downloadbrowselilcw's simple xor encryption #2

Download, 5 kb (password:
Browse contents of

well how to solve it?

1st of all you will have to dasm it
to take the decrypting engine
and to bruteforce the correct password which is a combination of lowercase letters and numbers (9 chars this time ;)
after that you will have the main decrypting routine that will decrypt the main app.

since ppl said #1 was too easy here i go with the real algo thats used and not the testing one

again no encryption of the main code or any antidebugging stuff in there! just plain code inside of it =]

the encrypted programm again is a simple msgbox.

Difficulty: 4 - Needs special knowledge
Platform: Windows
Language: Assembler

Published: 19. Oct, 2007
Downloads: 502


Waiting for at least 3 votes
(we have only 2).

Rate this crackme:

Send a message to lilcw »

View profile of lilcw »


Solution by Rain [Cls], published 16. feb, 2012; download (5 kb), password: or browse.

Rain [Cls] has rated this crackme as quite nice.

Submit your solution »

Discussion and comments

24. Oct 2007
no solution yet?
27. Oct 2007
tried several stuff. no success yet.
sounds like bruteforcing will be the only solution...
just MsgBox + ExitProcess calls into such a big buffer, it could be anything...
not as fun as #1.
29. Oct 2007
indeed, this can only be broken knowing how the protector deals with the input. (only then you don't need to bruteforce at this crackme). - I only could solve it with this knowledge, maybe the author should give some more help ;)
30. Oct 2007
the decryptor for the main app is hiding in the encrypted area ;]
30. Oct 2010
I took a look at this crackme. In theory it could be broken by giving non-standard characters into the input but then you are only rewriting the code that is ran.

In an attempt to get the encrypted area to reveal the password I did a search for any number of characters that when xor'd against lower case and numbers would reveal normal text. Assuming that the end character is null, only 1 spot in the encrypted text showed up. Sadly, xor'ing a value into the last character to get a null then backing up 9 characters (based on above info) results in untypable characters.

Either the decrypted portion contains no strings or the decrypted portion does another decryption internally resulting in no point of reference to determine the original password used.
16. Feb 2012
CONGRATS to RAIN - this is a long-standing crackme that had many minds against it!

I don't understand why choosing the first 9 characters of the crypted buffer
as a trial password (and replacing non-printable characters with dash '-') is
useful, but here it reveals (via luck??) that loop instruction at 405461 and
405481. MANY password could have put an 0xE2 opcode somewhere in the buffer.
Maybe Rain just has that cracker ZEN!
18. Feb 2012
Excellente tutorial Rain.

13. Apr 2012
now im finaly impressed

well done Rain [Cls] =]

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.