Upload:
4:46 PM 08/17/2025
Description
This is my first crackme (yeah!)
When you execute the crackme.exe, it reads a line from stdin, hashes it, and compares the hash to a hardcoded hash. If the hashes are the same, it prints the string "Access granted!". You can consider you cracked the crackme if you get "Access granted!" to appear on the terminal, by any means other than modifying the executable in anyway. Both the .c and .s files correctly represent the containts of the .exe file.
Good look.
You must be logged in to post a comment
karabatik on 6:15 PM 08/17/2025: This was a nice little challenge. I analyzed the binary with Ghidra and found that the auth() function compares the hash result with 0x4262d2e9. Instead of trying to reverse the hash algorithm (which would be quite tedious with the modified djb2), I decided to patch the comparison directly.
I located the CMP EAX,0x4262d2e9 instruction at the binary level and replaced it with CMP EAX,EAX followed by NOPs. This way, the comparison always results in true, and the program grants access regardless of the input.
The hash function itself was interesting - starting with 0xA5A5A5A5 and using ret = (ret
karabatik on 6:16 PM 08/17/2025: ret = (ret
nightxyz on 11:59 AM 08/18/2025: Pasword : 4530395016
I wrote c++ program to make brute-force.
RodrigoTeixeira on 2:57 PM 08/18/2025: Guys, I'll make it clear that the intended method to solve the crackme is not brute force! Please instead try to find the vulnerability in the code instead involving a buffer overflow.
RodrigoTeixeira on 3:03 PM 08/18/2025: Here are some known solutions to this crackme (solutions with invalid ascii characters will be written in hex):
"4530395016" (shout out to nightxyz for discovering this one)
"Hashed Password" (originally used to generate the hash)
"c{nnwc" (generated by my mobile phone in less than a secound without using brute force!! (check writeup for more details))
(hex) 02 10 09 02 1D 15 0D (also generated by my mobile phone in less than a secound, and also without brute force)
(hex) 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 c6 14 40 00 (abuses the buffer overflow to, from auth, return to grant_access instead of returning to main (check the crackme's source code))
deathrow on 4:15 PM 08/18/2025: Is the difficulty set on 2.0 because of buffer overflow problem?
nightxyz on 6:17 PM 08/18/2025: You didn't mention in the title that you don't accept brute force. There are many crackme authors who hashed the password with sha256 and asked us to find the password. I didn't even think about buffer overflow in your crackme program. I saw that it was performing some mathematical operations, and I automated it. The fact that the password can only be found using numbers is a weakness of the program. The program also provided other passwords besides the one I provided, but I only wrote one.
Elvis on 2:50 AM 08/21/2025: Yep I think bruteforce is fine
trendcrusher on 3:15 PM 09/05/2025: c{oOwc
You must be logged in to submit a writeup