xylitol's XyliCrackMe No. 3
Download XylicrackMe.zip, 29 kb (password: crackmes.de) Browse contents of XylicrackMe.zip hello all
Difficulty: 1 - Very easy, for newbies | RatingWaiting for at least 3 votes View profile of xylitol » |
Solutions
Solution by br0ken, published 11. oct, 2007; download (58 kb), password: crackmes.de or browse.
br0ken has not rated this crackme yet.
The submission of solutions is closed.
Discussion and comments
Zaphod 03. Oct 2007 | I stumbled over the password and the program says I'm a "Good Cracker!" - but I have no idea how to deal with this crackme in an organized way... |
---|---|
br0ken 03. Oct 2007 | Same thing, stumbled upon the hardcoded pass. |
TiGa 03. Oct 2007 | Your head is the best tool to use every time. ;) |
Zaphod 04. Oct 2007 | He he, TiGa - sometimes I wish for a better tool :) But perhaps it is necessary to know something about QBasic in this case? |
br0ken 04. Oct 2007 | Nope... you don't have to know anything about QBasic. You can solve this if you know some hex editing. That's all! |
Zaphod 04. Oct 2007 | br0ken, do you mean load the crackme in a hex editor and have a look? That is not solving - it wouldn't work if the password wasn't hardcoded. I can't break in the crackme in any way - not even using point H (hmemcpy). |
br0ken 04. Oct 2007 | It's not the best way, but it is one way of solving, instead of putting BP[s] on API call[s]. As for this CM, the pass is hardcoded, that's why it is a solution [atleast i think it is, i'll leave the mods to decide]. What's wrong in hex editing? Moreover, patching is authorized. So i'm at liberty to do what I want to get the pass. Even if it means hex editing. PS : I used notepad. It's alot easier. |
TiGa 04. Oct 2007 | Notepad works but what if it didn't? Like any other crackme, it needs to be unpacked then disassembled and/or debugged. QBasic is the free compiler that came with Dos (and gorilla.bas), many many years ago. |
Zaphod 04. Oct 2007 | br0ken, of course you are free to find the password in any way you choose, but I would like to know how to enter the crackme. There are three threads, the main thread and two others, and one of them must check the arbitrary password I enter and decide if it is correct. But I can't even find my password anywhere in memory at any time. The program is compiled with the ancient QBasic, but still it is a program that can run on todays computers, so it must be possible to get into it, but how? I am rather mystified... |
br0ken 04. Oct 2007 | Zaphod, Ok, my way is of finding the pass is noobish, but it works. "I am rather mystified..." So am I. I've managed to run it in Olly [raised quite a few exceptions!]. I'm guessing Olly just isn't designed for 16 bit apps ;) And it's packed too? [How do you find out?] This one is harder than I thought. OllyDump and LordPE don't work with 16 bit apps [correct me if i'm wrong]. That having said, I have no idea how to unpack this. Maybe i'll leave this to the experts ;) |
TiGa 04. Oct 2007 | Before disassembling the program, Ida told me it could be packed. I checked with my 10 year-old packer detector and indeed, it was packed by the compiler itself. It's a Dos crackme BTW. I thought it had been changed in the description. |
DigitalAcid 12. Oct 2007 | My program said it was packed with E****** 5.**.*** and unpacked it. Still wondering how we are supposed to solve this without Notepad. |
TiGa 13. Oct 2007 | Think about the tools that were available 10 or more years ago. Qbasic came included with Dos, so did a debugger. |
br0ken 14. Oct 2007 | You mean the one that's shipped with Windows. Run--> cmd--> debug proggie.exe? |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.