Number of crackmes:
Number of writeups:
Comments:
Name | Author | Language | Arch | Difficulty | Quality | Platform | Date | Writeups | Comments |
---|
Crackme | Infos |
---|---|
InDuLgEo V3-B — The DOS Intro Challenge |
Comment | Link |
---|---|
The program doesn't work properly anyway. Sometimes it works after a second double-click. Sometimes it says Access Denied, sometimes it displays mixed ASCII characters instead of "access denied" message, and sometimes it displays a message with blank characters. So, i didn't struggle with your custom PE packer. In x64dbg, after some unpacking routines, i came successfully accessed the unpacked file entry point which comes after initterm, argc and argv routines. | ==> |
No need to unpack it. Password is HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography\MachineGuid value. Each user has unique MachineGuid. | ==> |
@Ultrazvukoff You made shr cx,1A , which makes almost cx=0. So this section doesn't affect result. If it could affect, it would be harder to calculate and solve. Best regards... | ==> |
Password : aaaaabmpc There are lots of passwords which meets requirement. I made brute force because of mathematics. | ==> |
@ultrazvukoff No, it was not too easy. In fact, this is the first time I've encountered a program that exits after a certain amount of time after calling fgets. Although I didn't fully understand how fgets triggered the function addressed by beginthread, I was able to debug it easily by bypassing it. It's a nice crackme. There are even methods that bypass ScyllaHide. | ==> |
Excellent crackme. File has embedded DLL file. Die64 detects it. -----SPOILER----- Password : ******96 -----SPOILER----- | ==> |
Then my crackme works normally. I bypassed some of anti-debug techniques already like NtSetInformationThread and etc.. | ==> |
What is the aim of the crackme ? It always shows "OK" string. If you enter one char, it shows two "OK"s. iy you enter two char, it shows three "OK"s. Under debugger or without debugger, it works like this. | ==> |
JD-GUI failed but CFR succeeded in its mission. But it asks path, i enter c:\users\profilename\desktop and it gives "error occured". However, key works. Key is 7 characters long. | ==> |
@balazsofficial You are right. I forgot to mention it. | ==> |
Best tool is ILSpy to decompile it. | ==> |
--- SPOILER --- Password length should equal or greater than 8 chars. Password should contain al least one Capital Letter. Password should contain at least one lowercase letter. --- SPOLIER --- | ==> |
Password : R0b0_Su22y13378Pussy59283 This one got easy because i discovered "Rand" function from Watermelon crackme. | ==> |
Password : N!993R_K1ll3r It was hidden inside "rand" function. After several days, finally i found. | ==> |
The password for every crackme file on this site is "crackmes.one" (without quotes). As for this crackme file, it was specified as Multiplatform by the author of the program, but it was wrong. In fact, it is a Linux file and works under Linux derivatives. | ==> |
@InDuLgEo Thank you. I have used Softice, Sourcer, Turbo Debugger, Debug at old good DOS days. If i see anything related to DOS, it attracts me. At first, i only uploaded COM file but site manager rejected it because it doesn't have any description. Later, i uploaded solution but system only allows one file uploading. I wish I had compressed the 2 files into one and uploaded them. I asked the moderator but he didn't. After I uploaded the file, the system didn't allow me to upload the file again. I will try to upload again. | ==> |
@Elvis, author want patched file also but i could only uploaded pdf file. Can you combine my first uploaded COM file with this pdf file ? | ==> |
There are 3 sections in the program. In the first section, there is a blue image with a waving shape. After that, there is a fire effect in the second section. In the last section, there is a fractal but it is not an animated image. In the top rows, the messages are fixed and the phone ringing sound is heard intermittently. In the second section with the fire effect, is it to print text on the screen or to change the messages on the last screen that the programmer printed? | ==> |
Name : nightxyz Serial : 691604A0FA6FA1C99BCED0013AE788A2B39B56AFC0A96867BD2A1C31BE5DC9CE-OMGWTFBBQ | ==> |
