Crackmes

Name	Author	Language	Arch	Difficulty	Quality	Platform	Date	Writeups	Comments
ORiGiN KeygenMe	ToMKoL	Assembler	x86	4.0	4.0	Windows	11:26 AM 01/06/2021	0	6

Crackme	Infos
jade by cyclops	Short tutorial explaining steps taken to solve crackme with keygen (+src)
trinity by cyclops	Short tutorial with keygen (+src)
cyclops_crackme3.0 by cyclops	Short tutorial with keygen (+src)
drivercrackme1 by coderess	Great crackme as a exercise. Too bad that algo was such easy.
where_is_the_fish by chupachu	Short explanation of steps taken to find password
fishme_by_chupachu_2 by chupachu	Short tutorial with keygen (+src) for this simple crackme.
crackme4 by arjani	Solution with patch (+src).
crackme_0.3 by arjani	Short tutorial with keygen (src)
anonimoser_crackme_iv by anonimoser	Proper solution to this old crackme.
crackme7 by mucki	Tutorial + kg (with src) + modified iso
csdrillard039_s_trial_crackme_3 by czdrillard	Short tutorial and keygen without brute force method. Enjoy this fun crackme.
crackme6 by mucki	Quite nice brainfck crackme. Great for first time reversing brainfck.
crackme4 by mucki	Nice crackme to learn basics of reversing Java.
daprunk by redoc	Working keygen and a little description
keygenme_5 by hmx0101	Keygenme is bugged. This is description of protection only.
keygenme_2 by hmx0101	Solution with proper keygen (+src).
cryptokeygenme_1 by hmx0101	Tutorial with keygen (+src) to old easy keygenme
hmx0101s_keyfileme_1 by hmx0101	Nice keygenme with a little modified crypto. Great for learning purposes.
keygenme_1 by hmx0101	Nice keygenme with completely modified MD5. Great for learning purposes.
keygenme_6 by hmx0101	Solution with keygen (+src)
auz_cavora by artfulwave	Solution with keygen (+src)
hmx0101s_crackme_3 by hmx0101	Tutorial with keygen (+src) and crack (+src)
crypto_namecompanyserial_keygenme by c0dehaz4rd	Funny crackme. Quite interesting to play with.
crackme_3 by boba_fett	Very simple crackme. I'm suprised it was unsolved for over 20 years.
crackme_2 by boba_fett	Solution for 20 years old VB p-code simple crackme. Had fun solving it.
Tester009's Keygenme#1	Solution with 3 python script to help solve the challenge.
crackme_6_anorganix by anorganix	Overrated but quite nice.
crackme_4_by_rewolf by rewolf	Solution to crackme 4 by ReWolf. English and polish. Keygen source included.

