CrackMe

This is an example for submitting a CrackMe in the Downloads section of the site.
You can download the file and run Debug Blocker x64. Nothing too exciting will happen!
The challenge here would be to patch the debug-blocker function so that it does not spawn a second process.

Hello everyone,
I'm a AutoIt developer, and I've created a small portable program that uses a custom packer to protect some assets. The program is written in AutoIt and consists of two files: M-Dl.exe and assets.zip. I'm looking for skilled reverse engineers to test the security of my custom packer.
The Goal:
The challenge is to extract the image files that are contained within the custom packer. I've designed the packer with my own security techniques and would love to see how it stands up against the community's expertise.
Repository & Download:
You can find the project repository on GitHub, including the binary for download:
https://github.com/yutijang/M-Dl
I'm eager to learn from your findings and improve my security practices. Any feedback on the protection mechanisms, potential vulnerabilities, or how they were bypassed would be greatly appreciated.
Thank you for your time and effort!

A "Crack Me" challenge created by lord "Voksi" , a well known person in the "warez" scene. 
And no, this challenge is not uploaded by "Voksi" himself, it's uploaded via a proxy which is myself, an old friend of "Voksi" .

GOAL: Obtain the Correct key 

Greetings to MasterBootRecord, Voksi, FJLJ, And also a few others, you know who you are ❤️

Find correct license key, don't try to patch file.

Updates & Improvements  :
+ Listen to KAO advices from Version 1.0 + Improved Metamorphic Junk Code Generator + Encrypted VM Handlers + Control-Flow Obfuscation + VM Handler Obfuscation Hint :
File Packed with UPX 5.0 just for compression ( just decompress it using -d command )

Thanks to @kao for Tips.

 

Brief and useful
Find correct license key, don't try to patch file.

What comes within this crackme : 
+ Code Virtualization + Unique Junkcode Generation + Control-Flow Obfuscation
 

This is a WinLicense 3.2.2/sample, set by default, without adding an SDK in the source code, only adding a window function through an external plugin. I don't know if bypass can be cracked, I tested it and it doesn't. Shedding may be more complicated.Please use your own way to crack it. Whether it's molting, bypass, or keygen, they are all the best methods. No need to upload your proposal, posting a picture is the best answer. I will strive to learn towards your achievements. HWID：1031-E184-1D1E-92A8-AA82-151F-E2BC-34EE NAME：Mr.Leng .RegistCode:2FGP7NTY-22AMY4QL-XXEHAOKD-ZJKHKDKR-VY66SHXY-YTEQXVBF-GAXAEFIA-7BQWOTA5-5CE344K4-VBGMG25R-5TGP26WS-AIKQB3S5-5LDUHEHX-S6KSKH3H-OPPHIFAX-N6WPWIAM
 


 
WinLicense3.2.2_sample.rar
 

I have put all important information in HWID-License.txt.
I hope you all come up with some fascinating solutions.
If you want leave the solution and also if you want to show off you can do that as well!

This is my first attempt at a binary protector. Currently, the VM has very little protection, so this should be good for those interested in learning about VM-based obfuscation. I intend on uploading new challenges that feature my protector as I add more features.

GOAL:

- You must find the correct key. Simply patching to get a goodboy message is NOT allowed.
- Bonus points for devirt and explanation of your approach.
- MOST IMPORTANTLY, have fun!

:)

Hi 
Nuitka compiled python 3.11 file 
Correct password doesn't important 
Just patching
Thanks

Hello, this is a crackme made in python by a friends (wrc3667 on discord)
Difficulty: [95 / 100]
The purpose of this challenge is to find the correct key (note: the key should be in hexadecimal, otherwise the program will istantly close)
Features:
- Constant encryption
- Name encryption
- Opcode shuffling
- Bytecode encryption
- Stack encryption
- Bytecode instruction mangling
- Guillotine Interpreter
- Complete namespace virtualization