I guess I'll make you angry again but this one didn't even take 10 minutes to crack. After seeing the part that checks the length of the password to 10 characters, I entered a random password. After the size check, after a few more steps, x64dbg showed a string as "awesome". I didn't even look at the memory area. I tried that and it worked. The previous crackme was harder in my opinion. If the password in the previous crackme file had been encrypted, my job would have been harder. The plus of this was that while debugging this, if I wanted to run another program directly, the debugger would detect it and the program would exit. And it wasn't even running under the debugger. Your obfuscated codes are very similar to the programs written by "nado" called "watermelon crackme" and "professional crackme", but I haven't been able to crack them yet. There is too much math and obfuscated code. | ==> |
Ida didn't work properly so i used X64dbg. ---SPOILER--- password is 47 chars long. ---SPOILER--- | ==> |
@hmx78912 It's a nice crackme. It was hard at first, I looked at the same places over and over. I examined the anti-debug sections over and over. Then, while tracing line by line, I was looking at the registers and I found the place where the first character of the random password I entered was compared to the "c" character. Then, when I dumped it to the rsi+4 address, I saw the text crackme diagonally. There is a 36 byte difference between each letter. The following part of the code helped me find the result. 00007FF611D52473 | 8BC3 | mov eax,ebx 00007FF611D52475 | 44:3A7E 04 | cmp r15b,byte ptr ds:[rsi+4] 00007FF611D52479 | 0F94C0 | sete al 00007FF611D5247C | FFC0 | inc eax r15b is the address of the password I entered rsi+4 is the address of the real password. I am waiting v2, best regards... | ==> |
@hmx78912 While debugging with X64dbg, I saw that the first character of the real password was the character "c". Then, when I looked at the memory area where this "c" character came from, the letters appeared as "c r a c k m e" in a crisscross pattern, and when I tried that password, I saw that it was correct. So, as you can see, I didn't do brute force. Also, I'm not the first person to directly explain the password in the comments section of this site. If you look at the comments sections of other crackme files, you can see hundreds of examples. I sent a solution once, but I couldn't make the management like it either. Then I gave up sending a solution. | ==> |
Password : Qk*{i9}6 | ==> |
Password : crackme | ==> |
Password : ElementaryMyDr!! | ==> |
Password is 21 characters long. It gets windows usernames like DESKTOP-XXXXXXX/Username and makes some calculations. I am busy to solve mathematics but i found my own password. | ==> |
Password : e4444 | ==> |
Password : ppppp | ==> |
Password : M1d3s19 | ==> |
I found first pair manually using calculator to get 7326. Numbers 66 x 111 is first pair. Then started with oBo.. but didn't pass criteria. Then started with Boo... and worked. I asked gemini other pair, it gaved me J and c char but i din't calculate. So, i manually calculated every step. Only AI gavr me second pair but i didn't use. | ==> |
Boozy :) | ==> |
Password : 4921 | ==> |
Correct pattern : 121212121 | ==> |
Password : thisisverysecret In x64dbg, a few lines later, letters are shown vertically. So, your obfuscators doesn't work very well. | ==> |
password : correct | ==> |
Lots of passwords. One of them is : BP!9$d!! | ==> |
I tested with 66 characters long password and didn't get DEADC0DE code with anyway. Did you test this crackme before publish ? | ==> |
Password : Alon Alush | ==> |
Password : iiiiiii} | ==> |
Username : zzzzzzzzzz Password : 1220 Sum of the username letters decimal equivalent. For example if you enter only A char for username, then password is decimal equivalent 65. username : A password : 65 | ==> |
@Mattpackman Patch is not allowed otherwise specified. | ==> |
@Enhancer Password is 4 chars. Total is decimal 895. It also adds Line Feed character as a fifth char. So, 5 x 0ah = decimal 50. Now result is 945. | ==> |
Password = 3p(smaller than sign)n Password is 4 characters long. | ==> |
Password : 3p | ==> |
Key = ThisPasswordIsRandomAsFuck | ==> |
@gimi001 Read Faq at menu. | ==> |
pseudo code: var1 = length of name looptimes = var1 repeat looptimes { var1 = (var1 * 19660Dh) + 3C6EF35Fh char result array[] = (var1 mod 5Eh) + 21h } split result with xxxx-xxxx-xxxx... format or xxxx-xx if odd length of input name. if result hex value contains letter like 7A, 4B etc.. then add 0Ch to that value. For example 7A becomes 7M, 3B becomes 3N. 3B645B becomes 3N64-5N | ==> |
I only used getdlgitemtexta breakpoint and used F7, F8 keys. | ==> |
Interestingly, i debuged program with x32dbg in my notebook and same password worked. But without debugger, password doesn't work in my notebook. In my desktop, password works without debugger. | ==> |