Reverse Engineering Shenanigans

Download here: https://crackmes.one/crackme/68e6377b2d267f28f69b7447 MD5: 406af7cd43808f1de221d36d8c7d12d6 SHA1:  736c3fee49a93c60731a2f137545b75311646f9f SHA256: 588211672f26f28731da0d30f2691f23542ea7a825f553a5edc9087dbf52b86e This is listed as a C/C++ x64 executable with a difficulty rating of 3.0. The author is antilagvip and the executable is written for Windows.   The authors description: the right key get the code.. sounds simple right?   This was a fun challenge. I went through the motions. I loaded this in Detect it Easy. It isn't packed. It's a console application. Strings aren't encoded/encrypted. I also loaded it into PE Bear and just looked around. Nothing interesting jumped out at me.   I've talked about how to find the main function in previous posts so I'm just going jump in and say that it is located at 0x140001180. Pretty basic stuff, it prompts you for a key and waits for input. It calls a function that validates whether your key is valid and ...

Download here: https://crackmes.one/crackme/68e2b4652d267f28f69b738e MD5: 49c66031be227cc5982daadfd7368e9d SHA1: 0f01dfd5c1775dd7b605c992903d67bbafa3051f SHA256: 67b06c9c003f0c26c319d82b1fc6436207eaf0e3ed31f438312be8349225272f This is listed as a C/C++ x64 executable with a difficulty rating of 2.5. The author is git and the executable is written for Windows. The authors description: medium-hard crackme with antidebug checks obfuscated strings and key With this crack me, I'm going to take a bit of a different approach. I'm not going to use a decompiler. Taking a look at the strings, I can see some base64 encoded strings. Other than that, Detect it Easy believes this was compiled using Visual Studio 2022 as a console application. It does not appear to be packed. IDA shows us a long series of various debugger checks. At this point, I will manually step through the code and navigate the executable to the good boy. The base64 decode function takes the encoded string and a buffer a...

There are much better articles that describe what Structured Exception Handling(SEH) is and honestly, I'm still trying to wrap my head around it so don't take what I write as gospel. If you have a better understanding and I get something wrong, please correct me. I really want to understand this. With that being said, I couldn't find an easy way to circumvent/defeat it so this is what I came up with. Structured Exception Handling is a Windows mechanism to allow programs to handle exceptions/interrupts. This is accomplished by adding handlers to a linked list of exception handlers. This linked list is stored in the Thread Environment Block(TEB) structure. It can be referenced by fs:[0] on x86 binaries or gs:[0] on x64 binaries.  The TIB struct:   Note that TEB is just an extended TIB structure. The EXCEPTION_REGISTRATION_RECORD struct:   These two structures were talked about ad nauseam when I was doing my research but I couldn't get it to function how other articles wro...

Download here:  https://crackmes.one/crackme/68a346c48fac2855fe6fb6df MD5: 8483be5dfef09fb44dd14cec54c56a80 SHA1: fe71c366051bbe25e0e755b92008364ab149f474 SHA256: 72cb9e317be02bd73b93e80de9f07d29234948e09bf658058691460e504f0d4c This is listed as a C/C++ x64 executable with a difficulty rating of 1.0. The author is RodrigoTeixeira and the executable is written for Windows. The authors description: Retreive a hard coded int from the executable. Good luck. I'm not feeling well today but my goal for the month is to solve a crackme everyday so I chose an easy one to knock out. The description lists this as an x64 application but DIE tells us that it's actually x86. It does not appear to be packed. The author used MingGW to compile the console application. Taking a look at the strings we can see what can be assumed to be the prompt and good boy. We also get an indication that the author may have compiled the executable using Cygwin. Their real name might be Keith. Detect it easy foun...

Download here:  https://crackmes.one/crackme/68d8731a224c0ec5dcedc3be MD5: 4bbf3e44dc54b708a94e6ee1fd0be214 SHA1: 79e4ffa8820c7473887f43375745869e3f10b4dc SHA256: 9d7448664d99560a6914589e6643736da72cb8c600d41bf7a5a37756e28e8085 This is listed as a C/C++ x64 executable with a difficulty rating of 3.0. The author is genass3 and the executable is written for Windows. The authors description: The diff between other versions: - Rewrited pass verification algorithm (removed the hash algorithm) - Improved string encryption - Rewrited some obfuscation things (make it easier) Your main goal is to find the password, for every user password will be different. I enjoyed the authors previous patchme  so I'm really looking forward to tackling this revamped version. Just like their previous patchme, this is implemented as a console application. It was created using Microsoft Visual Studio 2022. The binary does not appear to be packed. Taking a look at the strings, we see some familiar func...

Download:  https://crackmes.one/crackme/68b2c2768fac2855fe6fb9be MD5: 12b79adcbcc2b6aac0e6d84adbf0f6e7 SHA1: 716dbe22f9b6c55102e72e2dfef220819b0eff97 SHA256: 4f8cb7e39950c2571b1151d5da5a64b9ed4f91e425bc6d5b29a5d8513ac6bdce This is listed as a C/C++ x64 executable with a difficulty rating of 2.0. The author is genass3 and the executable is written for Windows. The authors description: Try to patch, should be not so hard, also you can find password very easily, if you have eyes :) Ur main goal is patch. Also feel free to give a feed back about the protection, i would like to read and improve. The source code of the protection - https://github.com/generin0/PatchGuard The source code of the crackme - https://github.com/generin0/crackme1 I think we should normalize including the source code to crackme challenges. For one, it would make it easier to know whether they're malicious or not. Two, it makes for a great learning aid. The old adage to learning reverse engineering was "wr...

Download here: https://crackmes.one/crackme/68c96889224c0ec5dcedc063 MD5: fdb187c953ae9e0e98e18b1fc0683ef1 SHA1: e1f4f4a1e0629ba38cfa567c45cbee6092aabf0a SHA256: 03832f7e8e8fdfd6ee87ef4efb3eab52252edbfe246c9d2bfdd39166a27c9e30 This is listed as a C/C++ x64 executable with a difficulty rating of 2.0. The author is atherusti and the executable is written for Windows. The authors description: never coded before making this crackme, get the password That's a really interesting first programming project but I'm all for it. Let's tear this bad boy apart and see how they did. The first thing that immediately jumps out to me is seeing that it is actually an x86 executable. No big deal but its something to keep in mind. Our calling conventions are going to change. I also don't expect to see a shadow stack. One final note, this is a console application. Taking a look at the string entries doesn't really reveal anything. I find that a little strange. They must be encoded/encry...

Download here: https://crackmes.one/crackme/68c8f641224c0ec5dcedc044 MD5: c73e472c7762fce291af0aec40bc67be Sha1: 22adcf120b680d8cb916de201b272c12c4aef6fa Sha256: d7e62af3e23649224c6d9481deab9bef13de041eafb243098f41e1a008335376 This is listed as C/C++ x64 executable with a difficulty rating of 2.2. The author is LAG and the executable is written for Windows. The authors description: this is a file I've worked on for a couple of hours i'm just wanting to see how well my security is I couldn't crack it myself so if you guys can good job and I've probably done a really bad job but just wonder if anybody could do it it should be pretty hard but I could be wrong it's just a simple password thing you have to put the password in and if you get it right it sounds good If you fire up Detect it Easy and analyze the executable, everything checks out. Note that this is a console application. Taking a look at the strings, we can begin to make some assumptions. We can assume that ...