Number of crackmes:
Number of writeups:
Comments:
| Name | Author | Language | Arch | Difficulty | Quality | Platform | Date | Downloads | Writeups | Comments |
|---|
| Crackme | Date | Infos |
|---|
| Crackme | Comment | Date |
|---|---|---|
| Find the serial | int __cdecl sub_401DF4(int a1) { int ____VB________; // eax int v2; // eax int *sub_4024CC_1; // edi int v4; // eax int v5; // edx int v6; // eax int v7; // eax __int16 v8; // cx bool v9; // of __int16 n3; // cx double v11; // st7 char v12; // fps char v16; // fps int v20; // eax int v21; // eax int v22; // eax int v23; // eax int v24; // eax int v25; // eax int v26; // eax int v27; // edx int v28; // ebx int v29; // eax int v30; // eax int v31; // eax int v32; // eax int v33; // eax int v34; // eax int v35; // eax int v36; // eax int v37; // eax int v38; // eax int v39; // eax __int16 v40; // ax __int16 v41; // ax int *sub_4024CC_2; // [esp-28h] [ebp-180h] int v44; // [esp-Ch] [ebp-164h] BYREF double v45; // [esp+0h] [ebp-158h] int v46; // [esp+8h] [ebp-150h] double v47; // [esp+Ch] [ebp-14Ch] int v48; // [esp+14h] [ebp-144h] int v49; // [esp+18h] [ebp-140h] int v50; // [esp+1Ch] [ebp-13Ch] int v51; // [esp+20h] [ebp-138h] int v52; // [esp+24h] [ebp-134h] int i_1; // [esp+3Ch] [ebp-11Ch] __int16 v54; // [esp+58h] [ebp-100h] int ***p_p_p_p_n10; // [esp+60h] [ebp-F8h] BYREF _DWORD v56[2]; // [esp+64h] [ebp-F4h] BYREF const wchar_t *&H; // [esp+6Ch] [ebp-ECh] _DWORD v58[4]; // [esp+74h] [ebp-E4h] BYREF _DWORD v59[2]; // [esp+84h] [ebp-D4h] BYREF int (__stdcall **v60)(int); // [esp+8Ch] [ebp-CCh] wchar_t Serial_[4]; // [esp+94h] [ebp-C4h] BYREF int v62; // [esp+9Ch] [ebp-BCh] int p_n10[4]; // [esp+A4h] [ebp-B4h] BYREF int sub_4024CC[4]; // [esp+B4h] [ebp-A4h] BYREF _DWORD v65[2]; // [esp+C4h] [ebp-94h] BYREF int n2; // [esp+CCh] [ebp-8Ch] int v67; // [esp+D4h] [ebp-84h] BYREF int v68; // [esp+D8h] [ebp-80h] BYREF int v69; // [esp+DCh] [ebp-7Ch] BYREF int v70; // [esp+E0h] [ebp-78h] BYREF int v71; // [esp+E4h] [ebp-74h] BYREF int v72; // [esp+E8h] [ebp-70h] BYREF int v73; // [esp+ECh] [ebp-6Ch] BYREF int v74; // [esp+F0h] [ebp-68h] BYREF int v75; // [esp+F4h] [ebp-64h] BYREF int v76; // [esp+F8h] [ebp-60h] BYREF int v77; // [esp+FCh] [ebp-5Ch] BYREF int v78; // [esp+100h] [ebp-58h] BYREF int v79; // [esp+104h] [ebp-54h] BYREF int v80; // [esp+108h] [ebp-50h] BYREF int v81; // [esp+10Ch] [ebp-4Ch] BYREF int v82; // [esp+110h] [ebp-48h] BYREF int v83; // [esp+114h] [ebp-44h] BYREF int v84; // [esp+118h] [ebp-40h] BYREF unsigned int n6; // [esp+11Ch] [ebp-3Ch] int **p_p_p_n10[3]; // [esp+124h] [ebp-34h] BYREF unsigned __int8 *v87; // [esp+130h] [ebp-28h] int (__stdcall *v88)(int); // [esp+13Ch] [ebp-1Ch] BYREF int i; // [esp+140h] [ebp-18h] int *v90; // [esp+14Ch] [ebp-Ch] int *v91; // [esp+150h] [ebp-8h] int v92; // [esp+154h] [ebp-4h] unsigned int v93; // [esp+160h] [ebp+8h] v90 = &v44; v91 = dword_401100; v92 = a1 & 1; v93 = a1 & 0xFFFFFFFE; (*(void (__cdecl **)(unsigned int))(*(_DWORD *)v93 + 4))(v93); v88 = 0; n6 = 0; v84 = 0; v83 = 0; v82 = 0; v81 = 0; v80 = 0; v79 = 0; v78 = 0; v77 = 0; v76 = 0; v75 = 0; v74 = 0; v73 = 0; v72 = 0; v71 = 0; v70 = 0; v69 = 0; v68 = 0; v67 = 0; v65[0] = 0; sub_4024CC[0] = 0; p_n10[0] = 0; *(_DWORD *)Serial_ = 0; v59[0] = 0; v58[0] = 0; v56[0] = 0; p_p_p_p_n10 = 0; _vbaAryConstruct2(p_p_p_n10, dword_401BAC, 17); ____VB________ = ___VB______; // 是某个 VB 对象/窗体对象 if ( !___VB______ ) { _vbaNew2(dword_4016EC, &___VB______); ____VB________ = ___VB______; } v2 = (*(int (__cdecl **)(int))(*(_DWORD *)____VB________ + 768))(____VB________); sub_4024CC_1 = (int *)_vbaObjSet(&v67, v2); v4 = (*(int (**)(void))(*sub_4024CC_1 + 160))(); __asm { fnclex } if ( v4 < 0 ) _vbaHresultCheckObj(v4, sub_4024CC_1, dword_401B70, 160); v5 = v84; v84 = 0; _vbaStrMove((int)&v88, v5); // v88输入字符串 _vbaFreeObj(&v67); i_1 = _vbaLenBstr(v88); for ( i = 1; i <= i_1; i += 2 ) // 而是每次跳 2 个字符 { &H = L"&H"; // "&H" + "72" 变成 "&H72"在 VB 里,&H72 表示十六进制数 0x72。 v60 = &v88; v56[0] = 8; n2 = 2; v65[0] = 2; v59[0] = 16392; rtcMidCharVar(sub_4024CC, v59, i, v65); // rtcMidCharVar(..., i, ..., 2)取输入串从第 i 个位置开始的 2 个字符 if ( n6 >= 6 ) _vbaGenerateBoundsError(); v6 = _vbaVarCat(p_n10, sub_4024CC, v56); v7 = _vbaStrVarVal(&v84, v6); rtcR8ValFromBstr(v7); v87[n6] = _vbaFpUI1(); _vbaFreeStr(&v84, (int (__stdcall *)(int))sub_4024CC_2); sub_4024CC_2 = p_n10; _vbaFreeVarList(3, v65, sub_4024CC); if ( __OFADD__(1, n6) ) goto LABEL_33; ++n6; if ( __OFADD__(i, 2) ) goto LABEL_33; } // 所以整个循环的本质把输入字符串:72696768742E转换成字节数组: // [0x72, 0x69, 0x67, 0x68, 0x74, 0x2E]也就是 ASCII:r i g h t . if ( *v87 != 'r' ) goto LABEL_28; if ( !is_mul_ok(3u, v87[1]) ) goto LABEL_33; if ( 3 * v87[1] == '\x01;' ) // 3 * v87[1] == 315两边除以 3:b1 = 105 = 0x69 = 'i' // { v8 = v87[2]; // v87[2] - 100 == 3移项:b2 = 103 = 0x67 = 'g' v9 = __OFSUB__(v8, 'd'); n3 = v8 - 'd'; if ( v9 ) goto LABEL_33; if ( n3 == 3 ) { v48 = v87[3]; // v87[3] / 2 == 52 b3 = 104 = 0x68 = 'h' v47 = (double)v48; v11 = v47; if ( dword_403000 ) adj_fdiv_m64(0, 0x40000000); else v11 = v47 / 2.0; if ( (v12 & 0xD) != 0 ) goto LABEL_32; _vbaFpR8(); if ( v11 == 52.0 ) { v46 = v87[4]; v45 = (double)v46; v11 = v45; if ( dword_403000 ) adj_fdiv_m64(0, 1074790400); else v11 = v45 / 4.0; if ( (v16 & 0xD) == 0 ) { _vbaFpR8(); if ( v11 != 29.0 ) goto LABEL_28; v59[0] = 16401; v60 = (int (__stdcall **)(int))(v87 + 5);// 先看 dword_401B90 是什么 // 你前面查出来了: // // TEXT // 401B90 -> "E" // 所以这里一定和字符串 "E" 有关。 // // rtcHexVarFromVar 是什么含义 // 它把某个值转成十六进制字符串。 // // 比如: // // 0x2E -> "2E" // 0x1E -> "1E" // 0xE0 -> "E0" // 这里传入的是: // // C // (v87 + 5) // 也就是第 6 个字节 b5。 // // 所以这一步的意思是: // // 把第 6 个字节转成 hex 字符串 // // __vbaInStrVar(..., "E", hexstr, 1) // 这个相当于 VB 的 InStr,就是: // // 在字符串里找 "E" // // 如果找到了,返回位置;找不到返回 0。 rtcHexVarFromVar(v65, v59); v58[2] = dword_401B90; v58[0] = 8; &H = 0; v56[0] = 32770; v20 = _vbaInStrVar(sub_4024CC, 0, v58, v65, 1); v54 = _vbaVarTstEq(v56, v20); _vbaFreeVarList(2, v65, sub_4024CC); if ( v54 ) // 结合 VarTstEq 的结果,可读成: // // 如果 "E" 不在第 6 个字节的十六进制表示里,就失败。 // // 所以条件是: // // Hex(b5) 必须包含字母 E goto LABEL_28; v21 = rtcBstrFromAnsi(*v87); _vbaStrMove((int)&v73, v21); v22 = rtcBstrFromAnsi(v87[1]); _vbaStrMove((int)&v72, v22); v23 = rtcBstrFromAnsi(v87[2]); _vbaStrMove((int)&v71, v23); v24 = rtcBstrFromAnsi(v87[3]); _vbaStrMove((int)&v70, v24); v25 = rtcBstrFromAnsi(v87[4]); _vbaStrMove((int)&v69, v25); v26 = rtcBstrFromAnsi(v87[5]); _vbaStrMove((int)&v68, v26); v27 = v73; v28 = v72; wcscpy(Serial_, L"\n"); p_n10[0] = 10; sub_4024CC[0] = 10; v52 = v71; v51 = v70; v50 = v69; v62 = -2147352572; p_n10[2] = -2147352572; sub_4024CC[2] = -2147352572; v73 = 0; v72 = 0; v71 = 0; v70 = 0; v69 = 0; v49 = v68; v68 = 0; v29 = _vbaStrMove((int)&v84, v27); v30 = _vbaStrCat(v29); _vbaStrMove((int)&v83, v30); v31 = _vbaStrMove((int)&v82, v28); v32 = _vbaStrCat(v31); _vbaStrMove((int)&v81, v32); v33 = _vbaStrMove((int)&v80, v52); v34 = _vbaStrCat(v33); _vbaStrMove((int)&v79, v34); v35 = _vbaStrMove((int)&v78, v51); v36 = _vbaStrCat(v35); _vbaStrMove((int)&v77, v36); v37 = _vbaStrMove((int)&v76, v50); v38 = _vbaStrCat(v37); _vbaStrMove((int)&v75, v38); v39 = _vbaStrMove((int)&v74, v49); n2 = _vbaStrCat(v39); v65[0] = 8; v40 = v87[5]; v9 = __OFADD__(18, v40); v41 = v40 + 18; if ( !v9 ) { rtcMsgBox(v65, v41, sub_4024CC, p_n10, Serial_); _vbaFreeStrList( 17, &v84, &v83, &v82, &v81, &v80, &v79, &v78, &v77, &v76, &v75, &v74, &v73, &v72, &v71, &v70, &v69, &v68); _vbaFreeVarList(4, v65, sub_4024CC); goto LABEL_31; } LABEL_33: _vbaErrorOverflow(sub_4024CC_1); } LABEL_32: _vbaFPException(v93, v11); } } } LABEL_28: (*(void (__cdecl **)(unsigned int))(*(_DWORD *)v93 + 1788))(v93); LABEL_31: v92 = 0; _vbaFreeStr(&v88, ::sub_4024CC); p_p_p_p_n10 = p_p_p_n10; return _vbaAryDestruct(0, &p_p_p_p_n10); } | 2026-05-09 09:20 |
