So someone give me a crackme challenge. It was a challenge on the previous Uniten@10 hacking competition.
Some people prefer Olly but I'm using Immunity Debugger. Configure it with Microsoft Symbol.
It's quite straightforward actually.
Some people prefer Olly but I'm using Immunity Debugger. Configure it with Microsoft Symbol.
It's quite straightforward actually.
- Each byte will xor with 0x65
- EDX is set to 00000000
- First Xor byte will be compared with to EDX+EE300C
- If match, inc EDX ,and 2nd xor byte will be compared to EDX + 1h + EE300C and so so on
- We know the length of the string is 20 , since the last check is CMP EDX, 14 (20 in decimal).
We know the strings will be compared from EE300C until EE3020.
We can xor the compared value immedietely.
And get our flag.
Fun thought.
