| Simple login crackme |
found the algo in main, it hashes the username with some multiply/xor shit (×1337 then xor 0x5A5A) and that's your password. just used user 123 |
2026-05-10 10:03 |
| Find the decryption key | Custom packer,no virtualization |
wait im super sped i skipped the whole password thing, thought it wasn't relevant :sobb: |
2026-05-10 00:12 |
| Find the decryption key | Custom packer,no virtualization |
solved it finally lol
so first thing is its packed with ElevenPack so you cant just open it in IDA. had to run it in x64dbg set a breakpoint on ExitProcess wait for it to fully unpack itself then use savedata to dump the memory and load that into IDA instead
once you get the real code theres a transform function that takes whatever you type in like up to 5 chars runs it through some XOR and rotate operations with a 32 byte key table and spits out scrambled bytes to stdout. looked like a password check at first but its actually doing nothing useful the input doesnt matter at all
the real check is way simpler than expected. it just calls GetModuleHandle and looks for mscoree.dll which is the .NET runtime. if its loaded exits with code 0 (win). if not exits with code 7 (fail). thats literally it lol the whole password thing is a red herring
to solve it just do loadlib mscoree.dll in x64dbg before you let it run then type anything when it asks and it exits with code 0. pretty sneaky crackme ngl, prolly just cus im speddd |
2026-05-10 00:09 |
| The laughing Binary - X |
the pass is 'RRYZQ@LFUJPURLENWRUWIQKMWLN]E\I
but this guy literally gave us the src :sob: |
2025-04-12 13:33 |