evilprogrammer's mexican

Author:
evilprogrammer

Language:
C/C++

Upload:
2019-08-25 21:43

Download

Platform:
Windows

Difficulty:
1.6

Quality:
4.2

Arch:
x86

Downloads:
57

Size:
101.63 KB

Writeups:
4

Comments:
73

Description

This is a very easy flag, i made with love for you, there are two ways to resolve it. I hope you will have fun.

Comments (73)
Writeups (4)

You must be logged in to post a comment

juansacco on 2019-08-28 13:35: [Click to reveal]

Parad0x13 on 2019-09-05 01:29: [Click to reveal]

totothetoro on 2019-09-10 21:53: [Click to reveal]

qbao on 2019-09-13 13:31: [Click to reveal]

3rr0r on 2019-09-16 13:54: [Click to reveal]

b1h0 on 2019-09-19 23:14: Finding the flag is easy. Many people have already put it here. But it is best to patch it to see that the flag is displayed. I just uploaded my solution (the first in this reversing). Even so, I think there is an error, because the flag does not write a \ 0 at the end of the string and a memory leak appears.

0x4186 on 2019-09-21 10:06: [Click to reveal]

meisborn on 2019-09-27 03:44: thanks

karupoiss00 on 2019-09-28 12:26: [Click to reveal]

X3eRo0 on 2019-10-05 05:27: [Click to reveal]

b1h0 on 2019-10-05 14:40: I see that my solution is published, but as I accompanied it with images it is perhaps not very clear. If someone is interested in seeing the whole process I have it published on Github. https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/evilprogrammer-mexican/b1h0-evilprogrammer-mexican.md

kosciej on 2019-10-06 20:38: Thank you - My first crack from a very long time :) I have patched file to see flag on terminal :)

spencer@qvwthrows.com on 2019-10-10 11:23: what is the password of the extraction though?

mucomplex on 2019-11-05 13:20: [Click to reveal]

niros on 2019-11-12 05:16: [Click to reveal]

Mazleg on 2019-11-12 16:48: What is the password to extract the crackme?

TheSkyBaron on 2019-11-12 19:16: [Click to reveal]

Crossy1998 on 2019-11-17 23:08: [Click to reveal]

P4RS on 2019-11-20 19:17: [Click to reveal]

Andrej on 2019-11-24 09:28: [Click to reveal]

piretrum on 2019-12-02 23:04: [Click to reveal]

l3yam134 on 2019-12-06 06:44: [Click to reveal]

ayushdosaj on 2019-12-14 10:06: [Click to reveal]

mIcHyAmRaNe on 2019-12-17 20:35: [Click to reveal]

oznetnerd on 2020-01-02 21:01: As per the FAQ (https://crackmes.one/faq) the zip password is: crackmes.one

Maksim on 2020-01-11 17:01: [Click to reveal]

JonDo on 2020-01-18 20:12: [Click to reveal]

darknessxk on 2020-01-27 07:04: [Click to reveal]

devnull on 2020-02-04 19:16: [Click to reveal]

n00n3 on 2020-02-08 07:34: [Click to reveal]

yanns on 2020-02-26 20:55: [Click to reveal]

aaniao002 on 2020-03-19 13:23: 0040163A C74424 1C C1mov dword ptr ss:[esp+0x1C],0xC1 00401642 817C24 1C C1cmp dword ptr ss:[esp+0x1C],0xC1 0040164A 7E 07 jle short Untitled.00401653 is there anyway make zf=0? will the only way is modify opcode?

1@m@n00b on 2020-03-27 14:39: [Click to reveal]

santyk on 2020-04-26 22:39: [Click to reveal]

enkeyz on 2020-05-05 16:25: By default the flag isn't displayed, because there's a jle before the function call that displays the flag. Just simply change jle to jne.

bahiraei on 2020-05-08 16:32: [Click to reveal]

qtkite on 2020-05-21 04:53: [Click to reveal]

sherlock789 on 2020-06-12 22:33: [Click to reveal]

crashswitch on 2020-06-24 13:38: [Click to reveal]

n00bFox on 2020-06-25 22:24: Did anyone else get a password box when extracting the files? Does anyone know it?

n00bFox on 2020-06-25 22:25: ignore my comment above

Senken on 2020-07-09 10:42: [Click to reveal]

