| AoRE_KeyGenMe |
Hi @PatBateman,
Thanks for taking the time to explore the challenge and share your PDF.
Your approach demonstrates a good understanding of PyInstaller internals and module extraction - and yes, leveraging the GUI loader logic to reconstruct how the encrypted payload becomes the .pyd is a valid RE step.
However, as noted in the challenge description, the intended solution was a standalone KeyGen that reimplements the algorithm rather than calling the internal core module itself. Using the extracted .pyd as the engine means the original validation logic is still being executed, so it's not considered the full solution for this KeyGenMe.
Still - good effort, and thanks for participating.
- InDuLgEo / AoRE ☠️🧬
Reverse with honor – or not at all. |
2025-12-06 06:42 |
| AoRE_KeyGenMe |
Congrats, CyberGecko,
very nice use of dynamic instrumentation and monkey-patching instead of going straight for patching or cheap tricks.
This is exactly the kind of solution I had in mind when designing the challenge.
Respect.
InDuLgEo / AoRE ☠️🧬 |
2025-12-02 09:34 |
| AoRE_KeyGenMe |
@tGecko
Good question.
No - using the internal module to generate the serial is not considered a valid solution.
A valid answer requires reimplementing the algorithm externally, based on your own reversing work.
Calling the embedded module, dumping it, or wrapping it is equivalent to patching or shortcutting the logic, so it doesn’t meet the rules.
The goal of this challenge is to understand and reproduce the key derivation, not to reuse the binary’s own implementation.
Looking forward to your approach 🙂
- InDuLgEo / AoRE ☠️🧬
Reverse with honor or not at all. |
2025-12-01 23:31 |
| InDuLgEo_KeyGenMe_V4 |
🔥 @Ja4V8s28Ck
Good question, my friend!
Nope — the binary stays completely silent if the serial is wrong. No MessageBox, no beep, not even a flicker. 🫥
💡 That was intentional: the whole idea was to force the reverser to dig deep into the logic.
If you see any output… you already won.
When the name+serial is valid, though…
☑️ You will get visual feedback — loud and clear. 😉
Keep going, I’m sure you’ll get there.
— InDuLgEo / AoRE ☠️🧬
"Reverse with honor or not at all." |
2025-07-07 06:08 |
| InDuLgEo V3-B — The DOS Intro Challenge |
🔥 @Ja4V8s28Ck
Man, that makes your work even more impressive.
Coming from playing Super Mario on DOS to unpacking a .COM file, tracing execution and dropping a clean writeup? That’s the kind of evolution we love to see.
You didn’t just solve it — you made it easier for others to follow. That’s how legends start.
Big props from me and the whole AoRE vibe.
Keep pushing — the scene needs more minds like yours.
— InDuLgEo / AoRE ☠️🧬
|
2025-07-06 11:21 |
| InDuLgEo V3-B — The DOS Intro Challenge |
🔥 @Ja4V8s28Ck
Absolutely brilliant work — your solution captures the true spirit of this .COM challenge.
✅ You dissected the unpacking logic with precision
✅ Used DEBUG like a true oldschooler
✅ Reconstructed the XOR routine flawlessly
✅ Preserved every visual effect while customizing your final message
Your Python script to automate the patching process was a clever touch, and your attention to the string layout (with $ terminators intact!) shows deep understanding of DOS internals.
💾 The re-XOR with 0x18 and proper byte alignment — pure scene craftsmanship.
And I’ve tested your patched .COM — it works flawlessly.
Exactly as intended: clean, intact, and with your own message shining at the end. 👏
Massive respect for taking the time to understand and modify, not just "crack".
The scene needs more minds like yours.
— InDuLgEo / AoRE ☠️🧬
“Reverse with honor or not at all.” |
2025-07-06 10:22 |
| InDuLgEo_CrackME_V2 |
🧠 Reply to @Ja4V8s28Ck — About AoRE
AoRE is not a book, nor a course.
It’s a philosophy — a mindset born in the scene when binaries spoke in opcodes, and keygens came with scrolls, music, and crafted intros.
🔍 The Art of Reverse Engineering was once a crew, yes —
But more than a team, it was a style.
It was never about brute force or patched bytes.
It was about logic. Elegance.
About rebuilding what the original coder wrote — and doing it better.
Those of us who grew up with MS-DOS, SoftICE, and oldschool .nfo files know:
🔧 It was always about respect — for the binary, for the process, and for the coder on the other side of the screen.
So when someone writes a clean, working KeyGen…
🎯 That’s AoRE spirit.
AoRE never died.
It just went underground.
And some of us still carry the flag. ☠️🧬
— InDuLgEo / AoRE
“Reverse with honor or not at all.” |
2025-07-04 17:49 |
| InDuLgEo V3-B — The DOS Intro Challenge |
🔥 @nightxyz
Thanks for the kind reply, and your dedication really shines through.
