[CrackMe] AikonCWD.01

crackme
reverseengineering
challenge

(AikonCWD) #1

Hi all! My first contribution in this community :smiley:

I coded a small crackme for you, don’t know if this crackme is for advanced users or not, depending on the results I will change the difficult for future crackmes

GOAL

  • Guess and post here the correct serial/key for this crackme
  • You can crack or patch the crackme if you want, but you need to provide the correct serial/key
  • If you want, write a nice tutorial explaining how you beat this
  • If you solve this crackme, you will see this message:

Some Info

This crackme uses some anti-debug tricks that may trigger AVs. VirusTotal shows 22 detections, but the file is clean. If you feel better, you can run it into a VirtualMachine or SandBox (there is no anti-vm tricks on this crackme).

Download

P5.exe on mediafire / ZIP Password = crackme

Help, Hints…

I preffer start this without helping you, but feel free to share here any hints

Good luck! :blush:


#2

Was an interesting challenge, looked way easier at first sight turned out it took me way longer than expected.
Had lots of fun though! :smiley:

My solution was to hook the entiere msvbvm60.dll to see what the obfuscated code calls, which then lead me to VarTstNe where I then simply dumped the compare values.


(AikonCWD) #3

Awesome man, congratulations :slight_smile: May I ask you some questions?

  • How time did you spend on this crackme?
  • From 1 to 10, how is the difficult of this crackme?
  • From 1 to 10, how fun was to solve this crackme?

Thanks! :slight_smile:


#4

Hmm I think I worked 3 hours on it, rating the difficulty and fun in numbers though is pretty hard for me as I’m not really good at this.


(Command-Line Ninja) #5

For context, @Leeky was the highest scoring member on our CTF. He is probably the best pwner on this forum (excluding @exploit, @_py, @dtm + @0x00pf) since they all were involved in CTF development.


#6

I need to take a long shower after this. :nauseated_face:

  1. Find __vbaFileOpen
  2. Identify single-key XOR-decoded keyfile.dat string
  3. No more luck trying with debugging
  4. Throw into API monitor
  5. Identify required key string length of 14
  6. Set random key with 14 characters
  7. Identify secondary string I`sldqmdk(<=2
  8. Take single-key XOR hint from before
  9. Bruteforce XOR decode new string
  10. Find readable string