Number of crackmes:
Number of writeups:
Comments:
| Name | Author | Language | Arch | Difficulty | Quality | Platform | Date | Downloads | Writeups | Comments |
|---|
| Crackme | Date | Infos |
|---|---|---|
| Hacker's Edge Book CrackMe v2 | 2026-01-14 07:48 | The solution (the string that needs to be keyed in to solve this crackme) is redacted as the author provided a coupon code to to redeem his memoir for free. The coupon code is also redacted. |
| Azure | 2026-01-12 14:36 | I hope it is detailed enough. |
| Crackme | Comment | Date |
|---|---|---|
| The Alchemist's Lock | Solved! My username on your website is dummkopf | 2026-03-09 07:02 |
| niko's crack me | I am quite sure the password is iamsmart right? | 2026-03-04 04:24 |
| impossible console crack me | @niko122 Looking forward to your next version :) | 2026-02-28 01:32 |
| OBSCURA - THE ENTROPY COIL Ver 1.0 | Idk if my code is totally correct but I have it here https://leetcode.com/playground/KBskU94v The hex are converted to decimal already. I am not a dev nor do I have lots of experience so please excuse my code :) | 2026-02-27 16:17 |
| OBSCURA - THE ENTROPY COIL Ver 1.0 | I'm using x64dbg. Yeah I'm able to find input signals with a score of 7 using my Python script. 10 is only possible on my computer if you allow Unicode characters it seems. | 2026-02-27 15:59 |
| impossible console crack me | The call rax instruction at 140002c94 will bring the RIP to the entry point of the unpacked code, which is at offset 0x2128. | 2026-02-27 15:14 |
| impossible console crack me | Tbh after I opened your crackme in x64dbg with my ScyllaHide plugin I can just hit F9 and the actual crackme will show up. I believe you unpacked the actual crackme on heap and use VirtualAlloc + memcpy. Unless you only allow static analysis finding the password is really easy... | 2026-02-27 15:03 |
| impossible console crack me | Password: EasyPassword I attached my debugger after running the crackme and it became a trivial exercise. I will take a look at your custom packer now just for fun. | 2026-02-27 14:18 |
| OBSCURA - THE ENTROPY COIL Ver 1.0 | Hi @awaplay I did not reverse function 140002D50 using Python. I have your crackme in my debugger and used the value I have at 0x140041CA0, which is F8DAB42F. I saw that you used rdtsc and CheckRemoteDebuggerPresent and made sure to use the right values. If I'm not mistaken, your crackme does the following: (i) - the signal does not work if its length is < 8. (ii) - the sum of the characters is taken in function 140003150, and if it exceeds 0x100, [rsp+28] is set to 1, which forces [rsp+2C] to not be 0 or 2 i.e. function 140003320 will not be called. Assuming the characters in the signal is >= 0x21 (!), then the sum of characters must exceed 0x100. In this case function 140003480 will be called. (iii) - Function 140003480 takes each input character, apply SHL 0xD, xor it with F8DAB42F, and calls function 140003540, which stores the first 16 bytes at 0x140041CAC and apply ROR 4. (iv) - The bytes at 0x140041CAC are XORed in function 1400036c0 with hardcoded values [0x57, 0x12...], and if the count of resulting characters which fall within 0x20 and 0x7E inclusive is at least 10, the success message will be printed. But it doesn't seem possible to choose ASCII characters to get the count to be at least 10, which is what's confusing me. Or maybe I made a mistake somewhere? | 2026-02-27 13:32 |
| OBSCURA - THE ENTROPY COIL Ver 1.0 | Is there an input signal that actually works? The success message is 'SYSTEM STABLE. FREQUENCY MATCHED.', right? | 2026-02-27 10:38 |
| Custom packed crackme | This is an interesting crackme. The packer actually checks for NOP (0x90) in various APIs associated with anti anti-debug plugin (at least it works for Scylla Hide). It also seems to crash when I disable ASLR. However, the anti-debugging checks are easily mitigated by launching the program first then attaching a debugger. 1. The key is 16 (hex 10) characters long. 2. The sum of the chars making up the key must be 1316 (hex 526). Let arr = [46, 7B, 6A, 92, 6A, 78, C3, B2, 9E, AC, F5, C6, FE, 23, 0F, F5] 3. key[i] + 13*i = arr[i] This tells us the key is: FnPk67uW67s7bzY2 There are also (redundant) checks for the difference between the first and ninth character (= hex 11), sum of the fourth and thirteenth characters (= hex CD) etc. | 2026-02-25 14:08 |
| Acid's First Crackme | Password is secret123 | 2026-02-24 03:30 |
| easycrack | Password is just password There is a hard-coded SHA256 hash within the Crackme 0x1400051a0 at which I inputted into an online reverse lookup tool... | 2026-02-23 06:15 |
| BobxReal You Can't do it V2 ;) | I saw the hint that the password is 16 characters, but on my computer it seems that if entered fast enough many 16 character long strings (e.g. DEADBEEFCAFEBABE) will return correct, which I'm quite sure is unintended. | 2026-02-21 18:21 |
| CrackMe with password | It's hard in that I haven't figured out how the rest of your validation code works. However, if you look at the PE file in a disassembler the instructions mov dword ptr ss:[rsp+40], 746F6F72 ... etc are a little too obvious since 74, 6F, 72 etc are charcodes in hex. In fact, I'm quite new to RE and have never tried reversing executables with custom VMs and would love to know how it works! | 2026-01-27 14:03 |
| CrackMe with password | rootaccess1337 I can find it in the stack (follow rsp+rax+40 in dump at 1400014C4!) | 2026-01-27 12:34 |
| TooManyChecks | Flag(ByO@$$_a_B0$$) | 2026-01-26 12:46 |
| Keygen Me | SSZFV-9SCML-6E7J3-WT9R8-X9JB worked for me. Function FUN_14000BB10 in Ghidra suggests that the serial is has 28 (0x1C) characters, of the form XXXXX-XXXXX-XXXXX-XXXXX-XXXX, and X must be A-Z excluding I and O or 2-9. I am not sure how the serial is generated but it is argument passed to memcmp (pointer in the RDX register). | 2026-01-08 09:30 |
| Hide n Seek | Hey @Elvis can I DM you on Discord (or Reddit)? | 2026-01-06 15:59 |
| Hide n Seek | Will the correct password cause flag.exe to be launched or is that a red herring? | 2025-12-29 07:31 |