Hello all,
I'm back with a source in order to solve a very interesting crackme by our dear Beatrix.
A guy named jE! (man you are crazy) solved it manually on crackmes.de. Here's a mathematical solution. I used a tree in order to modelize the maze. In order to get the links between the node (each node is a int3 SEH handler), i used the disasm engine BeaEngine, an usefull lib .... I handcoded the tree's modelization in C. No lib is used here.
In fact, in the crackme, there is several handlers (about one thousand) for the int3 exception. Each handler has 4 ways to modify the eip , so we can take at maximum 4 different paths (so each node can have till 4 childs) . You have to build a keyfile in order to find the right path in the maze and to get the messagebox "Registered". You know where the maze begins (at the first handler) and where the maze ends (at the correct messagebox) . So you have to explore the tree and find a correct path between theses two points. Then, you can build a valid keyfile which is able to follow the right path.
My program gets the first solution. With some modifications, you would get several solutions and choose the shortest keyfile for instance.
I won't explain more how I solved it, you may have a look to the crackme and to the solver(including source in C) here . In order tu use the solver, you have to unzip the file because it uses "oct.exe" which is the crackme to disasm. It will generate a valid keyfile.
Thanks to Beatrix for this very interesting crackme and Baboon for hosting the files.
Inscription à :
Publier les commentaires (Atom)
Dude, you forgot crackme title!
RépondreSupprimerhttp://crackmes.de/users/beatrix/octopus/
Very cool work and BeaEngine is very powerful.
hehe jE! IS crazy "this is fun > am i calculator!?!? i'm vHHHHeeerry aMNgryyy."
cool :)
RépondreSupprimerI'll try using beaengine as well, it seems very useful but I'll need to adapt to C
(I'm more object orientated, and did this crackme in js)
I can't imagine how je did it
3 hours!
that's still quick for such a huge tree