Page 1 of 3 123 LastLast
Results 1 to 15 of 34

Thread: DirectX crackme

  1. #1

    DirectX crackme

    UPDATE: Crackme released, scroll down for URL and info.


    After the discussion in the other forum I'm just putting the final touches to a DirectX crackme; I don't think there are many (if any) of these around, so hopefully it will give people a target to play with.

    Before I release it would anyone like to volunteer to analyze/crack it for me just to make sure I haven't left anything wildly obvious open to exploit? It should be ready today or tomorrow. I could also do with making sure it works on a couple of machines, DirectX being the lovely compatible system that it is....

    Cheers!
    Last edited by Silver; November 2nd, 2006 at 08:54.
    Still here...

  2. #2
    Hi Silver, I'm interested in your DX crackme.
    I am volunteer, but as i'm not an expert in cracking/reversing I can't certify about bugs.
    Though I can test it on my machine.
    XP SP2 w/DXSDK & DX9
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  3. #3
    evil evil evil idea....
    are you using ... ...shaders?

    "OMG"
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  4. #4
    Um, no HDR please =)
    I forgot to mention that my gfx card was a nvFX5900XT.
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  5. #5
    Cheers guys, I have a couple of volunteers now...

    Maximus now that *is* evil. I haven't done that this time, but you've given me a great idea...
    Still here...

  6. #6
    I am evil

    I would suggest to place your solution along a 3d Lattice* ( ) and use shaders to perform ... oooh ....
    ok, a new lvl 9 crackme, I would say, eheh
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  7. #7
    mmmm! That would be seriously difficult to crack, if you passed in data to the shader (texcoords or whatever can be used easily), packed the result into DWORDs then wrote the result out to a surface using the DWORD as the ARGB for each pixel. All the reverser would see is magic data going in, magic data coming out and no direct way to debug the shader.... Nasty!
    Still here...

  8. #8
    Okay, the crackme has been dispatched to my willing victi...uh, testers

    If everything is ok I'll post it publicly shortly.
    Still here...

  9. #9
    It is fully working here.
    Despite the fact that i'm a beginner I think this would give pleasure to advanced reversers.

    Silver, no direct way to debug the shader, even using stuff like NV(ShaderPerf|PerfHUD) ? Is it depending on the way the shader is used (i mean compiled with the application) ?
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  10. #10
    Silkut, debugging shaders without the original source would be a total nightmare. I'm trying to think it through now. The only reason you can debug shaders at the moment is because Visual Studio and DX etc have shader debugging extensions. But if you're reversing an app you won't have the app source to load into Visual Studio and take advantage of the debugger. That means you'll have to extract the shader code from the app directly - that's not a problem because you can use shader simulators, but then what do you do with it? If all the input to the shader is coming from the app you'd have to code your own app that simulates the exact same input to be able to debug it. You can't just break in the middle of the shader because it's simply dumped to the GPU, which you have no direct access to. As far as I know there's no way to read a shader program back from a gpu...

    As maximus has said, this would probably be even harder for vertex shaders than for pixel shaders. At least with pixel shaders you're translating across the surface one pixel at a time, but with vertex shaders you're being passed the vertex data directly. So not only would you somehow have to debug the shader code, you'd also have to understand how the data (say, the license key or whatever is being processed) is packed into the vertex data. Now imagine the final transformed position of the vertex is important to the protection in some way, such as a simple depth test.

    I'd go so far as to say a protection like this would be very close to impossible to break from a pure protection point of view (ie: assuming the rest of the app didn't do anything silly like have individual goodboy/badboy jmp's). You wouldn't even need any goodboy tests, the app would run exactly the same but the end result of the shader would control what was displayed. Ouch.
    Still here...

  11. #11
    I know...
    It is a free dongle installed in each PC
    ...and much more powerful and evil of every existant dongle, I would say

    ...but let's not suggest too many evil ideas to protectionists...
    Last edited by Maximus; October 30th, 2006 at 13:03.
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  12. #12
    Ok I think I get the point.
    Anyway this kind of challenge require more than reverse skills.
    Please consider donating to help Woodmann.com staying online (here is why).
    Any amount greatly appreciated. Thank you.

  13. #13
    eheh I'm late with 2 articles, 2 special 'crackmes', REA and what's more?
    Oh, yeah, my nephew's fresh new vgame don't run with DT installed...
    and work, clearly ...but I'm terribly curious

    Maybe it's time to remove all the dust from my DX knowledge
    I want to know God's thoughts ...the rest are details.
    (A. Einstein)
    --------
    ..."a shellcode is a command you do at the linux shell"...

  14. #14
    Okay, thanks to my victims including Silkut and Zairon, the crackme is ready for public release.

    Download from here: http://www.savefile.com/files/206121
    Crackmes.de mirror: http://www.crackmes.de/users/silver/silvers_dx_crackme_1/

    Original MD5 for the .zip for your peace of mind:
    4B3FE5E0F7D14762F234EB9956044385


    Please be sure to read the readme carefully before you begin - it will potentially save you a lot of time.

    When someone has beaten this crackme & published a solution I'll release a cut down version that concentrates purely on DirectX stuff, which will hopefully give people a playground for DX reversing with no other distractions.

    Let me know how you get on!
    Last edited by Silver; November 3rd, 2006 at 07:13.
    Still here...

  15. #15
    Just thought I'd bump this and see if anyone is working on it? I know Mr Squeers is, and it's had a bunch of downloads at crackmes.de but as yet no discussion or solution.
    Still here...

Similar Threads

  1. DirectX 10 on Windows XP
    By Hero in forum The Newbie Forum
    Replies: 7
    Last Post: August 6th, 2009, 07:06
  2. DirectX 5
    By Cenobyte in forum OllyDbg Support Forums
    Replies: 2
    Last Post: June 30th, 2005, 08:57
  3. IceExt & DirectX
    By omega_red in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: June 1st, 2004, 11:54
  4. DirectX interface names
    By omega_red in forum The Newbie Forum
    Replies: 4
    Last Post: May 13th, 2004, 14:38
  5. Replies: 3
    Last Post: March 18th, 2003, 16:19

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •