Timeline for Reverse engineering of Managed C++/C# CrackMe
Current License: CC BY-SA 3.0
16 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| Sep 25, 2017 at 22:35 | comment | added | kekyc | The problem was I haven't checked variables such as num5 in the memory. Actually wanted key was in memory on address which was stored in num5. screenshot | |
| Sep 25, 2017 at 22:00 | comment | added | kekyc | Paweł Łukasik Oh wow. Thank you very much. Very good experience for me! | |
| Sep 25, 2017 at 21:58 | vote | accept | kekyc | ||
| Sep 25, 2017 at 21:40 | comment | added | Paweł Łukasik | @kekyc I've also described it a bit more on my blog if you want to read ctfs.ghost.io/reverse-engineering-of-managed-crackme-solution | |
| Sep 25, 2017 at 21:13 | vote | accept | kekyc | ||
| Sep 25, 2017 at 21:15 | |||||
| Sep 25, 2017 at 17:37 | comment | added | Paweł Łukasik | @kekyc added more info | |
| Sep 25, 2017 at 17:37 | history | edited | Paweł Łukasik | CC BY-SA 3.0 | updated answer |
| Sep 25, 2017 at 15:52 | comment | added | Paweł Łukasik | Then Maybe it’s machine dependent. I should have some time today to add some more info. | |
| Sep 25, 2017 at 15:51 | comment | added | kekyc | It says "wrong!" for your example on my machine, but anyway I'm still really waiting for your advices. | |
| Sep 24, 2017 at 22:12 | comment | added | Paweł Łukasik | it's hard but doable: [email protected]/f3cc0043fd354ab3633bcb3494ec9bdd - I'll try to describe this a bit more | |
| Sep 24, 2017 at 12:40 | comment | added | kekyc | I even tried to dump process memory with WinHex after that, but still found nothing useful. Here's the binary | |
| Sep 24, 2017 at 5:58 | comment | added | Paweł Łukasik | well in C++ значение/value is a pointer to the value. I would bet you need to dereference it. Post the whole binary if you want a bit more analysis. | |
| Sep 24, 2017 at 2:46 | comment | added | kekyc | Also, indeed, <Module>.GetString() looks like custom function and requires some analysis. | |
| Sep 24, 2017 at 2:34 | comment | added | kekyc | After your answer I began to understand the disassembled code better, but I still can't understand what globally happening in Check() function. And also, I tried to debug the code with dnSpy. It works and it helps to understand the program, but I can't see values the most of the important variables (see the screenshots) - there are just no these strings in the memory. Nothing changes when the program doing an assignment (or probably it actually changes, but no there where I'm looking for it). pic1 pic2 | |
| Sep 23, 2017 at 23:22 | vote | accept | kekyc | ||
| Sep 23, 2017 at 23:26 | |||||
| Sep 23, 2017 at 23:04 | history | answered | Paweł Łukasik | CC BY-SA 3.0 |