Profile

Crackme	Infos
RecursiveBC (Java)

Comment	Link
Hmm, it took 20 minutes... - h3110f413nD_9L@9Jl!s*jG IT allocates an execute-enabled stub at runtime (0x140004dcc) and decrypts 0x17 bytes from .rdata (0x1400100b0) using a byte wise XOR derived from the constants 0xDEADBEEFCAFEBABE and 0x1337BABE12345678. The resulting buffer is compared via the imported memcmp thunk (0x140009280) against the user-supplied wide string, so the decrypted ASCII text is the exact key accepted by the program Thank you for your work	==>
trendcrusher 596E-A989-6FB0-548E	==>
Thank you it's a good task Dry Tau 07D3-A4D8-73D8-B2A0 Very fun	==>
Yeah a couple of the VM semantics did trip me up - the bogus flag updates on some ALU ops and a quirky byte order on loads made my first emulator wrong. I fixed it by difftesting tiny bytecode snippets against the real VM until every opcode matched. After that the hash collapsed to a small round function, and I did a constrained search over printable bytes not blind brute force. Nice touch with the misleading dispatch and opaque predicates, that kept it fun	==>
Not brute forcing. I extracted and emulated your hidden VM from the JAR, verified its 32-bit instruction semantics, and only then ran a tiny constrained search over printable chars to satisfy the final 0x6A3B7FF5 check.	==>
Thank you... I spent three hours working on the task, it was interesting. I learned a lot for myself. Password: nscSK1fV	==>
Wow nice, wait new version. Thanks for your work	==>
}la	==>
thanks)Its easy. GJ	==>
I love this fruit)	==>
Gh0st_Hunt... You know next)	==>
xxoslayo, no it's not correct	==>
Thanks)	==>
It's not certain that there is anything, but just in case) Need to check carefully.	==>
27/72 security vendors flagged this file as malicious	==>
Thanks	==>
Serial - -AZAAfAAAAA1AAAxA-AA	==>
Ok sorry for early spoiler. Thanks for your task😊	==>
Very nice, thanks... helium-crackme.exe Welcome to Helium. Access granted, welcome to the system! solved the problem in an hour) license.bin (Zstd+MessagePack) builds a small neural network and checks 9 fixed inputs (seeds). The output is 32 bits; after thresholding ( 0.5) it must match T(S) = (ROL32(S, 5) * (ROL32(S, 5) ^ 0xDEDBEEF) + 4919) & 0xFFFFFFFF	==>
hmm... Its correct or no - Trac{SXgM7Sa{3X5a9wnvm{lSDakcfewsccy3d{WCVoASS{pCS31gsg3{ag3kTCSl6cN2CXqpskVv9_mK2iGrvg33qM0kpCh{rLceKf3b}	==>
And corect password without patch - Key:));'.( Applicatin finished. Thank you for this)	==>
Thank you)Patch working well. Starting application with PatchCRC protection CRC Monitoring Thread Started Key:dfr54435435 - not real) Applicatin finished.	==>
Username: 41Le1yID!uFbAxC Password: a0bahTbblPba0Bb Correct! Access Granted. Thanks, but so easy)	==>
TotallyNotThePassword	==>
c{oOwc	==>

Hmm, it took 20 minutes... - h3110f413nD_9L@9Jl!s*jG IT allocates an execute-enabled stub at runtime (0x140004dcc) and decrypts 0x17 bytes from .rdata (0x1400100b0) using a byte wise XOR derived from the constants 0xDEADBEEFCAFEBABE and 0x1337BABE12345678. The resulting buffer is compared via the imported memcmp thunk (0x140009280) against the user-supplied wide string, so the decrypted ASCII text is the exact key accepted by the program Thank you for your work

==>

trendcrusher 596E-A989-6FB0-548E

==>

Thank you it's a good task Dry Tau 07D3-A4D8-73D8-B2A0 Very fun

==>

Yeah a couple of the VM semantics did trip me up - the bogus flag updates on some ALU ops and a quirky byte order on loads made my first emulator wrong. I fixed it by difftesting tiny bytecode snippets against the real VM until every opcode matched. After that the hash collapsed to a small round function, and I did a constrained search over printable bytes not blind brute force. Nice touch with the misleading dispatch and opaque predicates, that kept it fun

==>

Not brute forcing. I extracted and emulated your hidden VM from the JAR, verified its 32-bit instruction semantics, and only then ran a tiny constrained search over printable chars to satisfy the final 0x6A3B7FF5 check.

==>

Thank you... I spent three hours working on the task, it was interesting. I learned a lot for myself. Password: nscSK1fV

==>

Wow nice, wait new version. Thanks for your work

==>

}la

==>

thanks)Its easy. GJ

==>

I love this fruit)

==>

Gh0st_Hunt... You know next)

==>

xxoslayo, no it's not correct

==>

Thanks)

==>

It's not certain that there is anything, but just in case) Need to check carefully.

==>

27/72 security vendors flagged this file as malicious

==>

Thanks

==>

Serial - -AZAAfAAAAA1AAAxA-AA

==>

Ok sorry for early spoiler. Thanks for your task😊

==>

Very nice, thanks... helium-crackme.exe Welcome to Helium. Access granted, welcome to the system! solved the problem in an hour) license.bin (Zstd+MessagePack) builds a small neural network and checks 9 fixed inputs (seeds). The output is 32 bits; after thresholding ( 0.5) it must match T(S) = (ROL32(S, 5) * (ROL32(S, 5) ^ 0xDEDBEEF) + 4919) & 0xFFFFFFFF

==>

hmm... Its correct or no - Trac{SXgM7Sa{3X5a9wnvm{lSDakcfewsccy3d{WCVoASS{pCS31gsg3{ag3kTCSl6cN2CXqpskVv9_mK2iGrvg33qM0kpCh{rLceKf3b}

==>

And corect password without patch - Key:))*;'.(* Applicatin finished. Thank you for this)

==>

Thank you)Patch working well. Starting application with PatchCRC protection CRC Monitoring Thread Started Key:dfr54435435 - not real) Applicatin finished.

==>

Username: 41Le1yID!uFbAxC Password: a0bahTbblPba0Bb Correct! Access Granted. Thanks, but so easy)

==>

TotallyNotThePassword

==>

c{oOwc

==>

crackmes.one

crackmes.one

trendcrusher's profile

0

1

25

Crackmes

Latest writeups

Latest comments