Profile

Crackme	Comment	Date
Medium Crackme	Username: admin Serial: 5735A4910CE0BE53 Access Granted	2026-06-06 08:15
Jörmungandr	Open it in IDA, go to main (0x1400098F8) Check the parent process's protection—sub_1400096A0 at 0x140009A14. There, NtQueryInformationProcess retrieves the parent's PID and checks the name hash against a whitelist. Run it from cmd/explorer—it’ll work. Or patch: E8 XX XX XX XX 85 C0 75 0F → 90 90 90 90 90 90 90 EB 0F Anti-emulation at 0x140009AF2 — patch the same way The most important part is the VM. There’s double indirection there: opcode = bytecode[data[ip] ^ lcg_state]. PRNG: For bytecode shuffle: edi = ecx ^ (ecx << 5), where ecx = eax ^ (eax >> 17), eax = state ^ (state << 13) For XORing data on fetch: state = state * 0x19660D + 0x3C6EF35F The VM executes 5 instructions: 4 × PUSH_LIT (values 0xACE22A66, 9, 2, 0) + 0x72 (ECC point_mul). Stack after HALT: [0xACE22A66, 1, 0, 0]. Three pops in main → v39 = 0. With v39=0, verification fails—any serial number is valid. The .ouro check waits for serial ^ 0x55AA55AA == 0xDEADBEEF → serial number 0x8B07EB45. But for the injector, the key must match v39 → serial number 0x0. Decoy serial number: pow(2, 32337, 2^64-59) = 0x1331D66091E9E2E5 — do not enter this; it will cause a delayed crash after 30 seconds. If the binary does not launch — patch 0x140009955: kernelbase hash 0x9C650027 → 0xB4162BC4, and after the NOP-instructions, call rax at 0x1400099E1 (printf with NULL). After that, I decided to give up	2026-06-05 13:48
CrackMe Hard 3	@liboxin i patch program ye	2026-05-31 09:32
CrackMe Hard 3	ultra hard crackme / x64 serial> VHARD{AAAAAAAAAAAAAAAAA} ACCESS GRANTED	2026-05-30 07:53
CrackmesForBeginners (CFB) #5	[+] Password: $C[Ba.0 [] Running 4 generations of Game of Life... =================================================== [+] ACCESS GRANTED! Congratulations! You have successfully solved CFB5! =================================================== Press Enter to exit...	2026-05-30 06:32
easy crackme	--- DEBUG --- Decrypted length: 20 Input length: 4 SHA256 match: False XOR match: False Base64 match: False Contains crackme: False V8 flag: False RESULT: ACCESS GRANTED	2026-05-30 05:53
JavaClasser	RELUNSEC{t3pe_jud3ein4_i4_p6}	2026-05-30 05:26

Username: admin Serial: 5735A4910CE0BE53 Access Granted

2026-06-06 08:15

Open it in IDA, go to main (0x1400098F8) Check the parent process's protection—sub_1400096A0 at 0x140009A14. There, NtQueryInformationProcess retrieves the parent's PID and checks the name hash against a whitelist. Run it from cmd/explorer—it’ll work. Or patch: E8 XX XX XX XX 85 C0 75 0F → 90 90 90 90 90 90 90 EB 0F Anti-emulation at 0x140009AF2 — patch the same way The most important part is the VM. There’s double indirection there: opcode = bytecode[data[ip] ^ lcg_state]. PRNG: For bytecode shuffle: edi = ecx ^ (ecx << 5), where ecx = eax ^ (eax >> 17), eax = state ^ (state << 13) For XORing data on fetch: state = state * 0x19660D + 0x3C6EF35F The VM executes 5 instructions: 4 × PUSH_LIT (values 0xACE22A66, 9, 2, 0) + 0x72 (ECC point_mul). Stack after HALT: [0xACE22A66, 1, 0, 0]. Three pops in main → v39 = 0. With v39=0, verification fails—any serial number is valid. The .ouro check waits for serial ^ 0x55AA55AA == 0xDEADBEEF → serial number 0x8B07EB45. But for the injector, the key must match v39 → serial number 0x0. Decoy serial number: pow(2, 32337, 2^64-59) = 0x1331D66091E9E2E5 — do not enter this; it will cause a delayed crash after 30 seconds. If the binary does not launch — patch 0x140009955: kernelbase hash 0x9C650027 → 0xB4162BC4, and after the NOP-instructions, call rax at 0x1400099E1 (printf with NULL). After that, I decided to give up

2026-06-05 13:48

CrackMe Hard 3

@liboxin i patch program ye

2026-05-31 09:32

CrackMe Hard 3

ultra hard crackme / x64 serial> VHARD{AAAAAAAAAAAAAAAAA} ACCESS GRANTED

2026-05-30 07:53

CrackmesForBeginners (CFB) #5

[+] Password: *$C[Ba.0 [*] Running 4 generations of Game of Life... =================================================== [+] ACCESS GRANTED! Congratulations! You have successfully solved CFB5! =================================================== Press Enter to exit...

2026-05-30 06:32

easy crackme

--- DEBUG --- Decrypted length: 20 Input length: 4 SHA256 match: False XOR match: False Base64 match: False Contains crackme: False V8 flag: False RESULT: ACCESS GRANTED

2026-05-30 05:53

JavaClasser

RELUNSEC{t3pe_jud3ein4_i4_p6}

2026-05-30 05:26

crackmes.one

crackmes.one

ogurets8235's profile

0

0

7

Crackmes

Writeups

Comments