You must be logged in to post a comment
Lilsan44444 on 6:29 PM 06/23/2025: ts is not 2.7
nightxyz on 9:59 PM 06/23/2025: Password : crackme
robica59 on 1:51 AM 06/24/2025: first time trying one of those things (im just a mere ML engineer) cus i couldnt sleep at 4am. Took me 2 hours but very fun learning everything from 0
hmx78912 on 4:43 PM 06/24/2025: nightxyz, why did you have to spoil it ? and secondly something is telling me that you probably just brute forced/guessed the password... you explained nothing, ON the reversing process. so i wont class this as a success (LACK OF EVIDENCE)
hmx78912 on 4:46 PM 06/24/2025: Thank you robica59, please upload a write-up
hmx78912 on 4:50 PM 06/24/2025: Yes Lilsan44444, someone seemed to have changed it, was originally a difficulty of '3'
nightxyz on 4:54 PM 06/24/2025: @hmx78912 While debugging with X64dbg, I saw that the first character of the real password was the character "c". Then, when I looked at the memory area where this "c" character came from, the letters appeared as "c r a c k m e" in a crisscross pattern, and when I tried that password, I saw that it was correct. So, as you can see, I didn't do brute force. Also, I'm not the first person to directly explain the password in the comments section of this site. If you look at the comments sections of other crackme files, you can see hundreds of examples. I sent a solution once, but I couldn't make the management like it either. Then I gave up sending a solution.
hmx78912 on 5:01 PM 06/24/2025: Okay no worries, nightxyz, and yes i did take a look at your "profile" you love doing crackmes! and congrats. i will be writing a V2 challenge with better ways to encrypt the password :D
hmx78912 on 5:02 PM 06/24/2025: Thank you for trying my challenge hope you enjoyed it
nightxyz on 6:26 PM 06/24/2025: @hmx78912 It's a nice crackme. It was hard at first, I looked at the same places over and over. I examined the anti-debug sections over and over. Then, while tracing line by line, I was looking at the registers and I found the place where the first character of the random password I entered was compared to the "c" character. Then, when I dumped it to the rsi+4 address, I saw the text crackme diagonally. There is a 36 byte difference between each letter. The following part of the code helped me find the result.
00007FF611D52473 | 8BC3 | mov eax,ebx
00007FF611D52475 | 44:3A7E 04 | cmp r15b,byte ptr ds:[rsi+4]
00007FF611D52479 | 0F94C0 | sete al
00007FF611D5247C | FFC0 | inc eax
r15b is the address of the password I entered
rsi+4 is the address of the real password.
I am waiting v2, best regards...