🧪 Crackme Write-Up Template

Target: crackme.bin
Difficulty: Easy / Medium / Hard (pick one)
Author: Ali (obviously)
Date: 2026-02-04
Tools Used: objdump, gdb, radare2, strace, ltrace, custom C/Rust scripts — NO PYTHON, NO IDA, NO GHIDRA BLOAT

🔍 Overview

One-liner describing what the crackme does and why it's mildly interesting (or annoying). Keep it real—don’t fluff.

“Another ‘enter the magic word’ binary with fake anti-debug traps that break on LD_PRELOAD.”

📦 Initial Recon

$ file crackme.bin
$ checksec --file=crackme.bin
$ strings crackme.bin | grep -E "(Wrong|Correct|flag|pass)"

List observations:

• Stripped? Packed? UPX? (if yes, you already lost)
• PIE/ASLR/NX/Canary status
• Any obvious strings or syscalls?

🧠 Static Analysis

Disassembly highlights. Use objdump -d or r2 -Aqqc pdf output snippets.

Key functions:

• main() logic flow
• Input validation routine (check_license(), verify_key(), etc.)
• Obfuscation tricks (junk jumps, opaque predicates, self-modifying code?)

💀 Roast corner: If the author used strcmp() against a hardcoded string and called it “secure”, call them out.

🐛 Dynamic Analysis

GDB / rr / strace session notes:

$ gdb -q ./crackme.bin
(gdb) break *0x401234
(gdb) run
...

Or better yet:

$ strace -e trace=read,write ./crackme.bin <<< "test"

What changed in registers/memory when you fed it garbage vs correct input?

🔑 Solution

Exact input that works:

CTF{fake_flag_for_demo}

Or algorithm if it’s keygen-style:

“Serial = username[0] ^ 0x42 + strlen(username) << 3”

Include minimal C/Rust keygen if it’s non-trivial. No Python scripts — burn them.

💡 Takeaways

• What did you learn? (e.g., “ARM THUMB mode branch obfuscation is still trash”)
• How would you make this harder? (e.g., add VM-based instruction handler)
• Why this crackme sucks or slaps

🗑️ Appendix (Optional)

• Full disassembly dump (link to gist)
• Custom tooling used (e.g., my_radare2_script.r2)
• Failed attempts (for shame)