| easycrack |
Password is just password
There is a hard-coded SHA256 hash within the Crackme 0x1400051a0 at which I inputted into an online reverse lookup tool... |
2026-02-23 06:15 |
| BobxReal You Can't do it V2 ;) |
I saw the hint that the password is 16 characters, but on my computer it seems that if entered fast enough many 16 character long strings (e.g. DEADBEEFCAFEBABE) will return correct, which I'm quite sure is unintended. |
2026-02-21 18:21 |
| CrackMe with password |
It's hard in that I haven't figured out how the rest of your validation code works. However, if you look at the PE file in a disassembler the instructions mov dword ptr ss:[rsp+40], 746F6F72 ... etc are a little too obvious since 74, 6F, 72 etc are charcodes in hex. In fact, I'm quite new to RE and have never tried reversing executables with custom VMs and would love to know how it works! |
2026-01-27 14:03 |
| CrackMe with password |
rootaccess1337
I can find it in the stack (follow rsp+rax+40 in dump at 1400014C4!) |
2026-01-27 12:34 |
| TooManyChecks |
Flag(ByO@$$_a_B0$$) |
2026-01-26 12:46 |
| Keygen Me |
SSZFV-9SCML-6E7J3-WT9R8-X9JB worked for me. Function FUN_14000BB10 in Ghidra suggests that the serial is has 28 (0x1C) characters, of the form XXXXX-XXXXX-XXXXX-XXXXX-XXXX, and X must be A-Z excluding I and O or 2-9. I am not sure how the serial is generated but it is argument passed to memcmp (pointer in the RDX register). |
2026-01-08 09:30 |
| Hide n Seek |
Hey @Elvis can I DM you on Discord (or Reddit)? |
2026-01-06 15:59 |
| Hide n Seek |
Will the correct password cause flag.exe to be launched or is that a red herring? |
2025-12-29 07:31 |