| Sure, @alexisreen0. The binary is statically linked with stripped symbols. Hence, it would make sense to identify some libc functions first (printf, puts, strcmp etc.) using signatures, for example, and work backwards from there. As for the anti-debugging measures: There is a separate thread checking whether a debugger is attached. Try to prevent this thread from being started. You should rely on dynamic analysis as much as possible because of the stripped symbols and anti-disassembly measures. |
==> |
| 1. Attach a debugger before entering the password
2. Put a breakpoint at ?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A (std::cin)
3. Enter an arbitrary password
4. Look at register RSI |
==> |
| admin / kaka123 |
==> |
| Although the applied obfuscation techniques are definitely rather simple, it is still a fine crackme. Interestingly, IDA's decompiler slightly struggles with the key validation function – it'd be great to see a more difficult version of this crackme in which the IDA decompiler (and similar decompilers) completely fail(s). |
==> |
| The password is enesibledev.
Great crackme! It wasn't trivial to circumvent the anti-debug techniques. |
==> |
| The password is hard-coded at offset 0x2CE0... |
==> |
| Error: An unexpected error occurred while trying to open file crackme.jar
It seems the MANIFEST.MF file is broken. |
==> |
| Well done, db123! Any chance you could upload your full solution? |
==> |
| A good challenge. Debugging helps a lot. |
==> |
| VirusTotal reports 27/68 malicious flags. It could be 27 false positives due to the strong obfuscation, but I would encourage the author to upload the source code somewhere. Comparing the hash of the compiled program with the one in the .zip file would prove that the CrackMe is indeed harmless. |
==> |
| This CrackMe was written by me. Please give me respective ownership. I can prove it if you want me to. |
==> |
| Nice CrackMe. Enjoyed solving it. |
==> |