| Skill issue v2 |
Tools: x64dbg, Ghidra, DIE, Python
Analysis:
The binary has a TLS callback and IsDebuggerPresent
anti-debug check. ScyllaHide bypasses both.
Password Algorithm (positions 3-19):
char[i] = ((DAT_1400cc06d[i] ^ 0xA3) - i) ^ 0x5A
Gives: _!{N00bCrackm3}!_
Password format: 23 chars total
Any char + XX + _!{N00bCrackm3}!_ + XXX
Example: XXX_!{N00bCrackm3}!_YYY
Bug Fix:
FUN_140001950 loads wrong string address.
Patch file offset 0xd59: 0x33 → 0x53
This fixes the LEA to point to success message. |
2026-03-09 20:43 |
| decode me (hard) |
========================================
EXTREME CRACKME - LEVEL: IMPOSSIBLE
========================================
Enter the password: youhavedecodedit!
[+] ACCESS GRANTED.
[+] Password accepted.
Press Enter to exit...
secret_data = [
0x2C, 0x3B, 0x22, 0x40,
0x38, 0x28, 0x36, 0x38,
0x38, 0x3F, 0x44, 0x3C,
0x3C, 0x3E, 0x4A, 0x30,
0x84
]
password = ""
for i in range(17):
char = (secret_data[i] - i) ^ 0x55
password += chr(char)
print(password) |
2026-03-09 14:11 |