Crackmes

crackmes.one

b1h0's profile

Number of crackmes:

0

Number of writeups:

7

Comments:

7

Crackmes
Writeups
Comments

Crackmes

Name	Author	Language	Arch	Difficulty	Quality	Platform	Date	Writeups	Comments

Latest writeups

Crackme	Infos
Find password	Here you have my static analysis with the solution made with Ghidra.
Small Keygenme	Here is my solution with static analysis using Ghidra, and the keygen with its source code.
Lucky Numbers	Here is my solution to the crackme analyzed statically with Ghidra
Keyg3n_M1#1	Here is my solution to crackme with dynamic analysis in Ghidra, and the source code with the keygen to generate the possible passwords.
Easy Peasy	#### Ghidra 1. Load executable and Analyze. 2. Search in Symbol Tree left dialog the text "main". 3. In Listing you can see at address 0040155a the username that is: "iwonderhowitfeelstobeatimetravel" 4. Next, at address 0040158c the password is revealed to us: heyamyspaceboardisbrokencanyouhelpmefindit? 5. In the code decompilation window you can also see clearly. 6. I think we don't need anything else.
VIP_access_me	The function that really matters to us. The one that decrypts the VIP Code. It is in the address 00401CF0. Just put a breakpoint at address 00401D67 and check that it is what is loaded into the EAX register that contains the memory address where the VIP CODE is. But only works VIP Codes for user joe and monkey.
mexican	# [evilprogrammer's mexican](https://crackmes.one/crackme/5d63011533c5d46f00e2c305) ## Crackme by [b1h0](https://crackmes.one/user/b1h0) - Used x64dbg debbuger. - Once the EntryPoint is located, you can verify that at the address 0x00401500 a subroutine begins, which is the one shown in the flag text. We will call this subroutine: sub_result_cracked ![mexican_01](mexican_01.PNG "sub_result_cracked") - Then later we can find in the address 0x004013dd a call to the address 0x0040162c which is the subroutine that we will call sub_compare_crackme. We establish a breakpoint there and then continue step by step. ![](mexican_02.png) - Finally at address 0x00401642 we find a comparison of the value 0xC1 with the value 0xC1. The key is that the two values have to be different, and in particular the first one greater than the second, therefore we change the first 0xC1 for a greater value, or the second 0xC1 for a smaller value. ![](mexican_03.png) - So we change the 0xC1 value of the comparison line to a lower value. For example, 0 (zero) ![patch](mexican_03_patch.png "patch" ) - And the flag message appears. Printed message: flag{M3x1c4nMl4lw4r3_pl3rro} ![patch](mexican_flag.png "flag{M3x1c4nMl4lw4r3_pl3rro}")

Latest comments

Comment	Link
Here you have my static analysis made with Ghidra. https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/TheReverser-Find_password/b1h0-TheReverser-Find_password.md	==>
Here is my static analysis with Ghidra and the keygen source code. https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/BinaryNewbie-Small_Keygenme/b1h0-BinaryNewbie-Small_Keygenme.md	==>
Here is my solution to the crackme analyzed statically with Ghidra. I also posted the solution on crackmes.one https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/oguzbey-Lucky_Numbers/b1h0-oguzbey-Lucky_Numbers.md	==>
About a week ago I sent my solution. But since I see that it does not appear, I leave here the link of my GitHub repository where I have also left it. https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/Shad3-Keyg3n_M1/b1h0-Shad3-Keyg3n_M1.md	==>
Only works VIP Codes for user joe and monkey. The function that really matters to us. The one that decrypts the VIP Code. It is in the address 00401CF0. Just put a breakpoint at address 00401D67 and check that it is what is loaded into the EAX register that contains the memory address where the VIP CODE is. My solution in Github. https://github.com/gabimarti/crackmes-solutions/tree/master/crackmes.one/toaster-VIP_access_me	==>
I see that my solution is published, but as I accompanied it with images it is perhaps not very clear. If someone is interested in seeing the whole process I have it published on Github. https://github.com/gabimarti/crackmes-solutions/blob/master/crackmes.one/evilprogrammer-mexican/b1h0-evilprogrammer-mexican.md	==>
Finding the flag is easy. Many people have already put it here. But it is best to patch it to see that the flag is displayed. I just uploaded my solution (the first in this reversing). Even so, I think there is an error, because the flag does not write a \ 0 at the end of the string and a memory leak appears.	==>