | Either this is very easy crack me or this is Impossible. |
AbsshA 12. Jun 2009 | Inst a picture, is a phrase, or better.. a name.. |
sharpe Author 16. Jun 2009 | Any luck with this one? |
Ganoes Paran 16. Jun 2009 | When i type in "themewnd" it dissappears on xp, and crashes on vista. bug? or unlock code? lol |
sharpe Author 16. Jun 2009 | I have added exception handling so that the application will exit when an improper unlock code is entered. So what you are experiencing on XP is the correct behaviour for an invalid unlock code. The crashing on Vista I know nothing about, I don't use Vista. |
Ganoes Paran 17. Jun 2009 | no you misunderstoodi think you misunderstood if the intered unlock code in sunvalid, a little popup appears saying it's invalid and then it closes. however it just closes imedaitly after entering the code, or on the vista, it just "crashes" with a popup saying report problem to microsoft or what not. is this attentional? anyways, if you type in any other unlock code that is invalid, a little popup appears saying it's invalid and you get to enter the unlock code again. if unlock code works you click check, popup appears, if its wrong it closes. however if clicking check using the code above, it just immediatly exits / crashes on vista |
cobrasniper555 17. Jun 2009 | There's no one to do this other than guessing and bruteforcing. Who knows if there are even any results then as well... |
Ganoes Paran 17. Jun 2009 | i love the weird spelling errors my browser does for me lol. yea i noticed "themewnd" poping all over the place in the code so i tried it out..pased the unlock code stage, clicked check and crash o.0? lol |
papanyquiL 17. Jun 2009 | anything works for the unlock code as long as it's >= 8... try 'dddddddd' |
cobrasniper555 17. Jun 2009 | Ya, the only reversing that I was able to do is find out that the unlock code has to be between 8 and 31 chars. All of the characters go through a routine to create a "magic number" (it's what I labeled the address in my debugger) through a system of roll-overs. This number is then xor-ed with the bytes in the "buffer" (what I also labeled the section of the code being modified), replacing the original bytes with modified bytes. Unless I can figure out what those bytes or the "magic number" are supposed to be, then there's no way to make this crackme work right. If I am wrong, please explain. |
sharpe Author 17. Jun 2009 | I found out what is happening. The value "themewnd" decrypts the code so that it contains valid instructions including the following jump: ... jmp 3F117443 ... When execution attempts to continue at this address, it dies as this address is invalid, which is why it crashes. Vista probably catches this error prior to exiting and displays it to the user, XP merely exits. I hope this helps. |
Mathias 17. Jun 2009 | I agree with cobrasniper. Seems that bruteforcing is the only way to solve it but it's kinda hard to "guess" the valid instructions - it's like looking for something that you don't know:/ |
sharpe Author 17. Jun 2009 | Hiya, you could brute force all possible but you could also have another look at the way the code is decrypted and perhaps change your approach. PS. If you liked this crackme, please tell me how much and give it a vote. Thanks :o) |
cobrasniper555 17. Jun 2009 | That's just the thing though. I've examined the whole crackme and now I understand how it works. However, the is are two variables in this equation. Both we don't know. Using simple math principles, we can not solve it, without guessing who know how many times, or bruteforcing. Good crackme sharpe. It's a pain in the ass. =D |
simonzack Moderator 18. Jun 2009 | oh, and btw, please add the message for everybody that the message only needs to be found, not displayed, to clarify things |
cobrasniper555 20. Jun 2009 | So..I heard AbsshA had solved the crackme. Any idea of when it might be released? Unfortunately, I've "temporarily" given up. =( |
sharpe Author 21. Jun 2009 | Hi there, as requested by simonzack, I will give a tip regarding what you are/are not looking for: When a valid unlock code has been entered, a specific string value is written to the data section. This string value is the solution to this challenge. There are no messages (MessageBoxA) that will inform you that you have entered a valid unlock code. View the data section in the dump view when entering values and keep your eyes peeled for valid ASCII values :o) I have received a few solutions so far, which haven't been posted here as they would spoil the challenge. If anyone wants a tip, please don't hesitate to send me a PM, I'll be certain to give you just enough information to get you moving again. Remember, if you never give up, you never lose! I wish everyone a good Sunday. sharpe. |
sharpe Author 28. Jun 2009 | Did my comments help at all? Happy Sunday :o) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.