vilxd's crack the points

Author:
vilxd

Language:
C/C++

Upload:
2025-11-08 20:07

Download

Platform:
Windows

Difficulty:
2.0

Quality:
3.5

Arch:
x86-64

Downloads:
125

Size:
120.82 KB

Writeups:
2

Comments:
14

Description

Crack the variable for giving points bigger than 0 please also tell me how long it took you)

Comments (14)
Writeups (2)

You must be logged in to post a comment

Ayush_reverser on 2025-11-10 13:31: It didn't took me more than 15 min to solve this challenge.But i really enjoyed solving it. I have uploaded a writeup let's see if it would get accepted!!

Lilsan44444 on 2025-11-11 21:08: Was pretty easy just had to edit the part where it printed it change it from %d to 9 ez took 2 minutes

azger on 2025-11-12 13:16: hi Ayush_reverser, how to open your write up, i mean when i download yours it ask for the key just like chall did.

Ayush_reverser on 2025-11-13 05:08: azger use the password "crackmes.one" to unzip the archive

muruder on 2025-11-14 01:20: It took about 20 minutes but it's very interesting.

xweeb on 2025-11-15 09:39: я новичок но хорошо я возломал и заняло гдето 30м но для меня было довольно сложно найти обнуление переменой

Shreni on 2025-11-17 10:28: this was very simple, just find the main() function for starters

genass3 on 2025-11-20 14:52: (0000001FB6BFF738 (11) 00 00 00 00 00 00 00 70 41 1E 9E 51 01 00 00 000000A23AFFF738 (11) 00 00 00 00 00 00 00 70 41 A1 C5 2C 02 00 00

genass3 on 2025-11-20 14:53: (0000001FB6BFF738 (11) 00 00 00 00 00 00 00 70 41 1E 9E 51 01 00 00 000000A23AFFF738 (11) 00 00 00 00 00 00 00 70 41 A1 C5 2C 02 00 00

genass3 on 2025-11-20 14:54: i cant send it properly for some reason but you can change the value in brackets and output is gonna change

adenosinetp10 on 2025-11-21 17:15: literally hardcoded the 0 in your 'aYourCountPoint'. Patching that works!

mds on 2025-11-27 11:08: hello everyone. I change instruction in function printf_constprop_0 ............ mov [rsp+38h+arg_8], rdx mov [rsp+38h+arg_10], r8 mov [rsp+38h+arg_18], r9 mov [rsp+38h+var_10], rbx ................................ mov dword ptr [rsp+38h+arg_8], 3D530h nop - 8 times Maybe I misunderstood the problem?

srimmbow on 2025-12-11 00:32: i'm not sure i understand. it seems like everyone is just using debugger manipulation to change the points, which isn't really an exploit. i couldn't find a real exploit to this

Xkr0t0s on 2025-12-25 21:10: like 15-20 sec , just edit the line xor edx, edx {0x0} to mov edx, 0x280d or any num u want (use binaryninja)

You must be logged in to submit a writeup

Solution by Ayush_reverser on 2025-11-10 11:38:
It was my first writeup in crakmes.one. Hope you would enjoy it!!

Download

Solution by SenorGPT on 2025-12-17 11:54:
Patch/trainer-style challenge: the program prints "Your count points is %d" with a hard-coded zeroed value. I located the call site in x64dbg/Ghidra and wrote a Python trainer that launches the process suspended, computes moduleBase + RVA, and patches the code to load a user-chosen value into EDX before the printf call. To make the patch robust, I used a trampoline and an allocated code cave (VirtualAllocEx) instead of guessing free space in .text.

Download