CrackMe Challenge [Part 6] - Client/Server (C#)


(The C# Dude) #1

Hey Mates,
in the last post I mentioned to maybe make a bigger challenge, which I think I’ll publish within the next days. Today I got a little introduction to Client/Server cracking because this will be extremely important for realistic exercises. In most of the cases your password/license is tested Server-side, so it is very helpful to know some fundamentals. This CrackMe is very easy but you can do much with it (Different ways to solve, change server, …), so it should don’t get underestimated :grin:.

Description of the RE Challenge

Ok, it is a very simple Client/Server system. I coded it a bit weird, because you should learn how to understand more complex code. The password mechanism is extremely easy, but I think you’ll find that out on your own. A last thing to say is that I recommend to first RE the server when you’re done with the exercises, because in a realistic scenario you probably won’t have the chance to have a look at the server. If you stuck (I think you’ll do it but maybe you get confused) you can of course have a look at the server for some help.

Difficulty: 3/10

Requirements

  • A fundamental understanding of Client/Server programming would be very valuable
  • C# programming or any other language (I would just love it to see my C# client communicating with a python server :smile:)

Download

This time I’ve got the obfuscated version of both, the client and the server. As always I recommd to use the obfuscated one (I saw nobody used the unobfuscated one in the last part; Well Done!), but you can of course have a look at the unobfuscated one.
– Client –
Obfuscated: https://mega.nz/#!vpoCgDpR!mDhSjBYg_bRwgJMhUuzug1DCG_W5S-R5JJ6s7DgXcDI
Unobfuscated: https://mega.nz/#!a1QiFbgQ!LY-_KaTW62tw-BfaLpjZGWK8JzNWfr26qcwB9a_IKMQ

– Server –
Obfuscated: https://mega.nz/#!v1QRSIpL!_m3wvw1sh1RpXbU6m4L-SAPSp75o_R3VwoCjO9S7v8w
Unobfuscated: https://mega.nz/#!a0gxyJ5a!j9n9metXFiE5xrp6E4iQ3tiC3HTjTKBArHlWkHzYmnw

Start the Server first and then the Client on the same computer (As always: Tested on Win7). If you get any Errors just ask me ;).

Exercises

Exercises? Why don’t just crack the password and feel 1337? This challenge is a little introduction to Client/Server systems, so it is useful to try different things out. There are more than one way for solving it and I recommend to play a bit around for collecting experience.

  • Change the client that it doesn’t need the validation of the server
  • Code your own server which always returns that the password is valid (Could also be done by changing the existing server; for this the unobfuscated one could be helpful)
  • Find the password in the servers code (Yep, easy stuff for you ;))
  • And maybe you want to play a bit around? Change client and server with adding more complex password mechanisms, etc…

Hints

If you get stuck at a particular point show here for some help :slight_smile:.
How to change the code of the client?

[Spoiler]In dotPeek you can’t edit the code right in the window, so just copy it out into a new project and edit it there! I recommend to change the variable names of course ;). Or you can use the unobfuscated version for a better useable code.[/Spoiler]
How to code a server in C#

[Spoiler]You could use my code and just edit it or you can google for a good tutorial on that. I’m sure you’ll find something for you.[/Spoiler]
How to send always an “Ok” to the Client?

[Spoiler]Just don’t test the password Server-Side. Jump directly to the send of the “1”, which represents an “Ok”.[/Spoiler]

Conclusion

I hope this challenge is useful for playing around with and learning some basics. Finally I want to add that I work hardly on the next challenge, which should be ready in the next 1-3 days. Spoiler: It will include a little self-written game :grin:.

|-TheDoctor-|


(pico) #2

A Perl Server :stuck_out_tongue:

#!/usr/bin/perl
use IO::Socket::INET;

$| = 1;

$socket = new IO::Socket::INET ( LocalPort => ‘13378’,
Proto => ‘tcp’, Listen => 5, Reuse => 1
) or die “Cannot create server socket”;

$c = $socket->accept();
$c->recv($data, 1024); # This is not really needed
$c->send(“1”);

$c->close();
$socket->close();

P.S.: Looks like the spoiler tag does not work well with code/pre??


(Jakub) #3

My simple server implementation in Python :slight_smile: Thanks!

import SocketServer

class Serv(SocketServer.BaseRequestHandler):
def handle(self):
self.request.sendall(“1”)

if name == “main”:
HOST,PORT = “localhost”, 13378
s = SocketServer.TCPServer((HOST,PORT), Serv)
s.serve_forever()


(The C# Dude) #4

Pretty cool implementations! Status Update: I’m done with 3/4 of the next challenge :slight_smile:. I hope I can upload it today but it should be online till tomorrow. I’m excited to see how good you’ll handle a realistic example :grin:.


(Command-Line Ninja) #5

Hmm. I’ll look into it.