Number of crackmes:
Number of writeups:
Comments:
| Name | Author | Language | Arch | Difficulty | Quality | Platform | Date | Writeups | Comments |
|---|
| Crackme | Date | Infos |
|---|
| Comment | Date | Link |
|---|---|---|
| FLAG: uname:bobsicle&pass:680-sboata-740 Simple Python Keygen: uname = input(f'What is your username?') print(f'your key is '+str(len(uname)*85)+'-'+uname[1:4][::-1]+'ata-'+str(len(uname)*80+100)) | 8:26 AM 07/12/2025 | ==> |
| FLAG:"73313" (cdkey is 5968496) int32_t INT_73255 = 0x11e67 int32_t INT_5968496 = 0x5b1270 printf(format: "Type cd-key: ") int32_t userInput scanf(format: "%d", &userInput) if (INT_5968496 == userInput) printf(format: "%d\n", INT_73255 ^ 6 (73313) | 6:09 PM 07/02/2025 | ==> |
| FLAG:"flag{3sc0d1d0_3h_M41s_G0st0S0}" in a "secret" function. on 004011d4 printf(format: "flag{%d%c%c%dn%c%d%c%d_%dh_M%d%dā¦", 3, 0x73, 0x63, 0, 0x64, 1, 0x64, 0, 3, 4, 1, 0, 0x73, 0, 0) | 3:29 PM 07/02/2025 | ==> |
| FLAG:"easycrack" __builtin_strcpy(dest: &hardcodedpass, src: "easycrack") | 3:24 PM 07/02/2025 | ==> |
| FLAG:"3" 004011c9 if (divs.dp.d(sx.q(int_14 + int_100 * 3), int_100) != userInput) so ((100*3)+14)=314\100=3.14 but it compares it as an int. so no decimals. resulting in 3. then compares that to the user input. | 3:22 PM 07/02/2025 | ==> |
| FLAG:"LiL2281337" 00401034 0040104f if (_strcmp("LiL2281337", &string) != 0) 00401065 _printf(format: "Oyh man! Very bad, password not ā¦") 0040104f else 00401056 _printf(format: "Nice job :-). Password found.\n") 00401056 | 3:12 PM 07/02/2025 | ==> |
| FLAG:"cracked" 004012f4 00401306 // the total of adding "de"+"k"+"car"+"c" 00401306 for (int32_t i = 0; i | 3:01 PM 07/02/2025 | ==> |
| Flag:"bd4c217637bc828982c090b2de41b84d"-an MD5 hash of pass1785 Found on 0040128a which gets xor with 3 on 004013b3 | 4:52 PM 07/01/2025 | ==> |
| FLAG:"wonderwhatthepasswordishmm" - found after the compiler housekeeping in the actual main function. at 00401e1c | 4:36 PM 07/01/2025 | ==> |
| Flag:"13" - as compared with the custom function at 00401457 | 4:23 PM 07/01/2025 | ==> |
| FLAG: "#fuck~irgc" 004007fa int64_t check_key(char* userInput) 004007fa { // var_20 unused 004007fa int32_t var_20 = 0; 0040080e int32_t tmp = 0; 0040080e 00400825 // has between 8 and 10 chars, including 00400825 if (strlen(userInput) 7 && strlen(userInput) 0x3e7) 004008bd return 1; 004008bd 004008a3 printf("Nope 999: break print(f'Congrads, use password {tmppass}') | 1:27 PM 06/30/2025 | ==> |
| FLAG:"pass" - found on 00402005 in ordata | 12:36 PM 06/29/2025 | ==> |
| FLAG:"Dad" - in a compare at 00418c67 | 12:26 PM 06/29/2025 | ==> |
| FLAG:"Nick"&"4ACE00F" - UserName&Password combo at 00419502&00419516 | 12:18 PM 06/29/2025 | ==> |
| FLAG:"buhnahna" found at 100003ef4 as a hardcoded string. | 12:03 PM 06/29/2025 | ==> |
| FLAG:"12345" - from char temp0_1 = *(uint8_t*)(rax_2 + 0x140003423);, the password is found at 140003423 as a char array | 11:52 AM 06/29/2025 | ==> |
| FLAG:"ErhwHwrhrwWhrwwHwhr" -note that the code never exits the while true loop. so no "Valid Password" output, but just an endless re-prompt user for password. | 10:23 AM 06/29/2025 | ==> |
| FLAG:"263132" - int array turning into a char array(string), then argC(2) at the end. | 8:35 AM 06/29/2025 | ==> |
| FLAG:"do_not_hardcode" - a... hardcoded :') password that compares itself with the user input | 7:56 AM 06/29/2025 | ==> |
| there is no FLAG, at least not one executed or intereacted with in the code. its just a simple russian Caesar's cipher tool | 7:33 AM 06/29/2025 | ==> |
| FLAG:"3812" - from if (userInputVariable == 0xee4) | 6:47 AM 06/29/2025 | ==> |
| FLAG:"imgay" | 6:28 AM 06/29/2025 | ==> |
| FLAG:sifreyok under namespace olartikForm1Login_Clickb | 8:22 AM 06/28/2025 | ==> |
| Flag:"ValidPassword" from the base64 "VmFsaWRQYXNzd29yZA==" at 140001717 | 7:31 AM 06/28/2025 | ==> |
| secret123 - the first string at 0xa on _.rdata with Binary Ninja | 7:10 AM 06/28/2025 | ==> |