CrackMe Challenge [Part 4] - Dynamic Password (C#)


(The C# Dude) #1

Hey Mates,
another challenge is ready for you. I won’t hold that posting speed because the programs will get more complex the further we come but at the moment I can publish rapidly :wink:.

Description of the RE Challenge

This time I wrote a new form of password mechanism. There is not much to say about it. Just find the password; little hint: It’s unique for each user.

Difficulty: 2/10

Requirements

-the fundamentals of C# Reversing (A bit obvious, isn’t it?)
-fundamental knowledge of C#

Download

As I said before I’ll often upload an obfuscated and a normal version of the program. I highly recommend to use the obfuscated one but if you don’t know how to proceed you can of course take the easier way :slight_smile:.
Obfuscated: https://mega.nz/#!mpIUVQgI!WJDe3eklcdi2iE2KURXaFFpdKlPj4VPjvKxKq-pgFk0
Unobfuscated: https://mega.nz/#!f9ABQLhQ!NAVJ2c4JvCmkjy_Tm2VyG_PjQ1xhTpBvQ-42qCr3wOY

Conclusion

When you solved this one without even had to think about it, wait for the next parts. I am planning to add some more complex exercises than just finding the password, e.g. Client/Server cracking. The next part will be about reversing a license algorithm, then maybe about removing nags and finally we come to the more interesting topics ;).

Example Solution

As always I give my way here for the ones who don’t know how to do it and want to learn it and the ones who just want to compare their solution with mine. Again I sadly miss a spoiler feature, so I have to give you an external link: http://pastebin.com/atYFtEcv

|-TheDoctor-|


(Jakub) #2

I had to write own first “keygen” to solve this :grinning: Big thanks for you work, @TheDoctor!

Wait for the next challenge!

P.S. As in previous part, this obfuscated version not launch in linux mono.


(Mostly whitehat) #3

Decided to write a key generator in C# for this one

[spoiler][code]
using System;

class Program
{
static void Main(string[] args)
{
Console.WriteLine(Environment.MachineName + Environment.UserName + Environment.Version);
Console.ReadLine();
}
}
[/code][/spoiler]


#4

I patched the exe using JustDecompile with De4dot (deobfuscator) and Reflexil (IL editor) plugins:

Run de-obf:

Reload the deobf’d exe…

Rewrite password method to return 1:

Rewrite main method, push 1 instead of local var str onto the stack, compare 1==1:

Running:

Patched code:

Sorry for the resurrection.


(The C# Dude) #5

Cool solution… Try your skills on my last challenge if this one’s too easy for you :stuck_out_tongue:.