REVERSING.KR- writeup
Easy crack
• WinMain
• DialogFunc
• sub_401080
• String values "5y" and "R3versing" could be used to create a pop-up window with the string "Congratulation!!".
• This is the function's entry point, which uses the string value "Congratulation!!".
• Switch the break point at 00401080 before entering the string value. When the program reaches the number 004010B0, it compares the second character of the input string to the character 'a.'
• other function - string value "5y" and sub-string of input text starts with the 3rd index -> checks whether input string starts with "5y" or not .So, the 3rd and 4th character is "5y".
• Compare the last characters (from the 5th index) with "R3versing". Iteration of 004010DA 004010FC.
• This code can be seen comparing each character of input text with String "R3versing" at 00400E0.
• The last part compares the first character of the input text with character 'E'.
• flag - Ea5yR3versing
Easy keygen
• username is 8 characters and there is an int array containing 16,32 & 48.
• username is being XOR-ed with the int array.
• Serial is 5B134977135E7D13 and we know that every character is being XOR-ed with the int array.
• original username that will match 5B134977135E7D13 is "K3yg3nm3"
• flag - K3yg3nm3
Easy unpack
• EXE and a text file are passed, and the text file contains -Locate the OEP
• Because OEP is in a newly assigned memory space, s, it should jump further away.
• When jumping a long distance, the jump should be to any absolute address. Script to automatically find Far Jump
• drop it into x32dbg
• big jump at 0x0040A1FB
•
• Key – 00401150
Replace
• Input – a number
• “Correct” string in DialogFunc – (no branch)
• The GetDlgItemInt function handles the input, which is then assigned to dword 4084D0.
• Set breakpoint at 0x00401065.
• Input changed to integer
• sub_40467A() increase input twice.
• sub_40466F(), input is added by 0x601605C7, then increase twice.
• replaces instructions at 0x40466F then call sub_40466F() twice with a parameter is calculated input.
• After calling sub_40466F(), the program jumps back to 0x401071
• sub_40466F() replaces instruction at calculated input by NOP instruction.
• Result = calculates input and replace 2 bytes at address is calculated input
• Input + 2 + 0x601605c7 + 2 = 0x401071
Input = 0x401071 – 2 – 0x601605c7 – 2 = 0xFFFFFFFFA02A00AA6
• can’t input negative number. However, the program just get DWORD, overflow it by adding 0x100000000.
Input = 0xFFFFFFFFA02A00AA6 + 0x100000000 = 0xA0200AA6
Input = 2687109798
• FLAG : 2687109798
Sign in with Wallet
Connect another wallet