downloadbrowsesharpe's [Unlockme] Crackme #8 by sharpe

Download eight.zip, 3 kb (password: crackmes.de)
Browse contents of eight.zip

Introduction:
If you manage to find a valid Unlock Code, type it in and press the Unlock Code button. If it is correct, you should be able to find the hidden secret.

Rules:
- No patching
- Find the hidden secret

Difficulty: 3 - Getting harder
Platform: Windows
Language: Assembler

Published: 05. Jun, 2009
Downloads: 723

Rating

Votes: 4
Crackme is boring.

Rate this crackme:

Send a message to sharpe »

View profile of sharpe »

Solutions

Solution by asterix, published 24. jun, 2009; download (6 kb), password: crackmes.de or browse.

asterix has not rated this crackme yet.

Submit your solution »

Discussion and comments

tony
09. Jun 2009
It's hard to guess the unlock code!
DigitalAcid
09. Jun 2009
Maybe, maybe not.
We see how the badboy is made, so maybe we can think about the structure of the goodboy :).
AbsshA
09. Jun 2009
insnt a unloock code, is "hide secret".
tony
10. Jun 2009
hidden information is a picture!I guess one correct byte.but i can't guess remainder bytes
hardcoder
11. Jun 2009
Either this is very easy crack me or this is Impossible.
AbsshA
12. Jun 2009
Inst a picture, is a phrase, or better.. a name..
sharpe
Author
16. Jun 2009
Any luck with this one?
Ganoes Paran
16. Jun 2009
When i type in "themewnd" it dissappears on xp, and crashes on vista. bug? or unlock code? lol
sharpe
Author
16. Jun 2009
I have added exception handling so that the application will exit when an improper unlock code is entered. So what you are experiencing on XP is the correct behaviour for an invalid unlock code. The crashing on Vista I know nothing about, I don't use Vista.
Ganoes Paran
17. Jun 2009
no you misunderstoodi think you misunderstood

if the intered unlock code in sunvalid, a little popup appears saying it's invalid and then it closes. however it just closes imedaitly after entering the code, or on the vista, it just "crashes" with a popup saying report problem to microsoft or what not.


is this attentional? anyways, if you type in any other unlock code that is invalid, a little popup appears saying it's invalid and you get to enter the unlock code again. if unlock code works you click check, popup appears, if its wrong it closes. however if clicking check using the code above, it just immediatly exits / crashes on vista
cobrasniper555
17. Jun 2009
There's no one to do this other than guessing and bruteforcing. Who knows if there are even any results then as well...
Ganoes Paran
17. Jun 2009
i love the weird spelling errors my browser does for me lol.

yea i noticed "themewnd" poping all over the place in the code so i tried it out..pased the unlock code stage, clicked check and crash o.0? lol
papanyquiL
17. Jun 2009
anything works for the unlock code as long as it's >= 8... try 'dddddddd'
cobrasniper555
17. Jun 2009
Ya, the only reversing that I was able to do is find out that the unlock code has to be between 8 and 31 chars. All of the characters go through a routine to create a "magic number" (it's what I labeled the address in my debugger) through a system of roll-overs. This number is then xor-ed with the bytes in the "buffer" (what I also labeled the section of the code being modified), replacing the original bytes with modified bytes. Unless I can figure out what those bytes or the "magic number" are supposed to be, then there's no way to make this crackme work right. If I am wrong, please explain.
sharpe
Author
17. Jun 2009
I found out what is happening.

The value "themewnd" decrypts the code so that it contains valid instructions including the following jump:

...
jmp 3F117443
...

When execution attempts to continue at this address, it dies as this address is invalid, which is why it crashes. Vista probably catches this error prior to exiting and displays it to the user, XP merely exits.

I hope this helps.
Mathias
17. Jun 2009
I agree with cobrasniper. Seems that bruteforcing is the only way to solve it but it's kinda hard to "guess" the valid instructions - it's like looking for something that you don't know:/
sharpe
Author
17. Jun 2009
Hiya, you could brute force all possible but you could also have another look at the way the code is decrypted and perhaps change your approach.

PS. If you liked this crackme, please tell me how much and give it a vote. Thanks :o)
cobrasniper555
17. Jun 2009
That's just the thing though. I've examined the whole crackme and now I understand how it works. However, the is are two variables in this equation. Both we don't know. Using simple math principles, we can not solve it, without guessing who know how many times, or bruteforcing. Good crackme sharpe. It's a pain in the ass. =D
simonzack
Moderator
18. Jun 2009
oh, and btw,
please add the message for everybody that the message only needs to be found, not displayed,
to clarify things
cobrasniper555
20. Jun 2009
So..I heard AbsshA had solved the crackme. Any idea of when it might be released? Unfortunately, I've "temporarily" given up. =(
sharpe
Author
21. Jun 2009
Hi there, as requested by simonzack, I will give a tip regarding what you are/are not looking for: When a valid unlock code has been entered, a specific string value is written to the data section. This string value is the solution to this challenge. There are no messages (MessageBoxA) that will inform you that you have entered a valid unlock code. View the data section in the dump view when entering values and keep your eyes peeled for valid ASCII values :o)

I have received a few solutions so far, which haven't been posted here as they would spoil the challenge. If anyone wants a tip, please don't hesitate to send me a PM, I'll be certain to give you just enough information to get you moving again. Remember, if you never give up, you never lose!

I wish everyone a good Sunday.
sharpe.
sharpe
Author
28. Jun 2009
Did my comments help at all?
Happy Sunday :o)

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.