UPDATE: We already got the three winners. Good job guys! However, we are waiting for the writeups to select the reward for the best one – so if you are still in between of doing the crackme, don’t give up!
UPDATE2: We got first writeups! All the upcoming ones will be linked under the section “Writeups”. The submission for the contest closes 20th February.
UPDATE3: Contest closed! The winner is @Eleemosynator with his writeup available here. Both writeups were very good and detailed, so we decided that the second one, by @pieceofsummer, also deserved a distinction and a bonus reward. Big thanks to both authors!
This time I would like to introduce a small contest organized by me and Grant Willcox. I wrote a small crackme and he volunteered to sponsor the rewards. The first 3 solutions will be rewarded by books chosen by the winners.
The crackme is a 32bit PE file. It shouldn’t be too difficult, but I didn’t want to make it boring either, so it has few tricks.
Disclaimer: I am not an author of the graphics used in the application, such as ASCII arts, icons and others. I don’t claim any rights to them.
Rules:
You need to find the flag in format flag{...}
and submit it ASAP to any of us as a DM on twitter (@hasherezade or @tekwizz123). After we announced that the contest is closed, we would like you to make a writeup explaining how did you solved it.
There will be an additional reward for the best writeup – so even if you was not the fastest, you still have a chance to get a book for free.
If you have any questions, you can write them as comments to this post and I will be answering them. I am not giving hints via private messages – I want the contest to be fair for everyone.
At the end I will publish my own writeup with a detailed explanation.
Download:
https://goo.gl/6iG4Ri (password: crackme)
Mind the fact, that the crackme contains some small obfuscation and malware-like tricks, so it may be flagged by some of the AV systems as malicious. False positives are very common when it comes to crackmes – it can’t be helped, sorry! I recommend you to run it on a Virtual Machine.
hi , thanks for that crackme. Are we supposed to perform a bruteforce or any kind of cryptographic attack for “Password#2” or there is a more elegant solution ?
If you are trying to brutforce the Password#2, please don’t. It is hopeless. There is another, much easier way to get it. Just follow the rabbits 🙂
By brute-force i was meaning “intelligent bruteforce” with the condition we have. 🙂
Anyway i’m still stuck on that for hours, I’m probably missing something obvious in the crypto implementation. thanks for ruining my weekend haha
don’t overthink it, you are not supposed to break the crypto here. it is much simpler 😉 just search for the hint
Thanks, waiting for the write-up,
We already have one, check it out! 🙂
yes i saw it, but not all of the article is clear for a beginner like me 😊
l want more why and less how (of course the how is important)
I understand. We will have more writeups soon, and at the end there will be mine. So, stay tuned!
thank you, you are so inspiring