If you want to try this challenge, please read the following text descriptions:
1. Please try to debug the kernel driver in the virtual machine instead of your real machine to avoid causing a blue screen on the physical machine
    a. Why blue screen? For things like Ring0.sys, as I mentioned earlier
    b. Copy the Tuts4you.ini file to the C:\Windows\ directory of the virtual machine
2. I have added a test signature to the driver, so to load this driver, you need to enable Windows test mode
    a. Press and hold the "WIN+R" key to launch the CMD console as an administrator, enter bcdedit /set testsigning on
    b. Restart your computer
    c. After restarting, there is a prompt similar to "test mode" on the bottom right corner of the computer, indicating that it has entered test mode
3. If you give up this challenge, you can choose to turn off the testing mode at any time
    a. Press and hold the "WIN+R" key to launch the CMD console as an administrator, enter bcdedit /set testsigning off
    b. Restart your computer
    c. After restarting, there is no prompt similar to "test mode" on the bottom right corner of the computer, indicating that the test mode has been turned off and entered normal mode
4. How to load this driver?
    a. Use DriverMonitor to load this driver
        i) Download DriverMonitor from here
    b. Run Ring3.exe and click on "Open Device"
    c. Use Dbgview to view the corresponding debugging information and whether to output Flags
        i) Download Dbgview from here
5. Please note:
Due to *.sys being protected by VMP, unlike *.exe or *.DLL files:
    a. This means that you cannot directly debug it using x32/x64Dbg or OllyDbg
    b. This means that there is no ready-made script/unpacker or one click cracking tool
    c. This means that you need to manually use windbg for debugging
The ideas you can try are:
    1. Use Windbg to debug Virtual Machine
    2. Patch HWID -> Allowed! You can try to do this
    3. Unpack this kernel driver ->  Allowed! You can try to do this
Verify if this challenge has been resolved:
    1. Provide me with the content of Flag1 and Flag2
    2. After patch HWID or Unpack, ensure that the driver's image or dump file can be loaded, and remove VMP protections, which can directly output Flags
If you have already solved this challenge, please create tutorial(s).
boot @ Tuts4you
-------------------------------------------------------------------------------------------------------
Reminder:
1. Please do not try on the physical machine, please be sure to try on the virtual machine.
2. Turn on testing mode and restart the virtual machine.
3. Copy Tuts4you.ini to the "C:\Windows\" folder.
4. Operate according to my video.
HWID:
MBuO+WUQR1yD1Z5kzvCoPg==
KEY:
efymqVNO+WNtaujmh3fgD9PzzyU0q9awY+iW8MCUdrv2GIObwrRs9v7rfF2sMQiKBAHIkPf5YbrNHIwfsalY1+YKInnRvOxOr8mrMpViwtihBzJNYDv5Bw58XO7zoOTJBHMuihya/doG+jCD6xQhoblVPHrRpL+aRpVAB7Eix9sAQMqkdQpJM6x3EQ27sFazT/HSn2W5j1JQI3BRODLuEfg3KWKdfq2t3fcHqYSuSveWOm7XzUMSagB1pS+eCNd2DuoFACfki3KU1ipibClLVStmIo0GwtYa2OJqAQYoLQRuClSMnc1eSuxYswLlK49aEMNwRCQagVpxciPB+s2BntbIrjvSm/YOKFWmqLL30RPBHgYo3+aIXb0ggJP4Rp0JfhgO0orEYLbvNC3yYhW3vUHxK6IZKsxWNiKGP6bCmB8A6bWn83RP/KQNMrmG9e8k+aI5YXklxkP3PRoNkZnktaerg3Qj5kD7oaxlm/Bf/QGuIz+71hbU9jazbPZEfmbgNnPgfo7vvywdoHnnJcymCppqXFtUoezjPjQZjm4E2FniYRpSDTfziOoL4xszXwBLjMjcyu0QuYuJ2ueG/B8hH3K0PpLjNg2Wy5Er87UU3blWWtF08gm/QSKm92OJrrjUE6yNnqVrNrQ81WX68nbJ/fmNnOMA9uAN+GD3TOlZzbs=

PatchMe.exe
MD5: DD4E072F8B5CA241927EAA63DED47383
SHA1: 08F4699C3A84F5E40343CE9A9AD05046EE15D6DD
CRC32: 9A4C0721
PatchMe No.1 2024
Please check the ReadMe.mp4 in the zip package, you'll understand what I mean...
If you have solved this challenge, please make tutorial(s)...  I will mark the answers with tutorials as a solution.
About This Challenge...
 - Author: boot
 - Date: February 10, 2024
 - Difficulty: ★★☆☆☆
 - Architecture: x86 32-Bit
 - From: Tuts4you
 - Platform: >=Win95

A little "CrackMe" challenge (.NET + Native).
Need to crack the application so that it does not require a license for its operation.
P. S.
Application requires .NET 6 to run

