Page 1 of 2 12 LastLast
Results 1 to 15 of 18

Thread: "brand-new-ways-crypted" crackme for new year!

  1. #1
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1

    "brand-new-ways-crypted" crackme for new year!

    just coded hot puzzle for our MB:)
    find "brand-new-ways-crypted" message!
    Attached Files Attached Files

  2. #2
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Nice to see you around here again Eval, thanks for the puzzle.

  3. #3
    Careful. I welcomed him back and got a very "cryptic" reply.

    Regards,
    JMI

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Hi Eval,

    As usual your code excursions are interesting. Also minimal and cryptic in and of themselves

    Is your message THE code, or is there a message IN the code?

    I see an interesting MISuse of a privileged instruction, a little trick a protector could play for a quick exit. Is there a further message?

    Cheers,
    Kayaker

  5. #5
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99
    Hello,

    Nice riddle but I'm a little bit lost...

    I've tried various things (like "xoring" between 0x402005 to 0x402018 with different values) but none seems to works...No readable string or executable code seems to appear.

    Some strange things :

    1) The use of "HLT" in a ring3 process must call the SEH handler, so we go directly to Pop the handler+ExitProcess...

    2) Why there's so much INT3 opcodes ? so why the Entry point is not at the base of the code section ? and BTW, the VirtualSize (and SizeOfRawData) are trully big for just some lines of code...

    Nothing important in the PE header, and the import table is ok with just one import...

    Well... I'm stuck

    Any advices or clues ?

    Regards, Neitsa.
    Last edited by JMI; January 2nd, 2005 at 22:49.
    Omne tulit punctum qui miscuit utile dulci

  6. #6
    Hmmmmmmmmmmmm.........

    I have spent a few hours on this and I am also wondering the same things.
    A big pile of int3's. I thought they were there to put "us" lost in an infinite loop/ kill debugger. Perhaps even a stack crasher but I could not find anything to indicate a stack crash. (I could have missed it :P )
    The HLT is a bit strange.

    Perhaps we are mis-interpeting the name of this challenge.

    Woodmann

  7. #7
    Tola
    Guest
    happy new year to you, too, evaluator
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #8
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,079
    Blog Entries
    5
    Nice one Tola
    You speak Evabulator I see

  9. #9
    shit how could i have missed that.
    nice puzzle evaluator.
    Regards,

  10. #10
    Musician member evaluator's Avatar
    Join Date
    Sep 2001
    Posts
    1,479
    Blog Entries
    1
    ok, open for public you findungs, Kayk & Tola..

  11. #11
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99
    Ok, I'm must be blind, dumb or something like that...

    I haven't got it .... Waiting for the light to come

    I'm still searching...
    Omne tulit punctum qui miscuit utile dulci

  12. #12
    Tola
    Guest
    Code:
    hlt
    and     eax, 79h
    push    5
    pop     ecx
    inc     eax
    ...
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #13
    Registered User
    Join Date
    Feb 2004
    Location
    France
    Posts
    99

    Smile



    Damn ! It reminds me +Mala's riddles, where searching too far for things that are...just here under your nose...

    That was fun.

    Regards, Neitsa.
    Omne tulit punctum qui miscuit utile dulci

  14. #14


    Woodmann

  15. #15
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    My IDA Pro fails to decode the instructions in the middle of the message, I only get this:
    Code:
     
    .text:00402005                 hlt
    .text:00402006                 and     eax, 79h
    .text:00402009                 push    5
    .text:0040200B                 pop     ecx
    .text:0040200C                 inc     eax
    .text:0040200D                 neg     eax
    .text:0040200D ; -----------------------------------------
    .text:0040200F                 dd 419B0B0Fh, 0D083770Fh
    .text:00402017 ; -----------------------------------------
    .text:00402017                 and     ebx, eax
    .text:00402019                 retn
    Any idea why anyone? The processor is set to metapc, so it should recognize any x86 instructions, right? Which instructions is it that it's unable to decode?

Similar Threads

  1. oxf001m3 a "harder" crackme
    By 0xf001 in forum Linux RCE
    Replies: 9
    Last Post: April 21st, 2007, 10:59
  2. Terminal Dogma: "the whole crackme is ANTI trace!"
    By ZaiRoN in forum Mini Project Area
    Replies: 11
    Last Post: December 1st, 2006, 19:23
  3. Replies: 9
    Last Post: May 16th, 2006, 02:52
  4. Replies: 5
    Last Post: June 23rd, 2005, 00:15
  5. CoDe_InSiDe's "checkit" crackme
    By rmlobvx in forum Mini Project Area
    Replies: 10
    Last Post: January 13th, 2003, 03:39

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •