The Legend Of Random

Because I am getting numerous messages about what these strange looking posts are (ie. here ), I will provide a little help. They are ciphers from ‘Mission Control’. The object is to decipher them. Each has clues for the next one (and some clues for the final one) but you do not necessarily need the previous clue to solve the next cipher (though it helps immensely). Upon solving the last one, there is a prize (a real one this time) for the people who can decipher them all. And before everyone says that’s impossible, the following members have already solved both of the first two:

nwokiller
hawaii67
Saduff
Levis
Camus
Hanan
SuperBob
Qubic
najaShark
flatline

As a bonus hint to get you started, the first was based on Julius Caesar.

Good luck.

KTFMKZVLJ ODMV PMNDRS YIV I LMOOLR OKZUDRS ODIG ODR LIVO TZO JKZ DIFR VZPPRRXRX ODR LIVO PMNDRS YIV VMWNLJ OK VRNISIOR ODR YDRIO HSKW ODR PDIHHR JKZ DIFR NSKFRG JKZSVRLH PKWNRORGO ODRSR YMLL TR I VRSMRV KH PMNDRSV RIPD DISXRS ODIG ODR LIVO IGX RIPD ZOMLMAMGU JKZS FISMKZV VQMLLV MG PSJNOKUSINDJ IGX SRFRSVR RGUMGRRSMGU ZLOMWIORLJ ODRSR YMLL TR I NSMAR OK YDKRFRS PIG XRPSJNO ILL PMNDRSV UKKX LZPQ IGX NLRIVR IYIMO ODR GREO WRVVIUR

DPOHS BUVMB UJPOT ZPVIB WFTPM WFEBT JNQMF DJQIF
STUPQ UIJTN FBOTZ PVIBW FUIFT LJMTB OEUIF EFTJS
FUPGJ HVSFU IJOHT PVUTU PQJGZ PVTPM WFUIJ TDJQI
FSQNN FBOEM FUNFL OPXZP VSVTF SOBNF BTJBN NBLJO
HBMJT UPGDJ QIFSI FBETEP OPUQP TUBOZ UIJOH BCPVU
UIJTT UPQTU BZUVO FEGPS NPSFJ OTUSV DUJPO TTUPQ
SBOEPN

I have just posted this week’s challenge. It is a very simple patch, but unfortunately, you can’t patch it

The object is to use code caves in order to display a message box that, after entering a username/password combo, says “Please try this password: XXXXXX” where “XXXXXX” is the correct password for the target for that username. Then, after entering the proper username/password, the target should display the goodboy.

For extra credit, have the target copy the proper password into the clipboard, so that when we re-run the target, we enter the username and simply paste in the correct password from the clipboard.

The challenge is located on the challenges page as “crackme #4″.

Good luck.

Because of (good) suggestions in the forums, this week’s challenge will be a commercial product. The good news is that this product is not only NOT being supported anymore, but the developer’s website is long gone and you can no longer download it on CNET. Obviously it’s ditchware.

The name of the download is ryp.

Because I feel confident that this product is no longer in circulation, you can download it from the challenges page. The object is to supply a patcher for the app that registers it. It is fairly easy, so shouldn’t offer too much resistance. Next weeks challenge should be our first ‘hard’ one, so enjoy it while it lasts (and brush up on bruteforcing).

This week’s challenge is a little different. I am posting the crackme that I will be going over in depth in a tutorial later this week. The topic is anti-debugging. I am releasing this early to help motivate readers to attempt to reverse engineer this crackme without knowing anything about it first. Beyond simply patching the app, you should also try to figure out the correct serial. In addition, you should attempt to understand as much of the crackme as you can. Why is this code here? What does it do? Why does this work this way. I hope everyone get’s a chance to try this one on their own, but don’t fret- the tutorial will be going over the crackme line-by-line.

The crackme is available on the challenges page.

ps. If you really want to learn from this crackme, I suggest you temporarily move the ‘plugins’ folder in your Olly install directory to another place. It is far more educational to attempt this crackme with no help from plugins.

This week’s challenge is being delivered by XOR06. Special thanks go out to him for creating this crackme. In order to help solidify the latest tutorial, this crackme is written in Visual Basic. It is a “Beginner” level, meaning it is fairly easy, but if you haven’t read the last tutorial, it would be quite hard to make sense of it.

XOR06 has also made a tutorial for it that will be posted after a little time for people to post their solutions. The goal is to find the serial (fishing).

As always, the challenge is available for download on the challenges page.

Good luck!

Because the challenges were supposed to be fun and a learning experience, I lost sight of this when I made them a race and displayed the person who solved them first. They are not about who solves them first- they are about your own personal learning experience, as well as fortifying the knowledge you’ve taken from the tutorials.

Because of this, I have removed the winners of the challenges. From now on, anyone who wants, at any time, may post a solution to the challenges in the forum. You may also go there to get help and make comments. There are no winners, only people who have solved it. Please accept my apologies and I hope the challenges remain a fun experience for all involved.

This week’s challenge will be posted on Wednesday and will be a Visual Basic challenge, in order to help the readers of the latest tutorial hone their skills. There will also be a tutorial on this crackme for people who need a little help.

It was a thrilling race to the finish in this weeks challenge (for both people who tried). Hawaii67, last weeks winner, submitted the first solution, but was beaten by Saduff, the previous weeks winner, by submitting the first solution that fulfilled all requirements. Maybe if we ask real nice, one of them will write a tutorial on it…

Next week’s challenge will be on Thursday, Sep. 6th at 12pm New York Time.

Crackme #3 is up . The first person to upload a working patcher for this crackme in the challenges forums is the winner of 5000 eur*, so get patching!

The object: Create a patcher that displays goodboy no matter what serial is entered. Upload the patcher to the forum.

*eur stands for “eur lame if you think eur getting any actual money”.