Around three weeks ago, Bartek announced a competition called “Pimp My CrackMe” on his http://secnews.pl/ website. The main prize was a free pass to the CONFidence 2011 conference, which is going to take place in on 24-25 May, in Cracow. The task was to create an interesting CrackMe program, which would then be judged based on its difficulty level (on the other hand, it had to be solvable), inventiveness of the applied techniques, and general visual presentation. Since I wasn’t yet registered on the conference at the time of the announcement, I decided to take part in the contest – traditionally, teamed up with Gynvael Coldwind. The final results were eventually declared yesterday evening; it seems that me made it to the first place ;)
There were three crackmes reported, in total – as Gyn says: It’s not bad, but I was hoping for a higher scene activity. What should be noted, is that based on the number of submitted programs, the organizer managed to get another two conference admissions, so that all of the contest participants are rewarded. Well done!
The complete results, together with the Jury‘s justification of the decision, is presented below:
Mateusz “j00ru” Jurczyk & Gynvael Coldwind
For an interesting approach to the serial number verification problem, technical aspects related to how the CrackMe works, and an unusual interface.
For a custom encryptor (and the effort put in making it function correctly), and an interesting verification algorithm.
Grzegorz “haker500” Jastrzębski
For the willingness of taking part in the competition and creating a CrackMe in assembly.
All of the submissions are available in the official blog entry – I strongly encourage you to play with the tasks, and most importantly, to try to break our CrackMe ;)
Some basic information about the CrackMe: the user’s goal is to find a valid symbol sequence, which will unlock the “Congratulations” screen upon typing it on the screen. The engine of the CrackMe was actually created as a Proof-of-Concept project, which aims to present, how to take advantage of one, very interesting Intel x86 mechanism – feel free to analyze the application internals, and figure out the mechanism by yourself! A longer, technical case study of the challenge, together with the description of all the utilized concepts and techniques is going to be published in a month – that’s also when Bartek will release the source code and solutions of all of the submissions.
At this point, I would like to say thank you to Gynvael, who was the one reponsible for creating the graphical interface, which – in my opinion – looks really great. Well done! It is also worth to mention that the GUI is a kind of tribute to the Syndicate Wars game (see: link).
Good luck solving the tasks, and I am looking forward to hearing from the first person to find a valid key,