| Find the serial | 72696768740E 72696768741E 72696768742E 72696768743E 72696768744E 72696768745E 72696768746E 72696768747E ... | 2026-05-09 08:37 |
| c++ pavler1 | o'k | 2026-05-09 06:16 |
| lvl0 easy crackmes | // bad sp value at call has been detected, the output may be wrong! int __cdecl main(int argc, const char **argv, const char **envp) { _BYTE v4[24]; // [esp+0h] [ebp-D0h] BYREF _BYTE v5[24]; // [esp+18h] [ebp-B8h] BYREF _BYTE v6[24]; // [esp+30h] [ebp-A0h] BYREF _BYTE v7[24]; // [esp+48h] [ebp-88h] BYREF _BYTE v8[24]; // [esp+60h] [ebp-70h] BYREF _BYTE v9[24]; // [esp+78h] [ebp-58h] BYREF _BYTE v10[24]; // [esp+90h] [ebp-40h] BYREF _DWORD v11[6]; // [esp+A8h] [ebp-28h] BYREF char v12; // [esp+C1h] [ebp-Fh] BYREF char v13; // [esp+C2h] [ebp-Eh] BYREF char v14; // [esp+C3h] [ebp-Dh] BYREF char v15; // [esp+C4h] [ebp-Ch] BYREF char v16; // [esp+C5h] [ebp-Bh] BYREF char v17; // [esp+C6h] [ebp-Ah] BYREF char v18; // [esp+C7h] [ebp-9h] BYREF int *p_argc; // [esp+C8h] [ebp-8h] p_argc = &argc; __main(); std::string::basic_string(v11); std::allocator<char>::allocator(&v12); std::string::basic_string(v10, "C++ is best", &v12); std::allocator<char>::~allocator(&v12); std::allocator<char>::allocator(&v13); std::string::basic_string(v9, "Dota 2 >>>>> LoL", &v13); std::allocator<char>::~allocator(&v13); std::allocator<char>::allocator(&v14); std::string::basic_string(v8, "Python is trash", &v14); std::allocator<char>::~allocator(&v14); std::allocator<char>::allocator(&v15); std::string::basic_string(v7, "Hate from africa", &v15); std::allocator<char>::~allocator(&v15); std::allocator<char>::allocator(&v16); std::string::basic_string(v6, &unk_4060A3, &v16); std::allocator<char>::~allocator(&v16); std::allocator<char>::allocator(&v17); std::string::basic_string(v5, "fentanyl", &v17); std::allocator<char>::~allocator(&v17); std::allocator<char>::allocator(&v18); std::string::basic_string(v4, "imgay", &v18); std::allocator<char>::~allocator(&v18); std::operator<<<std::char_traits<char>>(&std::cout, "Find my secret : "); std::operator>><char>(&std::cin, v11); if ( (unsigned __int8)std::operator==<char>(v11, v4) ) std::operator<<<std::char_traits<char>>(&std::cout, "\nCorrect DaDdYYYY\n"); else std::operator<<<std::char_traits<char>>(&std::cout, "\nWRONG\n"); std::string::~string(v4); std::string::~string(v5); std::string::~string(v6); std::string::~string(v7); std::string::~string(v8); std::string::~string(v9); std::string::~string(v10); std::string::~string(v11); return 0; } | 2026-05-09 02:56 |