thecipher's IcantDoThis
| Download crackthis.zip, 7 kb (password: crackmes.de) Browse contents of crackthis.zip Hi there,
Difficulty: 1 - Very easy, for newbies | RatingWaiting for at least 3 votes View profile of thecipher » |
Solutions
Solution by Ank83, published 31. mar, 2006; download (12 kb), password: crackmes.de or browse.
Ank83 has not rated this crackme yet.
Solution by red477, published 31. mar, 2006; download (23 kb), password: crackmes.de or browse.
red477 has not rated this crackme yet.
Discussion and comments
| znycuk 25. Mar 2006 | What do we have to do with this binary ? I think i've not really undestood the purpose of this one... just found : "This *IS* the message: '- Blowfish rulez, don't you think? ;-P'" without the quotes. |
|---|---|
| Ank83 26. Mar 2006 | Hi. I think that all we have to do is pop up the good message. That would be patching. If that is the point of this crackme it's damn too easy. To moderators: Come on post the 6 crackme's ! Waitng a hole week. Best Regards Ank83 |
| l0calh0st 26. Mar 2006 | What's the purpose?..Only finding the message?..then it's too easy :P |
| Caleb 26. Mar 2006 | Basically what this does is first decrypt the good message, then encrypt it again, and then show the bad message. So all you have to do is patch at two locations: (1) Skip over the encryption routine (2) Patch the arguments to the printf() call to have the offset of the good message instead of the bad one. Unpacking this was pretty easy (even though I'm a noob too). After unpacking you dump the full memory image with LordPE, then fix imports with ImpRec (the imports are ordinal only - without function names - so you'd have to give ImpRec the RVA and size yourself). |
| si1ent 26. Mar 2006 | Hi, I'm new in reverse engineering, and I would be glad for every hint on this crackme. Maybe it's very an very easy one, but can't you also submit a tutorial? I only get the message "This is *NOT* the message"... But I've no idea, how to crack this with OllyDebug (new tool for me). I can't find the output string, I can't find a call to 'printf' and none to 'int 21h' for output, so I have no idea how to start cracking this crackme. Thank you for any help :-) Best Regards si1ent |
| Ank83 26. Mar 2006 | Hi si1ent All you need to do to see the good message is put break point some lines above the print and you will see it. And if you want to patch it - all you need to do is put a jump when the good message is decrypted to print. Hope u understand me ! I think I will stay out of this ! Give a little chanse for the totaly newbies. Best Regards Ank83 |
| si1ent 27. Mar 2006 | Hi Ank83, thank you for your reply!I'm afraid my problem is less patching the crackme than working with ollydbg: I can't find any call to printf! Can anybody give me a short description how to find this function-call in this crackme? Is it wrong to search in the "CPU-main thread"-Window? Is it possible, that some user-settings are wrong? Thank you very much and best regards si1ent |
| HMX0101 27. Mar 2006 | Hi, the good message is encrypted into the bad boy message for show the good message you need to patch a jump and changes two bytes :) |
| code_inside 27. Mar 2006 | I think that si1ent wants to unpack the CrackMe first... ;) |
| si1ent 27. Mar 2006 | @code_inside: funny ;-) I do: 1) unzip the crackme 2) open it with ollydbg 3) my question: what do I have to do to find the call to printf? right-click->search for->Name in current module? No success. Maybe somebody can post a screenshot or the address of this function call?! For example in 'CrackMe by ScR1pT' I searched (successfully) for 'vbaStrCmp'. But theres no result for 'printf' in this crackme here. Sorry for annoying you all! |
| l0calh0st 27. Mar 2006 | You need to unpack the file first...It's different from unzipping :).........I dont want to spoil the fun.....So try to do it yourself or study some basic tecniques from here http://jbfonline.net/sndtuts |
| si1ent 27. Mar 2006 | ok, thank you for the hint. In the meantime I found the solution for 'junky#1.exe by HMX0101' where unpacking is illustrated. And now I know that it wasn't a joke by code_inside to unpack the crackme first. @code_inside: sorry :-) I wrote that I'm new in reverse engineering (newbie). In this discussion, everybody says how simple this crackme is, but why doesn't anybody write a tutorial for this one, according to the FAQ 'What do I write in a solution?:The main goal of this site is to give newbies [like me :-)] a way to learn'. Ok, thank you very much for the your answers and sorry for annoying you, best regards si1ent |
| Ank83 27. Mar 2006 | Hi si1ent l0calh0st was right. Unpacking exe is diffrent from unpacking zip, rar, ace e.t.c. But I suggest that u start with automatic unpackers - application that automaticly unpack the exe file. All you have to know is with wich packer is the target packed. You will know that with PEID 0.93 (the most popular). Then you will search on google.com for automatic unpacker for that packer. And so on ... I think in this case the job will be done with Quick Unpack v. 1.0 - unpacker for many packers. You can download it from http://ahteam.org/oursoft.html?do=view&prgid=qunpack l0calh0st: That's a nice site you have there ! By the way is anyone on this site from Great Britan ? Best Regards Ank83 |
| l0calh0st 27. Mar 2006 | I know it's quite annoying for newbies to unpack at starting...but after you read some tuts and try some targets you'll come to know the tricks..i have learnt many things only from here by searching some easy targets and working them out..it's good to try the solved targets first..it will help you |
| code_inside 27. Mar 2006 | si1ent, Hahaha, that was a cool reply :D I think I needed to be more precise, but now you know about it ;) |
| si1ent 27. Mar 2006 | :-) thank you for the help and short descriptions! @code_inside: with hindsight my reply seems to be a classical newbie reply. shit happens ;-) have a nice week, si1ent |
| MulleDK13 30. Nov 2008 | Yay.... Easy one xD |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.