=== SPOILER INSIDE SOURCE CODE TAB ===
A WinLicense'd version of TinyCrackMe

Rules:
1. Unpack first
2. Do whatever you want after unpack, as long as ":3" MessageBox appear :3

Just want to see how long ppl will crack the latest version of WinLicense...
WL Protection:
- Anti-Debugger
- Advanced API-Warping
- Compress And Encrypt (all 3 options)
- Full Encrypt Strings
- Detect File/Registry Monitor
- Entry Point Virt
- Anti File Patching
- Perform Protection Check
- VMware/Virtual PC Allowed

WLVM:
- SHARK32 (Black, Red)
- PUMA32 (Black, Red)
- EAGLE32 (Black)

Happy reversing :3

A follow up of TinyCrackMe

Challenge:
- Press the button "Hi"
- If correctly bypass, a MessageBox with `:3` show up.

Rules:
1. Patch? Here's a deal:
- No patching if you're unpacked UPX, as final result!
- Allowed patching if you're not unpacked UPX, as final result!
- only patch-fix the flaw like missing stdc dll, or temporary byte patch to making loader or hook
2. Spoiling? Yes! (originally in crackmes.one is "no")
3. Keygen? useless. Because the goal is bypass it!
4. Hooking? Allowed! It's not a patch!
5. Loader? Allowed! It's just a mem patch, not file patch...
6. Any these above, do not use any tool to create stuff like Baymax or dUP2, but you can create your own one with coding.

Happy Reversing :3

The program uses VMP protection, and calls the relevant checksum SDK, even if the violent crack may also be slightly more complex, here provides a baymax patch tool to achieve the crack program, interested friends can read the pdf tutorial.
The function of the program to determine whether the input is correct or not does not use the SDK for protection, and verify the error dialog box strings are searchable, but these do not mean that it is easy to crack, because the code also calls the memory checksum, determine whether the debugging and other SDK interfaces. So how to realize the cracking of this crackme?
Baymax Patch App Protected by VMP is a PDF file, The detailed cracking process is explained above and can be consulted if you encounter difficulties while analyzing it. The PDF is divided into two volumes, the lower part can be downloaded from the Authors Solution section. 
Attached is the source code of crackMe, the bpt file is the corresponding crack project of baymax64, you can use baymax tool to generate the corresponding patch file to test and verify the effect.
 
 
Baymax Patch App Protected by VMP (pdf file).zip.001 CrackMe Source Code.zip

This is a demo of the packer. 
Demo is to find a password. (used simple anti-debugging and code-virtualization.)
Thank you
 

License User Details
User Name=2days Tuts4you
Company=The Terminator
Hardware ID=6FF7-E7EF-5988-20FE-144E-865D-2D30-A73B
Custom Data=<custom_start>Skynet, a global network of artificial intelligence machines.<custom_end>
License Restrictions
Days Expiration=365
Date Expiration=2029/12/12
Executions=999
Runtime execution=999
Global Time=999
Install Before Date=2029/01/01
Miscellaneous
Unicode License=yes
Generated License (FILE KEY)
License Format=Binary
License Data= <license_start>
ghO1ud4wf14YNU87wUptZ1JTofTFErVAD+IwWKEjB/fxOtba9Vt0uasw45jdF3Yr9eGcJ/6h6lfad3d/MMYzxXYP7OZVGfHctljzMWS4H13UVl3DWBgWzCeozgy9k1UlULrL3/oKL/VdiS/BOJC98IgsF5+XT80xyGxos+Hcs4YdRarI9t0tj/+asJhpgN2KAXvH6lfp8qp0uvwZQUcnw/u+SpQjssOF5aAP9Bwweuw+6nfGxrZGcy8aNK3Kqo7rI5rLPk9Mzo1U0WkS1/I8lpQS1Mtticm1Am/eZCiCHJDMXDEfgTEuLGhQ9AItQtLQ2Fn8egx786AbJM09OEdiz5aGhz3kZfJZz8djMG3g8222gCmmDty8G4pBttMefKkVjKHoI2UXboNHpoOpxi53F6jldAhh3t+JoaOwa3Ng51uTfoNc2kLlCCP+jrjchZUNN9MY8y3kQ4K0Hd6eNkPAXwqbl2kakLZOlsmkkkVi9Pg620SzOt6YHh9iV1rS+TZ0jzWMvC9IakEgJionxYShgLg1Qkv6o4qIzP2ri9lMpM5eJK9Zo+Yl6K9HLnJ/gOE97Op7iAlywjsol5sunCIROe4pLHZo0PDNFJNZ4yy1VEgHp2+Qy/0nP55Fc8845MkE4hrjpg7SOFphFILgTuGVPG97nhRDTi05+f50WE2rl5PpuXnmeBblgD7S87p2tHUO7o2t8kvI/z7Xd9xNfw4HYJcbztKPxAkamUdIl0jmnhdIRGJMlYZm7rBgLd6dYhEu6Lo8P5vi7tydId4QsuwC7tv6+F8CQ1n6HpXSoPowKuMI/L2Zg1Ry3jlS2KUvH4spGy3URvJ8e2rFaDZpmQ==
<license_end>
File Information
Platform:               Windows
Bits:                   64-bit
Type:                   Executable (Standard)
Version:                1.0.0.2
Modified:               8/1/2023 12:09:04 PM
Protection Macros
Virtual Machine:        10
Mutate:                 0
String Encrypt:         6
CheckProtection:        2
CheckCodeIntegrity:     0
CheckVirtualPC:         1
CheckDebugger:          1
Unprotected:            0
CheckRegistration:      0
Registered:             0
Unregistered:           0
WinLicense x64 (version 3.1.3.0)
Unit_bypassme.pas

