SoN's SoN Crackme 3
| Download SoN_CrackMe_3.zip, 38 kb (password: crackmes.de) Browse contents of SoN_CrackMe_3.zip This a different style crackme for SoN. This crackme connects to a webserver for verification. It creates a bit of a challenge. It's still very crackable if you know how to go about it. Oh, and hacking the server is not a valid way to go about it... Thanks in advance for that one.
Difficulty: 4 - Needs special knowledge | Send a message to SoN » View profile of SoN » |
Solutions
Solution by EsKiMo, published 02. sep, 2005; download (75 kb), password: crackmes.de or browse.
EsKiMo has rated this crackme as awesome.
Discussion and comments
| Rammer 07. Jul 2005 | PEview Version 0.8.0.0 errors while loading the executable. Next tried PE Explorer v1.97 (30 day evaluation version from www.heaventools.com): 07.07.2005 00:41:58 : Error: Bad MS-DOS Header! Processing cancelled. 07.07.2005 00:41:58 : Internal Error! (Step: Examining File Headers) 07.07.2005 00:41:58 : Done. No luck. Viewing the executable with WinHex 12.25 SR-3 (a hex editor), the MS-DOS Stub Program does indeed look bad. It appears to be packed using UpackByDwing: MZKERNEL32.DLL..LoadLibraryA.... GetProcAddress..UpackByDwing@... PE PEiD v0.93 has an unpacker, but it crashes on me while trying to use "snaker's Generic Unpacker v0.1" plugin. Didn't look like other VB executables in the hex editor, yet I tried VBReFormer V3.7 and as expected was told it was not a VB4-5-6 executable or the progam uses anti-decompilation protection. Capturing packets while trying to register with random names and codes, show a response from 24.140.81.xx (cable-81-xx.sssnet.com) HTTP/1.1 200 OK..Server: Microsoft-IIS/5.0..Date: Thu, 07 Jul 2005 05:46:43 GMT..X-Powered-By: ASP.NET..Content-Length: 26..Content-Type: text/html There's a Set-Cookie and a humorous string. Too sleepy to progress. Gave up for now, but I wonder if the cookie could be spoofed? |
|---|---|
| kao 07. Jul 2005 | Unpacking is trivial... I know what kind of reply a webserver should return. I can make my proxy to fake that reply. Does that count as a solution? ;) |
| SoN Author 07. Jul 2005 | Yes, it does count. Start coding! :) |
| SoN Author 08. Jul 2005 | I just re-read that. To be clear, it counts if you can create a program that will duplicate it for other people and explain how it works. |
| EsKiMo 31. Aug 2005 | I think I found something! Submitted a solution. |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.