Last November, we released the first edition of the Malwarebytes CrackMe. Encouraged by the positive response we received from the security community, we decided to repeat the game, hopefully making it even more interesting and entertaining.
As before, the CrackMe is dedicated to malware analysts and to those who want to practice becoming them. That's why it is not just a set of some abstract riddles, but an exercise that walks through selected tricks that were used in real malware. (Expect some original schemes designed just for this game, too.)
Of course, all is demonstrated on harmless examples, but we still recommend you use VM for reversing it so that it will not interfere with any antivirus protection.
Rules of the contestThere are two CrackMe contests:
- Capture the flag. The first three submitted flags win. The flag should be submitted along with (minimalistic) notes about the steps taken to find it. (No detailed write-up is required.)
- Best write-up. The write-up will be judged by its educational value, clarity, and accuracy. The author should show his/her method of solving the CrackMe, as well as their level of understanding of the techniques used. The write-up submission contest closes three weeks after capture the flag.
At the end of the contest, I will publish my own solution, made from the point of view of author. All the submitted write-ups will be linked.
UPDATE: We already have the winners in the "Capture the flag" category: 1) Hexacorn 2) florek_pl 3) FraMauronz. Congratulations! Now we are waiting for your write-ups!
UPDATE 2: Write-ups and summary available here.
Asking questionsI want the contest to be fair to everyone, so I will not be answering any questions in private. However, if you are stuck, please don't hesitate to post your question in the comments section of this post, and I will answer as soon as possible. The questions can be also answered by other participants. Giving false clues or teasing beginners will result in a ban—please respect fair play.
The applicationThe application is a Windows executable. It was tested on Windows 7 and above.
You can download it here.