Bypass MessageBox without unpacking, task complete.

This is the beta version of vxlang  ! 
The purpose of this is to find an encrypted string. 
Thank you.

RDG Enable Me 2022 vb6
password:crackme
Difficulty 3 / 10
Compiler: Microsoft Visual Basic v6.0
Anti Tracing:No
Anti Debugger: No
Anti Newby: Si
Obfuscated: Si (RDG vb6 Obfuscator)
Anti Virtual Machine: No
Anti SandBox: No
Harmful Payload: NO!
Internet Validation: No
CRC on Disk: No
CRC en Memory: No
Admin Required: No
Support Windows XP to Windows 11
Goal: Enable button and get Congratulations Message
rdgmax@gmail.com
rdgmax@rdgsoft.net
www.rdgsoft.net

Hello my friends. here a new crackme!
RDG Crackme 2022 vb6
Level 7 / 10
Compiled: Microsoft Visual Basic v6.0
Anti Tracing: Yes
Anti Debugger: Yes (Of Course)
Anti Newby: yes
Obfuscated: Yes (RDG vb6 Obfuscator)
Anti Virtual Machine: Yes
Anti SandBox: Yes
Malicious payload: NO!
Internet Validation: Yes
CRC On Disk: Yes
CRC On Memory: NO
Admin Required: Yes
Support Windows XP to Windows 11
Goal: Get Activation Code x 2
rdgmax@gmail.com
rdgmax@rdgsoft.net
www.rdgsoft.net
http://rdgsoft.net/downloads/Crackme_2022/RDG_Crackme_2022.rar
thanks a lot!

Hi, This is a simple crack me challenge protected by my own crafted packer, I don't know how hard is to break it but I assure you it's a good challenge.
 
Challenges
Pro Mode : Break the license checking system and find the key, activate the program, It will give you a quote of a famous philosopher, post a screenshot from it here, Share your solution if possible.
God Mode : Crack the license checking system and patch it to accept any key as a valid key, Share the cracked file. Share your solution if possible.
If you need hint and more details about protector visit Authors Solution tab.
 
VirusTotal/SHA-256 : 76ac442b0596f4008ddebd54e2cbaa5e14c7bf1bcad33cdf8c9db025eb8bd719
MD5 Hash : dd51f0ded36e54241d3a8c14d6e49852
SHA-1 Hash : c19856e4a7b91ed6798d14003a8e981220e756c0
File Password : tuts4you
 
Regards,
Good Luck!

Hello,
Since the use of vm's is quite popular in .net obfuscation I thought it would be interesting to make one in Python. Hereby I release my first crackme using my VM. It's a very simple VM so it shouldn't be that hard to reverse with the right knowledge.
This is purely experimental to see if it would be useful somehow. I also used my own protector that adds cflow, so expect to see a lot of jumps.
Goal: Patch it (ultimately devirtualize it, but that's not necessary)
EDIT: This is now updated. I tried to make sure it isn't possible to patch with 1 or 2 jumps.

Your goal is to crack the file and make a tutorial and/ or write instructions about the steps done by you.
What is C++/CLI?
C++/CLI is C++ support .NET framework to make managed application run on .NET framework.
https://en.wikipedia.org/wiki/C%2B%2B/CLI
Feel free to post your solutions.