Comment	Link
It's not packed or protected. Use any res edit and disassembler and You have source code. Reverse protection and get original source code.	==>
Spoiler https://blog.washi.dev/posts/binaryshield-vm-crackme/ Spoiler	==>
Some working combos (solution will follow soon): Coderess A1QD1-NEG5T-IDGIJ-ZTVXQ-AGMB7 8A4582D2D1C615A93D3965A90A627C2D ToMKoL A1QBC-DAAR5-NJEPP-RMKKK-AGMF3 C284A64DABC21553D57A593C46623CBA	==>
There already is a tutorial that is trying to explain all answers. And since I started my 'journey' in late 1990 it could be considered cheating as I remember this all from my youth. I've simply clarified some question that tutorial author had problem with.	==>
Answer for first crackmes page - https://archive.org/details/ReverseCodeEngineeringRceCdsandman2000 - check 'E_Bliss' content Answer for what crackmes were used - https://defacto2.net/file/list?output=card&platform=windows§ion=groupapplication&sort=date_asc - collection of trial crackmes	==>
Great crackme. Was really fun to solve.	==>
Great crackme to start reversing Java. Very user friendly and quite easy to solve.	==>
Nice one. Quite fun to play with. And also You can learn some winsock things.	==>
Quite easy but fun keygenme. Will post solution and proper keygen soon.	==>
Pretty nice. Working on reconstructing hash for keygen purpose.	==>
Very easy. Nothing to reverse. Only for newbies.	==>
Very easy crackme. Author is fan of 'not'. Only for newbies who wants to practice cracking delphi targets.	==>
Fun with NE format. For all interested here is my working combo: ToMKoL FFFFA2F3-21713	==>
Crashes on Win 10 x64 20H2. Please specify correct version of windows that is capable of running crackme.	==>
@Tester009 I've replied in second crackme comments section.	==>
On Win 7 crashes after going into check procedure. In initdlg procedure KiUserExceptionDispatcher is being repleaced by crackme own routine. Then there is exception generated in check routine and we crash in new KiUserExceptionDispatcher. When will finally switch to Win 10 will give it another try. For now I'll leave it to others to discover all other crackme secrets.	==>
Currently operating on win 7 but will give it a try. Who knows maybe will figure out something.	==>
It is quite simple. It calculates CRC32 from serial part3 and compare it to constant value. You have 5 chars in range 1-FF (null byte isn't allowed) and this gives You maximum 40 bits to test. So You have to test 1-FFFFFFFFFF range by calculating it's CRC32 value and comparing with constant. Hope now it's easier to understood.	==>
Sample key pair: name: ToMKoL company: [c4U] serial: 4F4E2F32634E5941674943344F7961555739427939464D32525A73304649616D532F572B734779427A454E31505757365839734E6F56637A504F45376B5334654141324666765862707156504F314D4C644169573969355655456F706A3779466578634A31354972722F69477433737A466664754A556D62356E716E73446B354667765637536E48306F4F776F5A5A45367332315536756261594556584269437064552B71516C6245684778646278706343623242354F61343241487A76484C316E484A6E5642506F6B393031756344344174734D4D505A545669726F683369466554582B722B39744977506272445A486464722F62492F3776595258486C312F304E32706F432B5A6939722F6F61432F6A673349426F354B53654D552F644646746371532F57756D6759776975696E516E443439616B537553346177387368613141566370746E4D6F70724246544571786553694554542F43722B4831355239526E304D4A7A6C75564567457171494367326977695442384F532B424B6F514C557363685A6351737753422F2B636D557039326D306D4B48647764436A2B62347A345A51424B386851773D AES and base64. Quite funny.	==>
Made mistake. Crackme is fully solvable. Here is example key pair: Name: ToMKoL; Serial1: 534; Serial2: 14,9662922	==>
Second stage is broken. There is no possibilty to calculate valid serial. Verification goes like this: 15 * decval(left(stage1serial,3)) - 18 == stage2serial * decval(left(stage1serial,3))	==>
@n0ve3mber - please don't write about reversing hash function. For Your information it's not possible. Functions that have reverse function aren't hash functions.	==>
MD5 have been broken years ago. Finding collision on modern computers takes seconds. So telling that this crackme uses strong encryption method is pointless. Other thing is that there exists web pages that offer finding plain text for given hash (rainbow tables). This way this crackme can be solved in seconds. Other thing is that FAQ don't tell any thing about using commercial or not encryption/protection systems. There are crackmes on this site that are protected with strong commercial systems and till now no one banned them.	==>
Judging by the charset I supose it's base36 conversion.	==>
It's written in pure assembler. Not packed or protected in any way. You can check it's not virus/trojan. Either throw out Defender or better reverse it and tell what malicious task it performs.	==>
I'm glad You liked it. Yes last part is quite simple math (althrough all pieces are simple once You know what they do). Waiting for solution once You put all pieces together.	==>
"OUPWO" - testing - if site doesn't show then sixth char is 0x3E	==>
OUPWO - type this as name with any serial and crackme solved.	==>
Maybe some harder math equations? If You want to implement CRC32 there is plenty of vulnerabilities that can be used with it. And making serial more name dependent will make it harder. If in this one serial would depend more on name it would make writing keygen quite difficult.	==>
@Tester009 Here is my keygen - serial that works for any name. Name - any (2 to 40 chars to satisfy keygenme condition) Serial - 007007D8B5C3R2CC0DED0C59B If it displays bad it's 0x07.	==>
@Tester009 Well I uploaded my solution. It was nice keygenme. I was a bit disapointed with name dependency. If it was more name dependent it would be more challenging. I most liked the part 5 serial check. This took me most of time.	==>
Made one small mistake with range and can tell that there are two possible separators. Here is second combo: ToMKoL 1131106FF1C3R2C51BCD07B19 If it displays wrong it's 0x06.	==>
Nice one. I wouldn't rate it as 4. At most 3 but really interesting keygenme. Here is mine combo: ToMKoL ¶11311¶06FF1¶C3R2C¶51BCD¶07B19¶ And aswering to Xor0 question separator has only one solution that pass check.	==>

It's not packed or protected. Use any res edit and disassembler and You have source code. Reverse protection and get original source code.

==>

Spoiler https://blog.washi.dev/posts/binaryshield-vm-crackme/ Spoiler

==>

Some working combos (solution will follow soon): Coderess A1QD1-NEG5T-IDGIJ-ZTVXQ-AGMB7 8A4582D2D1C615A93D3965A90A627C2D ToMKoL A1QBC-DAAR5-NJEPP-RMKKK-AGMF3 C284A64DABC21553D57A593C46623CBA

==>

There already is a tutorial that is trying to explain all answers. And since I started my 'journey' in late 1990 it could be considered cheating as I remember this all from my youth. I've simply clarified some question that tutorial author had problem with.

==>

Answer for first crackmes page - https://archive.org/details/ReverseCodeEngineeringRceCdsandman2000 - check 'E_Bliss' content Answer for what crackmes were used - https://defacto2.net/file/list?output=card&platform=windows§ion=groupapplication&sort=date_asc - collection of trial crackmes

==>

Great crackme. Was really fun to solve.

==>

Great crackme to start reversing Java. Very user friendly and quite easy to solve.

==>

Nice one. Quite fun to play with. And also You can learn some winsock things.

