Yuri on 2019-03-11 23:44:
DO NOT READ IF YOU DO NOT WANT SPOILERS!
I may have figured it out, there seems to be a lot of functionality that is not really used. Maybe filler code to throw us off?
Seems the password is a fixed value added by 1, however, it is put into the heap at a random location within the get_pwd().
If my understanding is correct I will try to write a solution and explain within it.
kuroguro on 2019-03-12 10:02:
@Yuri - yep, came to the same conclusion
_Dante_ on 2019-03-15 14:01:
[Click to reveal]SPOILER ALERT:
The password is w0nit4, but like said in the comment above even if you type w and enter it will work anyway, it might a mistake
coyote_0x90 on 2019-05-22 06:41:
[Click to reveal]w works for a password. It looks like it only checks the first char:
.text:004015E5 movzx eax, byte ptr [eax]
.text:004015E8 cmp dl, al
.text:004015EA jz short loc_4015F3
But if you step through the get_pwd function, you can see it generate all the chars in "w0n1t4"
Cr4ckC0ca1n3 on 2020-01-05 15:48:
I am an absolute noob. The zip file asking for password,but is this the challenge or is the passwords told somewhere?
santyk on 2020-04-28 10:44:
Sorry but not getting real intention behind writing so much code for getting pass since all it does is to check string starting with "w". I think the code require some small fix. Thanks for the crackme though.
enkeyz on 2020-05-06 15:57:
Yeah, I don't know if this was a mistake by him, but it only compares the first character you entered with a 'w'.
Dalski on 2020-07-20 15:47:
Entering any username & any password just completes the subroutine. Is this intended? Can't really see any challenge here?
Slaktaren on 2020-09-26 21:50:
[Click to reveal]Best one I tried yet. Ghidra + x32dbg works like a charm!
Password is: w0n1t4, but only the first character is compared.
AreUTheGoodBoY on 2021-04-28 12:44:
Hi! This is the VideoTut Solution! - https://www.youtube.com/watch?v=29I5OwvrvII
RedVi on 2023-05-06 15:51:
[Click to reveal]password: wwwwwwww