Second AutoIT challange

[Unc3nZureD]

Hi guys, recently I was working on an AutoIT CrackME. I know this language is extremely easy to reverse/crack/deofuscate etc, that's why I'm trying to make something challanging

The task is the following:
- Decomplie the executable
- Crack the application the way that you can read below

About the program:
After starting the exe you will see a very simple GUI with an Inputbox, some text and a button. If you type the right password and press the button, you will get a special code in a simple messagebox.

How to crack?:
Quite easy. You should bypass the requesting of the password, that way getting the code, OR find the password and get the code by entering it.

Extras:
The Icon of the file got removed for smaller size

VirScan:
That 4 "virus" is just a false positive.

http://r.virscan.org/report/9491c926a0c8...7f477.html

Code:

VirSCAN.org Scanned Report :
Scanned time   : 2012/12/21 21:57:03 (CET)
Scanner results: 11% Scanner(s) (4/37) found malware!
File Name      : CrackME.exe
File Size      : 2525374 byte
File Type      : PE32 executable for MS Windows (GUI) Intel 80386 32-bit
MD5            : 37179d651b0bdf73f09f672e013d8cb9
SHA1           : 8894556db6cb49a56b66d1bfe882395c2ee36a3f
Online report  : http://r.virscan.org/9491c926a0c8a2573e3f27b206f7f477

Scanner        Engine Ver      Sig Ver           Sig Date    Time   Scan result
a-squared      5.1.0.4         20121222010416    2012-12-22  11.07  -
AhnLab V3      2012.12.22.00   2012.12.22        2012-12-22  3.04   -
AntiVir        8.2.10.202      7.11.50.58        2012-11-16  0.18   -
Antiy          2.0.18          2.0.18.           0002-18-00  0.18   -
Arcavir        2011            201212180022      2012-12-18  4.56   -
Authentium     5.1.1           201212211548      2012-12-21  1.72   -
AVAST!         4.7.4           121221-0          2012-12-21  0.66   -
AVG            12.0.1794       2637/5476         2012-12-21  0.47   -
BitDefender    7.90123.8418135 7.44470           2012-12-22  5.35   Gen:Trojan.Heur.GZ.AAY@b8WRFyi
ClamAV         0.97.5          15951             2012-12-20  4.23   -
Comodo         5.1             14626             2012-12-21  2.60   -
CP Secure      1.3.0.5         2012.12.22        2012-12-22  0.62   -
Dr.Web         7.0.4.9250      2012.12.20        2012-12-20  15.62  -
F-Prot         4.6.2.117       20121221          2012-12-21  1.21   -
F-Secure       7.02.73807      2012.12.21.06     2012-12-21  3.09   Gen:Trojan.Heur.GZ.AAY@b8WRFyi [Aquarius]
Fortinet       4.3.392         16.549            2012-12-22  0.13   -
GData          22.7130         20121222          2012-12-22  6.63   Gen:Trojan.Heur.GZ.AAY@b8WRFyi [Engine:A]
ViRobot        20121221        2012.12.21        2012-12-21  0.51   -
Ikarus         T3.1.32.20.0    2012.12.21.83048  2012-12-21  7.25   -
JiangMin       13.0.900        2012.12.21        2012-12-21  3.52   -
Kaspersky      5.5.10          2012.12.21        2012-12-21  0.42   -
KingSoft       2009.2.5.15     2012.12.21.9      2012-12-21  0.99   -
McAfee         5400.1158       6932              2012-12-20  12.50  -
Microsoft      1.9002          2012.12.21        2012-12-21  6.72   -
NOD32          3.0.21          7825              2012-12-21  0.38   -
Norman         6.8.3           201208311030      2012-08-31  0.00   -
Panda          9.05.01         2012.12.21        2012-12-21  9.97   -
Trend Micro    9.500-1005      9.608.02          2012-12-21  0.27   -
Quick Heal     11.00           2012.12.20        2012-12-20  2.66   -
Rising         20.0            24.41.03.03       2012-12-20  3.72   -
Sophos         3.35.1          4.81              2012-12-22  5.52   -
Sunbelt        3.9.2555.2      14594             2012-12-21  1.97   -
Symantec       1.3.0.24        20121219.003      2012-12-19  0.92   -
nProtect       20121221.01     13171728          2012-12-21  8.62   -
The Hacker     6.8.0.0         v00161            2012-12-20  0.84   -
VBA32          3.12.18.4       20121220.0534     2012-12-20  4.67   -
VirusBuster    5.5.2.13        15.0.293.0/105097222012-12-21  0.31   Suspicious!SA

[flywin]

It can not run in Win7 on my Notebook.

[Unc3nZureD]

(12-22-2012 03:01 AM)flywin Wrote:  It can not run in Win7 on my Notebook.

Did you run it as admin? Currently I've got no other idea. I'm using WinXP and it works perfectly for me.

Did you even try running it without a debugger?

[flywin]

Hi, Unc3nZureD, I run it alone on Win7 and then failed, without debugger, without anti-virus software.
It maybe only runs in WinXP?

[thmaster100]

I am gonna try ^^

---

back , I dumped the fist file , then I got file with 1.34 MB size , anyway the 2ed file is packed with enigma as far I as I get ^^

when someone crack this hope you tell us how did you protect it ^^ , thx

btw the main file I think it's called mainbinary.exe ^^ am I right ?

[Unc3nZureD]

nope, but if someone can crack it, I'll give a source+method

-------------------
Well it won't be so easy Finding the right method to decompile is just the first step. It's obfuscated and hard-coded. I think it's even a challenge to crack without any protection

[thmaster100]

(12-23-2012 07:38 PM)Unc3nZureD Wrote:  nope, but if someone can crack it, I'll give a source+method

-------------------
Well it won't be so easy Finding the right method to decompile is just the first step. It's obfuscated and hard-coded. I think it's even a challenge to crack without any protection

I cant wait for someone to try ^^ XD , ^^