You’re clearly from the oldschool era — SoftICE, Turbo Debugger... that’s the real legacy.
📁 No worries about the .COM file — your explanation in the PDF was already clean and complete.
Even your attention to the system’s upload limitations shows you care about presenting things right.
🧠 If you do get a chance to re-upload both files together, great.
If not — your work still speaks for itself, loud and clear.
— InDuLgEo / AoRE ☠️🧬
“Reverse with honor or not at all.”
🔥 Scene is alive — because minds like yours still play the game right. |
2025-07-04 17:35 |
| InDuLgEo V3-B — The DOS Intro Challenge |
🔥 @nightxyz I’ve carefully reviewed your .pdf solution, and I must say:
✅ Everything is spot on!
🧠 Great job analyzing the decryption logic and patching routine with the XOR 0x18.
I really liked how you explained each step, even using DEBUG inside DOSBox — that’s true .COM old-school spirit.
👾 The attention to details like INT 21h, AH=09h and the use of $ as a string terminator shows full understanding of the program's flow.
🔧 Not including the patched .COM isn't a big deal — your .pdf is clear, well-structured, and serves perfectly as a documented solution.
Well done on your clean and technical approach.
— InDuLgEo / AoRE ☠️🧬 |
2025-07-04 15:55 |
| InDuLgEo_CrackME_V2 |
— Reply to Ja4V8s28Ck:
Thanks for sharing your full KeyGen and taking time to understand the algorithm. I appreciate that you eventually posted the complete version and clarified your method.
However, let me also clarify something from my side — this challenge was not about dumping a value during strcmp or relying on patched binaries. It was meant to be reversed, understood, and reimplemented cleanly.
Many cracked it the lazy way and posted serials without even touching the algorithm. That’s not what AoRE or this scene is about. It’s why I insisted so strongly — not out of ego, but out of respect for true RCE.
Now that you’ve posted a functional Python KeyGen showing full understanding of the logic, that’s the spirit I hoped to see in the first place. That part, I do respect. 💀🔍
Let’s keep this scene alive through respect, authenticity, and clean work.
Good reversing.
— InDuLgEo / AoRE ☠️🧬 |
2025-07-04 13:45 |
| InDuLgEo_CrackME_V2 |
🧠 InDuLgEo on 07/04/2025 — Reminder to All:
🚫 Stop dropping raw serials here like it's a guessing game.
This is not about brute-force, collisions or dumping hex strings.
🎯 This is a KeyGenMe —
That means:
🔍 Understand the logic.
📜 Rebuild the algorithm.
🧠 Code your own working KeyGen.
You don’t prove anything by just posting a valid serial.
You prove it by showing you reversed it properly.
So if you really cracked it...
📎 Let’s see your code.
🧩 Let’s see the math.
🧰 Let’s see the KeyGen.
AoRE was never about shortcuts — it was about respect.
For the binary. For the process. For the art.
— InDuLgEo / AoRE ☠️🧬
“Reverse with honor or not at all.” |
2025-07-03 23:20 |
| InDuLgEo V3-B — The DOS Intro Challenge |
Reply to nightxyz:
Thanks for your interest in the .COM crackme 😊
The fire effect is just an intro transition. The actual challenge is in the third section — the fractal is static, and your task is to patch the final text shown at the bottom without breaking any visuals or the effect sequence.
So yes, the goal is to modify the bottom strings shown in the final screen (fractal section) while keeping everything else intact.
You don't need to animate or change the fractal — only modify the final message (e.g., "Reverse by ...") to show your custom tag or nickname.
Good luck!
— InDuLgEo / AoRE ☠️🧬 |
2025-07-03 12:38 |
| InDuLgEo_CrackME_V2 |
Thanks for checking out the challenge, nightxyz.
✅ Your Name + Serial combo is valid.
❌ But remember — this is a KeygenMe, not a guessing contest.
🧠 The goal is to understand the algorithm, reverse it, and prove your knowledge.
Just posting a correct serial without any write-up, dump, or working keygen misses the essence of the challenge.
You're welcome to share your insights — the real reward is in the process.
— InDuLgEo / AoRE ☠️🧬
“Reverse with honor or not at all.” |
2025-07-01 14:07 |
| InDuLgEo_CrackME_V2 |
🦴 InDuLgEo on 07/01/2025 – Reply to Elvis:
Yes, AoRE still exists — not as a group, but as an idea.
Not as a warez team... but as a creed.
👁️ The Art of Reverse Engineering was never about numbers or fame — it was about style, respect for the binary, and pushing the boundaries of what’s possible in a disassembler.
This CrackMe is a tribute to that philosophy.
To those who learned from keygens as kids...
To those who still smile when they see push eax / call MessageBox.