LuckyCrack on 2020-08-21 14:29: [Click to reveal]

saheelfaldesai on 2020-09-18 06:29: [Click to reveal]

n00bb on 2020-11-06 21:34: [Click to reveal]

sbn on 2020-12-13 12:45: [Click to reveal]

mohammadali on 2020-12-26 05:42: [Click to reveal]

PjAwasthi09 on 2020-12-30 18:00: [Click to reveal]

CpyRe on 2021-02-26 17:50: [Click to reveal]

matheuss0xf on 2021-03-26 23:33: [Click to reveal]

ComputerPoision on 2021-07-27 18:31: [Click to reveal]

suhaslingam on 2021-09-13 11:58: [Click to reveal]

Selfixh on 2022-04-19 12:43: pswd of winrar file??

Durgesh on 2022-05-08 08:47: What is it password to extract zip file ?

JohnWickS007 on 2022-08-06 18:14: [Click to reveal]

sbk on 2022-10-13 02:15: [Click to reveal]

ksaltik on 2022-12-19 13:05: [Click to reveal]

seaaaa on 2023-02-16 18:45: [Click to reveal]

karlos on 2023-06-08 10:33: [Click to reveal]

fatahhashim on 2023-07-08 04:50: [Click to reveal]

arjano on 2023-09-09 09:11: [Click to reveal]

haxan on 2023-12-08 13:24: [Click to reveal]

Reversing007 on 2024-04-10 17:28: [Click to reveal]

9miceeee on 2024-09-07 21:31: [Click to reveal]

UNITIX on 2024-12-28 15:59: [Click to reveal]

fox103 on 2025-07-21 11:58: [Click to reveal]

wolf1 on 2025-08-29 01:23: [Click to reveal]

0xF145H on 2025-10-04 08:58: [Click to reveal]

jeffli6789 on 2026-01-04 06:25: This crackme had been reviewed when it was originally approved and is likely safe. Crackmes often get flagged by antivirus software, EDR systems, or VirusTotal because they may use the same protection techniques found in malware (packers, anti-debugging, self-modifying code, etc.), or simply a false positive. This does NOT mean the crackme is actually malicious. The only way to confirm whether something is truly malware is to reverse engineer it and find proof of malicious code and/or malicious behavior. If you still believe this is actual malware, please report it to us via email: crackmesone@gmail.com. **We encourage everyone to run crackmes in a VM (virtual machine) and exercise caution when executing unknown binaries.** *Disclaimer: We do our best to review submissions, but mistakes can happen. The administrators and crackmes.one cannot be held liable for any damages or losses resulting from the use of files downloaded from this site. Always exercise caution and use a sandboxed environment.*

lcfclad2024 on 2026-01-13 01:52: [Click to reveal]

Show all spoilers

You must be logged in to submit a writeup

Solution by 0xNinja on 2019-09-07 12:12:

Download

Solution by b1h0 on 2019-09-19 22:56:
# [evilprogrammer's mexican](https://crackmes.one/crackme/5d63011533c5d46f00e2c305) ## Crackme by [b1h0](https://crackmes.one/user/b1h0) - Used **x64dbg** debbuger. - Once the **EntryPoint** is located, you can verify that at the address **0x00401500** a subroutine begins, which is the one shown in the *flag* text. We will call this subroutine: **sub_result_cracked** ![mexican_01](mexican_01.PNG "sub_result_cracked") - Then later we can find in the address **0x004013dd** a call to the address **0x0040162c** which is the subroutine that we will call **sub_compare_crackme**. We establish a breakpoint there and then continue step by step. ![](mexican_02.png) - Finally at address **0x00401642** we find a comparison of the value **0xC1** with the value 0xC1. The key is that the two values have to be different, and in particular the first one greater than the second, therefore we change the first 0xC1 for a greater value, or the second 0xC1 for a smaller value. ![](mexican_03.png) - So we change the *0xC1* value of the comparison line to a lower value. For example, **0 (zero)** ![patch](mexican_03_patch.png "patch" ) - And the flag message appears. Printed message: **flag{M3x1c4nMl4lw4r3_pl3rro}** ![patch](mexican_flag.png "flag{M3x1c4nMl4lw4r3_pl3rro}")

Download

Solution by Stingered on 2020-03-11 20:07:
Text file containing my solution and patch details. Ciao, Stingered

Download

Solution by 6C615F6C6C6F726F6E61 on 2020-11-23 01:03:
With Ghidra

Download