Crackmes

Comment	Link
Nice crackme. I solved it statically. Timing is key.	==>
memes_ctf{h3ll0_to_anarhist47} - found randomly in memory while debugging. Should probably be hidden a bit better :D	==>
Flag: matesctf{Just_4an0ther_l4m3_pr0t3ct0r} Whew. That was a very difficulty but good crackme. I've learned A LOT while trying to crack this and there probably still is a lot to find. Without giving too much away: I wrote a tool to recreate some of the "missing" code.	==>
@4epuxa. Did not solve this myself yet, but i am pretty sure you need to fix the PE header by manually editing it in a Hex-Editor. Not sure if IDA can deal with the overlapping headers, but Ghidra can not. So i think you need to redefine the sections and maybe entry point so that it executes and generates the flag.	==>
Nice crackme. Ghidra seems to have some problems decompiling it. How what the intermediary "print" function called? I can somewhat trace it in the debugger, but the call stack seem to be off.	==>
Nice quick crackme. Keygen: https://pastebin.com/1hW1Ujkg	==>
Very nice crackme. I've got very lucky as my first guess "wfwfwfw" directly got accepted as valid :D. Here is one possible keygen: https://pastebin.com/Shu0cUrM	==>
Again a very nice crackme. I've solved it statically, but with a decompiler. My solution in the end was to only replace two bytes inside the authdata file. Settings the first to the calculated/needed byte and the second one to 0x00, so that the check at the end would only consider this one byte. I also updated the checksum, which wasn't too bad after understanding how it is calculated.	==>
Nice crackme. bytes = bytes out of .auth File for (byte in bytes) { /// solve this for keyByte and write into .KEY file byte % keyByte = 0x34 }	==>
forgot at the end: rndNumber = floor(rndNumber * 10000);	==>
int timestamp = time(); rndNumber = (timestamp % 50) / 50; (until rndNumber 0.0) int i = 5; while (i != 0) { rndNumber = (1.0 - rndNumber) * 3.8 * rndNumber; i--; }	==>
Great CrackMe. I've learned a lot of new stuff about Ghidra and ASM in general with this. Thanks for that!	==>
nevermind. My comment is incorrect. It takes all digits, but there is some extra code	==>
Password only depends on first digit. Logic (afaik) is this: res = 0; for (int i = digitSquared; i != 0; i = i / 10) res = res * 10 + i % 10; password = res + 2 * digit; Example: Number = 5, Password = 62	==>
2f13sgdf45fgh6f5g - the disassembly in ghidra stumped for a bit since the length of the input was never written to (it least so it seemed). Any ideas why that looked that way? Inside x32dbg it was quite obvious then.	==>
veiledre{--------{---(@} obtained by debugging the last compare	==>

Nice crackme. I solved it statically. Timing is key.

memes_ctf{h3ll0_to_anarhist47} - found randomly in memory while debugging. Should probably be hidden a bit better :D

Flag: matesctf{Just_4an0ther_l4m3_pr0t3ct0r} Whew. That was a very difficulty but good crackme. I've learned A LOT while trying to crack this and there probably still is a lot to find. Without giving too much away: I wrote a tool to recreate some of the "missing" code.

==>

@4epuxa. Did not solve this myself yet, but i am pretty sure you need to fix the PE header by manually editing it in a Hex-Editor. Not sure if IDA can deal with the overlapping headers, but Ghidra can not. So i think you need to redefine the sections and maybe entry point so that it executes and generates the flag.

==>

Nice crackme. Ghidra seems to have some problems decompiling it. How what the intermediary "print" function called? I can somewhat trace it in the debugger, but the call stack seem to be off.

==>

Nice quick crackme. Keygen: https://pastebin.com/1hW1Ujkg

==>

Very nice crackme. I've got very lucky as my first guess "wfwfwfw" directly got accepted as valid :D. Here is one possible keygen: https://pastebin.com/Shu0cUrM

==>

Again a very nice crackme. I've solved it statically, but with a decompiler. My solution in the end was to only replace two bytes inside the authdata file. Settings the first to the calculated/needed byte and the second one to 0x00, so that the check at the end would only consider this one byte. I also updated the checksum, which wasn't too bad after understanding how it is calculated.

==>

Nice crackme. bytes = bytes out of .auth File for (byte in bytes) { /// solve this for keyByte and write into .KEY file byte % keyByte = 0x34 }

==>

forgot at the end: rndNumber = floor(rndNumber * 10000);

==>

int timestamp = time(); rndNumber = (timestamp % 50) / 50; (until rndNumber 0.0) int i = 5; while (i != 0) { rndNumber = (1.0 - rndNumber) * 3.8 * rndNumber; i--; }

==>

Great CrackMe. I've learned a lot of new stuff about Ghidra and ASM in general with this. Thanks for that!

==>

nevermind. My comment is incorrect. It takes all digits, but there is some extra code

==>

Password only depends on first digit. Logic (afaik) is this: res = 0; for (int i = digitSquared; i != 0; i = i / 10) res = res * 10 + i % 10; password = res + 2 * digit; Example: Number = 5, Password = 62

==>

2f13sgdf45fgh6f5g - the disassembly in ghidra stumped for a bit since the length of the input was never written to (it least so it seemed). Any ideas why that looked that way? Inside x32dbg it was quite obvious then.

==>

veiledre{--------{---(@} obtained by debugging the last compare

==>

crackmes.one

crackmes.one

puelo's profile

0

0

16

Crackmes

Latest writeups

Latest comments