Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

Gr. crackme: >>KongFuZi<<

A classroom run by newbies for newbies. Gain valuable reversing experience & skills as we explain the in's and out's of RCE.
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Gr. crackme: >>KongFuZi<<

Post by evaluator »

woah!
this 2 day i force myself to burn-out this crackme.
Idea came quite time ago, but i refused to show it, bcoz of bUstard-brute-force.
thusly, yesterday i build VM-like code, which IMHO prevents brute-force.

i will put it also on CrackmesDe.

ya.. also: lets temporary no discuss it.
it is personal challenge.
if quite time will unresolved, then start discussion. OK?
Attachments
Break_KongFuZi.zip
(6.21 KiB) Downloaded 160 times
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

I've solved it :)
Sending my solution to evaluator...
andrewl

Post by andrewl »

interesting work as usual ... this file does no execution into KEY file region (respecting intended DEP)

[Attachment deleted at request of evaluator. JMI]
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

disavowed, your solution REJECTED :P

andrewl, you are near..
but, can't you all read DAMN Source!!??
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

andrewl, you should not post it open. now others can EAT your finding!
moderator, please, hurry & remove attatchment!
andrewl

Post by andrewl »

yea yea we can read the source...

Code: Select all

; KongFuZi said: "The hardest thing of all is to find a black cat in a dark room, especially if there is no cat."
; Lets break this!
; THINK, how to burn non existent string for MsgBox:
; "You have found a Black Cat in a Dark Room, although the cat was not even there!"
; Don't fight with crackme, main challenge is for your fUntasy :)
; after that, you will solve VM-like puzzle with KEY-file. (which is designed against BruteForce)
; PS. this code respects DEP.
attached key file could "burn" any non-existent string for MessageBoxA(), yet it is not solved? why don't you clearly state goal of crackme then?

and if key file data should be read only, why not make your crackme ENFORCE this? GetSystemDEPPolicy/GetProcessDEPPolicy/SetProcessDEPPolicy
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

1. u mean, below is not clear?!

; THINK, how to burn non existent string for MsgBox:
; "You have found a Black Cat in a Dark Room, although the cat was not even there!"

2. DEP-policy works mostly on appropriate PCs. So solver must agree with statement.
(other way was to put range check before any Jump.)

3. you are on correct way, don't waste time, or other will use your finding.

anything unclear?
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

No idea why you are rejecting my solution. It works perfectly on Windows XP, Windows Vista, and Windows 7, 32-bit and 64-bit OS's, all with DEP set to its default value for the system and with NX enabled in the BIOS.
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

bcoz DEP can be changed by user in any ways.. then referring to DEP became meaningless.
thus, you must agree in strongest way: executable pages are only marked so.
or in other words, KEYfile data not means for executing, but for adjustment only.
(or in other wierd words: this crackme is not 1st-level, damn..)
andrewl

Post by andrewl »

evaluator wrote:1. u mean, below is not clear?!

; THINK, how to burn non existent string for MsgBox:
; "You have found a Black Cat in a Dark Room, although the cat was not even there!"

2. DEP-policy works mostly on appropriate PCs. So solver must agree with statement.
(other way was to put range check before any Jump.)

3. you are on correct way, don't waste time, or other will use your finding.

anything unclear?
Let me ask you this way: what should the crackmes.de moderators verify before approving someone's solution to your crackme?
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

with this question, do you mean - you give up on this crackme?!
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

That's ridiculous. If you wanted DEP to be enforced, you should have used SetProcessDEPPolicy(...).
I still consider my KEY file solution valid.
User avatar
evaluator
Posts: 1538
Joined: Tue Sep 18, 2001 2:00 pm

Post by evaluator »

bwah!
Nobody can ruin your happyness..

BUT, from my side, "I still consider" your solution INvalid.
User avatar
disavowed
Posts: 1290
Joined: Mon Apr 01, 2002 3:00 pm

Post by disavowed »

Looks like we'll have to agree to disagree then :)
simonzack
Member
Posts: 30
Joined: Mon Jan 26, 2009 11:56 pm

Re:

Post by simonzack »

Hei guys,

I made a key file with around 90% of the bytes empty and unused
it doesn't execute code inside the keyfile, vm only

[edit]
je==evaluator!
didn't know that :O
well I'll send my key to you

smk
Locked