Reverse Engineering Shenanigans

Download here:  https://crackmes.one/crackme/68fce1922d267f28f69b783a MD5: d984f4a4bbb82a815f0c16f55335db9a SHA1: 01b8463234e66e91c96052414eaff8dd7053cd99 SHA256: 104f850cf4e7d3f6bc09d286fcbe651795c632a79ebbc2242ea8be08cd8b8e41 This is listed as an x86 Assembler executable with a difficulty rating of 3.0. The author is FentCat and the executable is written for Windows. The authors description:  Hello, this is my first ever upload. Please give me feedback. Was made in Assembler using nasm. have a great day Loading this executable in Detect it Easy, it appears to be extremely complex but after loading it into Ghidra, you realize that you have a plethora of information available to you. Below is the output and the only variable I named was the return result of validate_password and the g_ variables.   At first I thought maybe the author was trying to fool me into not checking those fake function calls but they are legit fake calls. As you can see below, the call just sets a...

Download here:  https://crackmes.one/crackme/68baa4348fac2855fe6fbb18 MD5: bb20f4ae2a79145210d164691ac7a481 SHA1: c13928fc9e65b37a6debd67e3f398614943e9fa4 SHA256: 72cfda0045fdf90e5a7965dd76690bba473e4dd87c86ff11a46704f1930d9ff7  This is listed as a C/C++ x64 executable with a difficulty rating of 2.0. The author is duckzzy and the executable is written for Windows. The authors description: Good luck! :)   I decided to tackle this keygenme today to hopefully help someone out. In the crackmes.one discord server, a user by the name of British_UK was having some issues solving this challenge so I thought I'd give it a shot.   So without further-ado, lets get this loaded in DIE and see what we can learn. First thing that jumps out at me is the high number of sections. Das weird. Its doesn't appear to be packed though. Finally, it is a console application.   The strings don't appear to be encoded/encrypted/obfuscated/choose latest buzzword here. It appears as though ...

EDIT (11/08/2025)   Download here:  https://crackmes.one/crackme/68bd2491224c0ec5dcedbde9 It's been a few days since I made a post. Suffice it to say, I did not succeed in my goal of posting every day of October but that's okay. I'm going to continue doing my best to post as frequently as possible. Today, I was looking for a challenge and stumbled on ryanmerket's Hacker's Edge Book CrackMe v3. It is described as a C/C++ x64 executable written for Windows with a difficulty rating of 3.7. It's meant to promote the authors new book and after reading through the landing page, I can't wait to get my hands on it. It was only published last month!! Test your skills and see if you can solve it... even if you're unsuccessful, you might still get a prize ;) I got into reverse engineering to cheat in video games... and to impress the ladies (obviously). I never imagined it would ever get me anything. Even though it is only a book, it's proof that if I stick wit...

Download here: https://crackmes.one/crackme/68e6377b2d267f28f69b7447 MD5: 406af7cd43808f1de221d36d8c7d12d6 SHA1:  736c3fee49a93c60731a2f137545b75311646f9f SHA256: 588211672f26f28731da0d30f2691f23542ea7a825f553a5edc9087dbf52b86e This is listed as a C/C++ x64 executable with a difficulty rating of 3.0. The author is antilagvip and the executable is written for Windows.   The authors description: the right key get the code.. sounds simple right?   This was a fun challenge. I went through the motions. I loaded this in Detect it Easy. It isn't packed. It's a console application. Strings aren't encoded/encrypted. I also loaded it into PE Bear and just looked around. Nothing interesting jumped out at me.   I've talked about how to find the main function in previous posts so I'm just going jump in and say that it is located at 0x140001180. Pretty basic stuff, it prompts you for a key and waits for input. It calls a function that validates whether your key is valid and ...

Download here: https://crackmes.one/crackme/68e2b4652d267f28f69b738e MD5: 49c66031be227cc5982daadfd7368e9d SHA1: 0f01dfd5c1775dd7b605c992903d67bbafa3051f SHA256: 67b06c9c003f0c26c319d82b1fc6436207eaf0e3ed31f438312be8349225272f This is listed as a C/C++ x64 executable with a difficulty rating of 2.5. The author is git and the executable is written for Windows. The authors description: medium-hard crackme with antidebug checks obfuscated strings and key With this crack me, I'm going to take a bit of a different approach. I'm not going to use a decompiler. Taking a look at the strings, I can see some base64 encoded strings. Other than that, Detect it Easy believes this was compiled using Visual Studio 2022 as a console application. It does not appear to be packed. IDA shows us a long series of various debugger checks. At this point, I will manually step through the code and navigate the executable to the good boy. The base64 decode function takes the encoded string and a buffer a...

There are much better articles that describe what Structured Exception Handling(SEH) is and honestly, I'm still trying to wrap my head around it so don't take what I write as gospel. If you have a better understanding and I get something wrong, please correct me. I really want to understand this. With that being said, I couldn't find an easy way to circumvent/defeat it so this is what I came up with. Structured Exception Handling is a Windows mechanism to allow programs to handle exceptions/interrupts. This is accomplished by adding handlers to a linked list of exception handlers. This linked list is stored in the Thread Environment Block(TEB) structure. It can be referenced by fs:[0] on x86 binaries or gs:[0] on x64 binaries.  The TIB struct:   Note that TEB is just an extended TIB structure. The EXCEPTION_REGISTRATION_RECORD struct:   These two structures were talked about ad nauseam when I was doing my research but I couldn't get it to function how other articles wro...

Download here:  https://crackmes.one/crackme/68a346c48fac2855fe6fb6df MD5: 8483be5dfef09fb44dd14cec54c56a80 SHA1: fe71c366051bbe25e0e755b92008364ab149f474 SHA256: 72cb9e317be02bd73b93e80de9f07d29234948e09bf658058691460e504f0d4c This is listed as a C/C++ x64 executable with a difficulty rating of 1.0. The author is RodrigoTeixeira and the executable is written for Windows. The authors description: Retreive a hard coded int from the executable. Good luck. I'm not feeling well today but my goal for the month is to solve a crackme everyday so I chose an easy one to knock out. The description lists this as an x64 application but DIE tells us that it's actually x86. It does not appear to be packed. The author used MingGW to compile the console application. Taking a look at the strings we can see what can be assumed to be the prompt and good boy. We also get an indication that the author may have compiled the executable using Cygwin. Their real name might be Keith. Detect it easy foun...