TDC[NL]'s CodeShield II
| Download CODESHL2.ZIP, 56 kb (password: crackmes.de) Browse contents of CODESHL2.ZIP Hehe my other CodeShield got solved, so I am striking back with CodeShield II :-)
Difficulty: 3 - Getting harder | Send a message to TDC[NL] » View profile of TDC[NL] » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| kao 15. Nov 2005 | Very much overrated. Difficulty 3-4 would be more appropriate. |
|---|---|
| TDC[NL] Author 15. Nov 2005 | For some it's easy kao, for others not, I think your skills at this stuff is maybe just better and that could be why u think it is easy :) |
| deroko 15. Nov 2005 | After ReadProcessMemory edx is set to 5 on xp sp2 (after successful read, didn't check what happens with edx if read fails), and on win2k is set to 1, latter edx is used as index to inputed serial and it is not set to 0 nor any other number but it's value depends from last called api. Is this a bug? |
| MaxM 15. Nov 2005 | yeah, I noted it too in IDA right now. mmh... M$ specs for WinBool should state that true is any <>0, so assuming (1) as true is a fault on WinAPI, I think... |
| deroko 16. Nov 2005 | well problem is that edx is not preserved during ReadProcessMemory and holds some "random" value, so my q is : can we patch just this to set edx to 0... |
| kao 16. Nov 2005 | TDC, this was not meant as offense.. ;) I downloaded it because I expected a challenge that will last for 2-3 hours, but found a simple encryption that requires smart bruteforce.. ;) A crackme that is level "8 - very very hard" should have more than that.. Even if all bugs in the crackme (like above mentioned EDX usage, buffer overflow in serial input and possible use of ProcessId in decryption, SEH handler that does not behave like it should) are intentional "features", it still is no harder than "5 - professional problem to solve".. |
| TDC[NL] Author 17. Nov 2005 | quote from kao.. 'simple encryption that requires smart bruteforce.. ;)' hehe i bet you need smart bruteforce for this one, but it's not bugged in any way i'm sure of it, if you input the right pass, it decrypts the codes to show the message and decrypt the message the SEH handler is just ment to quit the crackme if it begins to execute buggy codes generated from a wrong pass |
| TDC[NL] Author 22. Nov 2005 | So... any1 going to solve this one and write a nice tut? :) |
| D4ph1 22. Nov 2005 | Great crackme TDC!;) |
| Vohligh 24. Nov 2005 | Can you give any hints as to how long the password is? |
| TDC[NL] Author 29. Nov 2005 | ok, the password is about 14 characters long :) |
| Yosh64 13. Dec 2005 | hah, i've tried a crackme like this before... where the password is used to decrypt the code... hmm... gonna be tough to figure without knowing what the code is meant to be :\ |
| TDC[NL] Author 31. Dec 2005 | hehe, i give 1 hint the password is used to decrypt the opcodes to decrypt the opcodes for the junk/messagebox and that all filled with junk ^_^ |
| TDC[NL] Author 07. Feb 2006 | Anyone yet solved it? I think I know a nice bruteforcing way that would work. If anyone interested leave comments and I'll see if I can contact ya, or post my ideas here. |
| HMX0101 08. Feb 2006 | Great crackme, TDC! Good Job! |
| jetamin 08. May 2006 | i think that EDX sets to 5 because thats the number of bytes readen ... |
| jetamin 12. May 2006 | is anyone still tryes this one ??? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.