So call it a resurrection, or maybe just a reminder:
AoRE never died... it just went underground.
And some of us still carry the flag. ☠️🧬
— InDuLgEo / AoRE |
2025-07-01 10:34 |
| InDuLgEo_CrackME_V2 |
🧠 Heads-up for reversers and AV engines:
⚠️ This CrackMe may trigger false positives on VirusTotal due to:
- Use Packer (Custom)
- Encrypted constants ()
- Basic anti-debug (IsDebuggerPresent)
- Obfuscated validation logic
🚫 This is 100% safe and educational.
✔️ You are encouraged to unpack and analyze it freely.
— InDuLgEo / AoRE ☠️🧬
|
2025-06-30 17:04 |
| Unconventional JavaScript HTML Crack Me |
🔥 Nice and clean logic. Fun mini-reversing challenge.
🛠️ Keep them coming — always ready for more 🔥
– InDuLgEo ☠️🧬 |
2025-06-30 13:25 |
| Unconventional JavaScript HTML Crack Me |
🔓 InDuLgEo_RCE on 06/30/2025:
Challenge completed ✅ — Pure static RCE 🧬
🔎 Analysis:
- The FLAG{...} string is randomly generated each time.
- The inner content is expected to be converted to ASCII HEX.
- The resulting hex string becomes the valid secret key.
- Bonus: Konami code was detected (↑↑↓↓←→←→BA) but skipped — not part of the core challenge.
📖 Solution logic:
1. Extract string inside the flag (e.g. FLAG{InDuLgEo} → "InDuLgEo")
2. Convert each character to 2-digit hex:
- I → 49, n → 6e, D → 44, ...
3. Join them all:
- "InDuLgEo" → `496e44754c67456f`
4. Enter the resulting hex as the key — success!
🧠 Tools used: no debugger needed. Solved statically via source inspection.
Written a Python helper script for convenience:
- python:
def flag_to_key(flag: str) - str:
if not flag.startswith("FLAG{") or not flag.endswith("}"):
return "Invalid format. Use: FLAG{content}"
content = flag[5:-1]
return ''.join(f"{ord(c):02x}" for c in content)
if __name__ == "__main__":
flag = input("Enter FLAG: ").strip()
print(f"Secret Key: {flag_to_key(flag)}") |
2025-06-30 13:15 |
| CrackMe_By_InDuLgEo_V1 |
--.- Reply to hmx78912:
✅ Confirmed: “David” + “AORE-6685” → success.
✅ Backdoor: “AoRE2025” → unlocked.
Great reverse, hmx78912! Thanks for playing.
|
2025-06-29 22:30 |
| CrackMe_By_InDuLgEo_V1 |
InDuLgEo on 06/29/2025 – Reply to hmx78912:
Good observation. Your Python logic correctly deduces the serial formula:
Serial = "AORE-" + (len(username) * 1337) ✅
And yes, the backdoor "AoRE2025" is spot on. ✅
But this is still a partial solution. A real reverse engineer confirms it works in practice.
✅ You’ve reverse engineered the logic.
❌ You haven’t proven it.
If you’re confident, pick any username — for example, "David" — and post:
The generated serial
A screenshot or confirmation that the binary accepts it
That’s when it becomes a valid solution.
🔓 I’ll be watching. Go ahead, prove it. 😎 |
2025-06-29 19:33 |
| CrackMe_By_InDuLgEo_V1 |
hmx78912 :- The back door is correct!
But could you provide a name and would it be correct?? |
2025-06-29 19:23 |
| CrackMe For Noobs | EZ Anti-debug | Ez String-Encryption |
Spoiler---------
Nice CrackME with good anti-debug techniques, normal BP, and string encryption!
The real password is :- PASS132SECRETIK
Notes: It's easily patchable, but finding the password was the real challenge.
_/\_-=InDuLgEo-=_/\_RCE_2025.
E.O.F ;) |
2025-06-28 09:40 |
| unpack_me_plzzz |
Hi noname45617,
I've sent you an email to download the .Unpacked file!
I hope it helps you understand the process ;)
If you have any questions, just email me or write to me here, whichever you prefer!
Best regards.
_/\_-=InDuLgEo-=_/\_RCE_2025.
E.O.F ;) |
2025-06-28 09:08 |
| unpack_me_plzzz |
What I don't understand is how they're posting an UnPackme challenge here if the .dump file can't be uploaded!? Well, if you want the unpackaged PE, just let me know and I'll share it! Cheers! _/\_-=InDuLgEo=-_/\_ _RCE_2025.- |
2025-06-27 20:40 |
| unpack_me_plzzz |
InDuLgEo InF0:- PE Unapcked & Modifiqued- Accept any Flag!
---------
Contact:eddyindulgeo@gmail.com - For more info and tips! |
2025-06-27 20:24 |