| CRACKME - C |
CR4CKM3_1234
while (segredo[contador] == (senha_usuario[contador] ^ 0x55) + 7 ^ 0x33)
????????
|
2026-06-22 04:14 |
| Dojas crackme |
Solved it by not trusting the decompiler output alone. Ghidra showed flag() as an empty function, but the assembly revealed many MOV instructions writing constant values to stack offsets.
The immediate values were printable ASCII bytes. After extracting the useful bytes in the correct order, they formed a Base64-looking string ending with "=" padding. Decoding that Base64 produced hexadecimal byte values. Converting those hex bytes to ASCII revealed the final text:
TESTIFICATION_SUCCESS
The trick was that the flag was hidden inside MOV immediates, not stored as a normal string. |
2026-06-22 02:20 |