EZ Crack Me for reverse engineering practice!

[Mezmaa]

Hello everyone.

I'm releasing for you all a really easy crack me so you can practice using debuggers. This is aimed for beginners. This is extremely easy, written in only 19 lines of code. If you guys like this type of thing I can make some harder ones..

If you are going to post a solution please put your solution in a spoiler so others don't accidentally see how to do this without trying themselves first. Also, in your solutions I ask that you explain why you are doing something and how you found your results, teach others - don't just show your final answer.

 

https://www.metadefender.com/#!/resu...ginal/analysis

 

https://www.virustotal.com/en/file/a...is/1471036833/

[WasserEsser]

@Mezmaa

Solution Nr.1 - Correct Password

 

Solution Nr. 2 - Wrong Password



Solution Nr. 3 - No Password

 

Open the file in IDA / x32dbg, go to strings, notice that C++CRACKME is not being displayed on the screen and is, therefore, a potential password.

 

Open the file in IDA / x32dbg, go to strings, go to the address where the "Great! You now have full access.." string is referenced, scroll up, patch the opcodes 74 3A with EB 3A to jump to the solution regardless of the outcome of the string comparison.

 

Open the file in IDA / x32dbg, go to strings, go to the address where the "Great! You now have full access.." string is referenced, scroll up, replace the call to get user input via std::cin with a jump directly to the solution without even accepting user input or patch the executable to not even ask for a password and jump straight to the answer.

[bkRy]

How to crack for "newcomers" with OllyDbg only:

_{There are more than 1 way you could do this challenge, I'm just using the easiest "ones".}

"If you guys like this type of thing I can make some harder ones.."
Sure, I'd like to do more.

 

1.Open OllyDbg
2.Attach it to the exe
3.Search for an string that looks like an "password".

And what do we get after a couple of seconds scrolling?
Password = C++CRACKME

 

1.Attach it on OllyDbg
2.Search for the output string when it's incorrect/correct.
3.Look for the JE with a cmp or test, because something is checking if your input equals password.
4. Patch the "JE" to a "JNE" -> "JNZ" and save the file.

^{Inverting a jump might not be the smartest way to do it in complicated programs, but well... who cares I'm a noob myself ¯\_(ツ)_/¯}

Wrong password = correct password.

[__readgsqword]

I figured it would be more fun to write a hack for it.

 

Pass is located at [EBP+030h]

When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.

https://*************.com/open?id=0B8...3M5aUxhbFhwSG8

[Valentinaa]

[QUOTE=__readgsqword;12209466]I figured it would be more fun to write a hack for it.

 

Pass is located at [EBP+030h]

When my dll gets injected, I patch five bytes at Base+011BEh, and call MessageBox to display whatever I typed and what the passcode is.




you help people,but people to you?