Navigation X
ALERT
Click here to register with a few steps and explore all our cool stuff we have to offer!



   2510

[Reverse Engineering] Challenge 1 - Crack me and get the right flag.

by Fraudlash - 07 October, 2019 - 11:14 PM
This post is by a banned member (Zombie) - Unhide
Zombie  
Retired Staff
1.315
Posts
18
Threads
6 Years of service
#9
07 October, 2019 - 11:28 PM
Wtf why are ppl leeching here? XD
ONLY DISCORD: zombie#7550 (ID: 785571908267671613)
ONLY TELEGRAM: @zombie_dev

I DONT DO MM. CONFIRM ALWAYS VIA PM ON CRACKED!
This post is by a banned member (footloseiscool) - Unhide
footloseiscool  
Registered
1
Posts
0
Threads
5 Years of service
#10
08 October, 2019 - 12:09 AM
cuz we can lulululululu
This post is by a banned member (JohnBhai) - Unhide
JohnBhai  
Registered
12
Posts
0
Threads
5 Years of service
#11
08 October, 2019 - 09:52 AM
Show ContentSpoiler:
This post is by a banned member (HypeSquad) - Unhide
This post is by a banned member (Fraudlash) - Unhide
Fraudlash  
Reverser
1.239
Posts
450
Threads
6 Years of service
#13
OP 08 October, 2019 - 11:01 PM
any one? No one?
[Image: Banner.gif]

Ad space by @Dav expires 2/14/2024

SELLING THIS MIDDLE SPOT CONTACT @Liars FOR PRICING


SELLING THIS BOTTOM SPOT CONTACT @Liars FOR PRICING

AD BY @ expires 13th November 
This post is by a banned member (Fraudlash) - Unhide
Fraudlash  
Reverser
1.239
Posts
450
Threads
6 Years of service
#14
OP 13 October, 2019 - 11:33 PM
@AntiLeech
[Image: Banner.gif]

Ad space by @Dav expires 2/14/2024

SELLING THIS MIDDLE SPOT CONTACT @Liars FOR PRICING


SELLING THIS BOTTOM SPOT CONTACT @Liars FOR PRICING

AD BY @ expires 13th November 
This post is by a banned member (Shift) - Unhide
This post is by a banned member (CrazySkull) - Unhide
CrazySkull  
Registered
47
Posts
10
Threads
5 Years of service
#16
17 October, 2019 - 07:30 AM (This post was last modified: 17 October, 2019 - 09:22 AM by CrazySkull.)
Key is: AEEIIIIOO?OUUUI
@ForlaxPy????
Well to begin with the first thing I did was to place a jmp to the following address

jmp > 0040197B >>> 004016AA

Already from there starting by obligation you have to skip all comparisons, if you do a simple jmp will not show anything on the flag.

[Image: 2.png]


another thing I noticed is that a payload is injected into the process  >> "rundll32.exe"


[Image: Sin-t-tulo.png]

I made several jumps in the comparisons I saw.

jmp > 0040197B >>> 004016AA

jmp >004016AA >004016C9

jmp > 004016DD > 004016FD

jmp > 00401712 > 0040172E

jmp > 00401751 > 0040176E

jmp > 00401781 > 00401783

When I was advanced I made a mistake.

[Image: 1.png]

That can be solved with a simple nop "nop 00401791"

I also tried to make a jump to this address.

jmp > 0040197B >>> 00401839 

it would take me here, In that comparison I would put "0" So that it would let me access 

[Image: 3.png]

then I do the following.
I place these asm instructions at the following addresses
JZ > 00401896 
JZ > 0040183D
--------------------------------------------------------------------
[Image: 4.png]
[Image: 5.png]

Posible Key
"zakhstan"
"dmo3dmo3dmo3dmo3dmo3dmo3dmo3dmo3dmo3dmo3dmo3dmo3"
---------------------------------------------------------------------
The truth tries several things but does not succeed in solving it  Pepe Pepe Pepe Pepe Pepe Pepe Pepe Pepe Pepe Pepe Pepe Pepe

Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
 or
Sign in
Already have an account? Sign in here.


Forum Jump:


Users browsing this thread: 6 Guest(s)

About Cracked.io

Cracked.io is a community forum that suits basically everyone. We provide cracking tutorials, tools, leaks, marketplace and much more stuff! You can also learn many things here, meet new friends and have a lot of fun!
If you would like to contact us, you can send our staff team a message.

Navigation

Extras

Help

Account