Write-up of the monkey_.exe_1 crackme
This is a write-up of monkey_.exe_1, a crackme written by monkey and published on crackmes.de, now available at crackmes.one.
To get an idea of what the program does, we first run it normally. We see two message boxes:
Now that we know what we need to do, let's start running it in x64dbg. Once we get to the entry point, we see:
This is a loop where the bytes following 0x00401014 are decrypted into the instructions that will actually be executed by XOR-ing them with 0x11. To see what this code is, we can place a breakpoint at 0x00401014 and then let the loop finish by allowing execution to continue.
We see another decryption routine, and some code which creates a message box:
Since we only need to get rid of the first message box, we don't need to worry about the second decryption routine (which only decrypts code after 0x0040103F). We just need to NOP the message box creation code (which lasts from 0x0040102A to 0x0040103E).
Since NOP has the instruction code 0x90, and it is to be XOR-ed with 0x11 when decrypting, we need to fill the range 0x0040102A to 0x0040103E with 0x81 bytes (since 0x90 XOR 0x11 = 0x81).
After making these changes, we have gotten rid of the bad message box while keeping the new one. The crackme is solved!
To get an idea of what the program does, we first run it normally. We see two message boxes:
Now that we know what we need to do, let's start running it in x64dbg. Once we get to the entry point, we see:
| 00401000 | mov edi,monkey-exe1.401014 | edi:EntryPoint |
| 00401005 | mov ecx,47 | ecx:EntryPoint, 47:'G' |
| 0040100A | mov al,byte ptr ds:[edi] | edi:EntryPoint |
| 0040100C | xor al,11 | |
| 0040100E | stosb | |
| 0040100F | sub ecx,1 | ecx:EntryPoint |
| 00401012 | jne monkey-exe1.40100A |
This is a loop where the bytes following 0x00401014 are decrypted into the instructions that will actually be executed by XOR-ing them with 0x11. To see what this code is, we can place a breakpoint at 0x00401014 and then let the loop finish by allowing execution to continue.
We see another decryption routine, and some code which creates a message box:
| 00401016 | mov edi,monkey-exe1.40103F | |
| 0040101B | mov ecx,1C | |
| 00401020 | mov al,byte ptr ds:[edi] | |
| 00401022 | xor al,5 | |
| 00401024 | stosb | |
| 00401025 | sub ecx,1 | |
| 00401028 | jne monkey-exe1.401020 | |
| 0040102A | pop edi | |
| 0040102B | push 0 | |
| 0040102D | push monkey-exe1.402000 | |
| 00401032 | push monkey-exe1.402000 | |
| 00401037 | push 0 | |
| 00401039 | call dword ptr ds:[<&MessageBoxA>] |
Since we only need to get rid of the first message box, we don't need to worry about the second decryption routine (which only decrypts code after 0x0040103F). We just need to NOP the message box creation code (which lasts from 0x0040102A to 0x0040103E).
Since NOP has the instruction code 0x90, and it is to be XOR-ed with 0x11 when decrypting, we need to fill the range 0x0040102A to 0x0040103E with 0x81 bytes (since 0x90 XOR 0x11 = 0x81).
After making these changes, we have gotten rid of the bad message box while keeping the new one. The crackme is solved!
I'm going to date myself, but I however vividly remember becoming a member of my first "electronic" mail consideration in the early 90's when I was a freshman in college.
ReplyDeletejogos friv online
Jogos live
jogos friv 4 school
Having a wedding under one roof means the Bride and Groom can slope off to the Bridal suite after the cutting of the cake and the first dance, once the evening guests have arrived, if they want to get changed. The Bridal suite is also available for the Bride to get ready in, with hair and make up artists coming to you, or the Bride could travel from her home putting her dress on last minute to ensure it's wrinkle free. Bouquets and buttons holes can be derived to the venue, meaning less stress for the Bride trying to remember who is doing what and where everything will be.
ReplyDeleteJogos live
360 jogos gratis
friv Games for school 2019
Art is important in times of savage destruction because it stands for what is uniquely and indestructibly human; it affirms the values of civilization against the brute force of animal aggression; it is an antithesis of barbarism that evinces the highest standards of beauty and order that humanity is capable of. It is a statement of resistance against chaos.
ReplyDeletekizi
free games online 2019
friv game 2019