==>

Quite easy but fun keygenme. Will post solution and proper keygen soon.

==>

Pretty nice. Working on reconstructing hash for keygen purpose.

==>

Very easy. Nothing to reverse. Only for newbies.

==>

Very easy crackme. Author is fan of 'not'. Only for newbies who wants to practice cracking delphi targets.

==>

Fun with NE format. For all interested here is my working combo: ToMKoL FFFFA2F3-21713

==>

Crashes on Win 10 x64 20H2. Please specify correct version of windows that is capable of running crackme.

==>

@Tester009 I've replied in second crackme comments section.

==>

On Win 7 crashes after going into check procedure. In initdlg procedure KiUserExceptionDispatcher is being repleaced by crackme own routine. Then there is exception generated in check routine and we crash in new KiUserExceptionDispatcher. When will finally switch to Win 10 will give it another try. For now I'll leave it to others to discover all other crackme secrets.

==>

Currently operating on win 7 but will give it a try. Who knows maybe will figure out something.

==>

It is quite simple. It calculates CRC32 from serial part3 and compare it to constant value. You have 5 chars in range 1-FF (null byte isn't allowed) and this gives You maximum 40 bits to test. So You have to test 1-FFFFFFFFFF range by calculating it's CRC32 value and comparing with constant. Hope now it's easier to understood.

==>

Sample key pair: name: ToMKoL company: [c4U] serial: 4F4E2F32634E5941674943344F7961555739427939464D32525A73304649616D532F572B734779427A454E31505757365839734E6F56637A504F45376B5334654141324666765862707156504F314D4C644169573969355655456F706A3779466578634A31354972722F69477433737A466664754A556D62356E716E73446B354667765637536E48306F4F776F5A5A45367332315536756261594556584269437064552B71516C6245684778646278706343623242354F61343241487A76484C316E484A6E5642506F6B393031756344344174734D4D505A545669726F683369466554582B722B39744977506272445A486464722F62492F3776595258486C312F304E32706F432B5A6939722F6F61432F6A673349426F354B53654D552F644646746371532F57756D6759776975696E516E443439616B537553346177387368613141566370746E4D6F70724246544571786553694554542F43722B4831355239526E304D4A7A6C75564567457171494367326977695442384F532B424B6F514C557363685A6351737753422F2B636D557039326D306D4B48647764436A2B62347A345A51424B386851773D AES and base64. Quite funny.

==>

Made mistake. Crackme is fully solvable. Here is example key pair: Name: ToMKoL; Serial1: 534; Serial2: 14,9662922

==>

Second stage is broken. There is no possibilty to calculate valid serial. Verification goes like this: 15 * decval(left(stage1serial,3)) - 18 == stage2serial * decval(left(stage1serial,3))

==>

@n0ve3mber - please don't write about reversing hash function. For Your information it's not possible. Functions that have reverse function aren't hash functions.

==>

MD5 have been broken years ago. Finding collision on modern computers takes seconds. So telling that this crackme uses strong encryption method is pointless. Other thing is that there exists web pages that offer finding plain text for given hash (rainbow tables). This way this crackme can be solved in seconds. Other thing is that FAQ don't tell any thing about using commercial or not encryption/protection systems. There are crackmes on this site that are protected with strong commercial systems and till now no one banned them.

==>

Judging by the charset I supose it's base36 conversion.

==>

It's written in pure assembler. Not packed or protected in any way. You can check it's not virus/trojan. Either throw out Defender or better reverse it and tell what malicious task it performs.

==>

I'm glad You liked it. Yes last part is quite simple math (althrough all pieces are simple once You know what they do). Waiting for solution once You put all pieces together.

==>

"OUPWO" - testing - if site doesn't show then sixth char is 0x3E

==>

OUPWO - type this as name with any serial and crackme solved.

==>

Maybe some harder math equations? If You want to implement CRC32 there is plenty of vulnerabilities that can be used with it. And making serial more name dependent will make it harder. If in this one serial would depend more on name it would make writing keygen quite difficult.

==>

@Tester009 Here is my keygen - serial that works for any name. Name - any (2 to 40 chars to satisfy keygenme condition) Serial - 007007D8B5C3R2CC0DED0C59B If it displays bad it's 0x07.

==>

@Tester009 Well I uploaded my solution. It was nice keygenme. I was a bit disapointed with name dependency. If it was more name dependent it would be more challenging. I most liked the part 5 serial check. This took me most of time.

==>

Made one small mistake with range and can tell that there are two possible separators. Here is second combo: ToMKoL 1131106FF1C3R2C51BCD07B19 If it displays wrong it's 0x06.

==>

Nice one. I wouldn't rate it as 4. At most 3 but really interesting keygenme. Here is mine combo: ToMKoL ¶11311¶06FF1¶C3R2C¶51BCD¶07B19¶ And aswering to Xor0 question separator has only one solution that pass check.

==>

crackmes.one

crackmes.one

ToMKoL's profile

1

28

33

Crackmes

Latest writeups

Latest comments