Below is a proof of concept I wrote that that implements several techniques that makes cracking a pain in the ass. I use the classic isdebuggerpresent api as well as use the assembly implementation of it (that I grabbed by stepping through it in a debugger). I use loadlibrary, check for the trap flag, and a few other things that make stepping through the code sucky. On top of that, I mutate strings and store every string as a character array since I’ve found that storing strings this way fools the string utility in IDA pro. Since loadlibrary uses this weird method it makes it so that you have to breakpoint on the loadlibrary call, but since im checking for breakpoints, you’re SOL. The one other thing I should have done was used LockFile and memory mapped files so that if you attempt to open the ‘sekret’ file while its running it complains windows style with the access denied message. Oh well, another time.<\/p>\n
<\/p>\n
Here it is in classic C:<\/p>\n
<\/p>\n
#include <stdio.h><\/span>\r\n#include <stdlib.h><\/span>\r\n#include <windows.h><\/span>\r\n#define WIN32_LEAN_AND_MEAN<\/span>\r\n#define file \"sektrit.txt\"<\/span>\r\n#define FILE_WRITE_TO_END_OF_FILE 0xffffffff<\/span>\r\nBOOL FirstInit<\/span>(void<\/span>);\r\nint<\/span> SecondInit<\/span>(void<\/span>);\r\nint<\/span> ThirdInit<\/span>(void<\/span>);\r\nvoid<\/span> naw<\/span>(void<\/span>);\r\nchar<\/span>*<\/span> Mutate<\/span>(char<\/span>*<\/span>);\r\nvoid<\/span> ClosingFile<\/span>(HANDLE);\r\nchar<\/span>*<\/span> Pass2File<\/span>(HANDLE,char<\/span>[]);\r\n\r\nint<\/span> main<\/span>(int<\/span> argc, char<\/span> *<\/span>argv[])\r\n{\r\nprintf(\"****************************************************************<\/span>\\r\\n<\/span>\"<\/span>);\r\nprintf(\"****************************************************************<\/span>\\r\\n<\/span>\"<\/span>);\r\nprintf(\"******************Joe G's Ultimate Crackme v 1.1****************<\/span>\\r\\n<\/span>\"<\/span>);\r\nprintf(\"****************************************************************<\/span>\\r\\n<\/span>\"<\/span>);\r\nprintf(\"****************************************************************<\/span>\\r\\n<\/span>\"<\/span>);\r\nprintf(\"<\/span>\\r\\n<\/span>Email answers to Evil1 aka iamtheevil1@gmail.com<\/span>\\r\\n<\/span>\"<\/span>);\r\nSleep(3000<\/span>);\r\nif<\/span>(IsDebuggerPresent())\r\n{\r\nMessageBox(NULL<\/span>,\"KNOCK IT OFF\"<\/span>,\"2\"<\/span>,MB_OK);\r\nnaw();\r\n}\r\nif<\/span>(1<\/span>==<\/span>2<\/span>)\r\n{\r\nFirstInit();\r\nMessageBox(NULL<\/span>,\"KNOCK IT OFF\"<\/span>,\"2\"<\/span>,MB_OK);\r\nreturn<\/span> 0<\/span>;\r\n}\r\nif<\/span>(SecondInit() ==<\/span> 1<\/span>)\r\n{\r\n\/\/ exit gracefully<\/span>\r\nMessageBox(NULL<\/span>,\"KNOCK IT OFF\"<\/span>,\"2\"<\/span>,MB_OK);\r\nnaw();\r\n}\r\nif<\/span>(ThirdInit() +<\/span> 2<\/span> ==<\/span> 4<\/span>)\r\n{\r\nMessageBox(NULL<\/span>,\"KNOCK IT OFF\"<\/span>,\"2\"<\/span>,MB_OK);\r\nnaw();\r\n}char<\/span> randgenfilepass[24<\/span>];\r\nrandgenfilepass[0<\/span>] =<\/span> 't'<\/span>;\r\nrandgenfilepass[1<\/span>] =<\/span> 'h'<\/span>;\r\nrandgenfilepass[2<\/span>] =<\/span> 'e'<\/span>;\r\nrandgenfilepass[3<\/span>] =<\/span> 'r'<\/span>;\r\nrandgenfilepass[4<\/span>] =<\/span> 'e'<\/span>;\r\nrandgenfilepass[5<\/span>] =<\/span> 'i'<\/span>;\r\nrandgenfilepass[6<\/span>] =<\/span> 's'<\/span>;\r\nrandgenfilepass[7<\/span>] =<\/span> 'n'<\/span>;\r\nrandgenfilepass[8<\/span>] =<\/span> 'o'<\/span>;\r\nrandgenfilepass[9<\/span>] =<\/span> 't'<\/span>;\r\nrandgenfilepass[10<\/span>] =<\/span> 'h'<\/span>;\r\nrandgenfilepass[11<\/span>] =<\/span> 'i'<\/span>;\r\nrandgenfilepass[12<\/span>] =<\/span> 'n'<\/span>;\r\nrandgenfilepass[13<\/span>] =<\/span> 'g'<\/span>;\r\nrandgenfilepass[14<\/span>] =<\/span> 'f'<\/span>;\r\nrandgenfilepass[15<\/span>] =<\/span> 'o'<\/span>;\r\nrandgenfilepass[16<\/span>] =<\/span> 'r'<\/span>;\r\nrandgenfilepass[17<\/span>] =<\/span> 'y'<\/span>;\r\nrandgenfilepass[18<\/span>] =<\/span> 'o'<\/span>;\r\nrandgenfilepass[19<\/span>] =<\/span> 'u'<\/span>;\r\nrandgenfilepass[20<\/span>] =<\/span> 'h'<\/span>;\r\nrandgenfilepass[21<\/span>] =<\/span> 'e'<\/span>;\r\nrandgenfilepass[22<\/span>] =<\/span> 'r'<\/span>;\r\nrandgenfilepass[23<\/span>] =<\/span> 'e'<\/span>;\r\n\r\n\r\nchar<\/span> dix[4<\/span>];\r\ndix[0<\/span>] =<\/span> 'y'<\/span>;\r\ndix[1<\/span>] =<\/span> 'o'<\/span>;\r\ndix[2<\/span>] =<\/span> 'u'<\/span>;\r\ndix[3<\/span>] =<\/span> '\\0'<\/span>;\r\nHANDLE hfile =<\/span> CreateFile(file,GENERIC_READ |<\/span> GENERIC_WRITE,0<\/span>,NULL<\/span>,OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL,\r\nNULL<\/span>);\r\nchar<\/span> *<\/span>thepass =<\/span> Pass2File(hfile,randgenfilepass);\r\nprintf(\"The password is randomly generated locked inside %s. Good luck trying to open it!<\/span>\\r\\n<\/span>\"<\/span>, file);\r\n__asm<\/span> {\r\nnop;nop;nop;nop\r\n};\r\nchar<\/span> pass[128<\/span>];\r\nint<\/span> count =<\/span> 0<\/span>;\r\nfor<\/span>(;count <<\/span> 5<\/span>;count++<\/span>)\r\n{\r\nprintf(\"What is the password?<\/span>\\r\\n<\/span>\"<\/span>);\r\nscanf(\"%s\"<\/span>,&<\/span>pass);\r\nif<\/span>(strcmp(pass,thepass) ==<\/span> 0<\/span>)\r\n{\r\nint<\/span> ghe =<\/span> 126387<\/span>;\r\nghe ^<\/span> 3<\/span>;\r\nprintf(\"great fuckin job man! Email me with '%08x > %s' in the subject line<\/span>\\r\\n<\/span>\"<\/span>,sizeof<\/span>(hfile) +<\/span> ghe,dix);\r\nbreak<\/span>;\r\n}\r\nelse<\/span>\r\n{\r\n\r\nprintf(\"WRONG! Attempt %d of 5<\/span>\\r\\n<\/span>\"<\/span>,count+<\/span>1<\/span>);\r\n}\r\n\r\n}\r\nClosingFile(hfile);\r\nsystem(\"PAUSE\"<\/span>);\r\nreturn<\/span> 0<\/span>;\r\n}\r\n\r\nvoid<\/span> ClosingFile<\/span>(HANDLE hfile)\r\n{\r\nOVERLAPPED ol;\r\nmemset(&<\/span>ol, 0<\/span>, sizeof<\/span>(ol));\r\nol.Offset =<\/span> FILE_WRITE_TO_END_OF_FILE;\r\nol.OffsetHigh =<\/span> -<\/span>1<\/span>;\r\nDWORD dwBytesWritten;\r\n\r\nWriteFile(hfile, \"naw\"<\/span>, 3<\/span>, &<\/span>dwBytesWritten, &<\/span>ol);\r\nunsigned<\/span> int<\/span> sloop =<\/span> 2000<\/span>;\r\nSleep(sloop);\r\n\r\nCloseHandle(hfile);\r\nprintf(\"file: %s unlocked and cleared, better luck next time :)<\/span>\\r\\n\\n<\/span>\"<\/span>,file);\r\n}\r\n\r\nchar<\/span>*<\/span> Pass2File<\/span>(HANDLE hfile, char<\/span> randgenfilepass[])\r\n{\r\nOVERLAPPED ol;\r\nmemset(&<\/span>ol, 0<\/span>, sizeof<\/span>(ol));\r\nol.Offset =<\/span> FILE_WRITE_TO_END_OF_FILE;\r\nol.OffsetHigh =<\/span> -<\/span>1<\/span>;\r\nDWORD dwBytesWritten;\r\n\/\/ mutate string, store string in file, with writefile<\/span>\r\nchar<\/span>