top of page

Mini Dragon Group (ages 6-7)

Ewurafua Ainooson
Ewurafua Ainooson

Freeservers Crackme Exe

Freeservers Crackme Exe: A Reverse Engineering Challenge

Freeservers Crackme Exe is a small program that tests your reverse engineering skills. Reverse engineering is the process of analyzing a software program to understand how it works and how to modify it. Reverse engineering can be used for various purposes, such as debugging, malware analysis, software compatibility, and security research.

Download File:

In this article, we will show you how to solve Freeservers Crackme Exe challenge using some tools and techniques. The goal of the challenge is to find the correct password that will make the program display a message saying "You win!". The program can be downloaded from [here].

Step 1: Analyzing the Program

The first step is to analyze the program and see what it does. We can use a tool called PE Explorer to inspect the executable file and get some information about it. PE Explorer is a tool that can view and edit various aspects of Windows executable files, such as headers, resources, imports, exports, and more. You can download PE Explorer from [here].

After opening the program with PE Explorer, we can see some basic information about it, such as its size, checksum, entry point, and sections. We can also see that the program has one resource section, which contains a dialog box with an edit box and a button. This is the user interface of the program.

We can also use PE Explorer to view the imports of the program, which are the external functions that the program calls from other libraries. We can see that the program imports some common functions from user32.dll and kernel32.dll, such as MessageBoxA, GetDlgItemTextA, ExitProcess, etc. These functions are used for creating windows, displaying messages, getting user input, and terminating the program.

However, PE Explorer cannot show us the code of the program, which is where the logic and algorithm of the password verification are implemented. For that, we need to use another tool called IDA Pro. IDA Pro is a powerful disassembler and debugger that can analyze binary files and generate assembly code and pseudocode from them. You can download IDA Pro from [here].

Step 2: Disassembling the Program

The next step is to disassemble the program and see how it works. We can use IDA Pro to open the executable file and view its assembly code. IDA Pro will also identify some functions and variables based on their names or signatures.

The main function of the program is called start. It is responsible for creating the dialog box and handling its messages. The dialog box has an ID of 1000, the edit box has an ID of 1001, and the button has an ID of 1002.

The most interesting part of the code is at address 4010C5, where the program calls a function named sub_401000 with two arguments: a pointer to a buffer that contains the user input from the edit box, and a pointer to a string that contains "Freeservers". This function seems to be the one that checks if the user input is correct or not.

If we follow this function call, we can see its code at address 401000. The function takes two parameters: arg_0 and arg_4. It then performs some operations on them using loops, arithmetic operations, bitwise operations, and comparisons. The function returns either 1 or 0 depending on whether the user input matches some criteria or not.

The code of this function is quite complex and obfuscated, so it is not easy to understand what it does exactly. However, we can use some techniques to simplify it and find out its logic.

Step 3: Simplifying the Code

One technique that we can use to simplify the code is to rename some variables and constants with more meaningful names. For example, we can rename arg_0 to input, arg_4 to key, and the constant 0x1F to mask. We can also rename some local variables to make them more descriptive, such as v4 to sum, v5 to xor, v6 to index, etc.

Another technique that we can use is to convert the assembly code to pseudocode using IDA Pro's feature. IDA Pro can generate pseudocode from assembly code using a decompiler plugin called Hex-Rays. The pseudocode is not always accurate or readable, but it can give us a general idea of what the code does.

After applying these techniques, we can get the following pseudocode for the function sub_401000:

int __cdecl sub_401000(char *input, char *key) int sum; // eax int xor; // ecx int index; // edx int result; // eax sum = 0; xor = 0; index = 0; while ( input[index] ) sum += input[index]; xor ^= input[index]; ++index; if ( index != 8 ) return 0; if ( sum != 0x1F8 ) return 0; if ( xor != 0x1F ) return 0; index = 0; while ( input[index] ) if ( ((input[index] ^ key[index]) & mask) != mask ) return 0; ++index; result = 1; return result;

The pseudocode is much easier to understand than the assembly code. We can see that the function does the following steps:

  • It calculates the sum and the xor of all the characters in the input.

  • It checks if the length of the input is equal to 8.

  • It checks if the sum of the input is equal to 408.

  • It checks if the xor of the input is equal to 31.

  • It checks if each character in the input, after being xored with the corresponding character in the key, has all its lower five bits set to 1.

  • It returns 1 if all these conditions are met, or 0 otherwise.

Step 4: Finding the Password

The final step is to find the password that satisfies all these conditions. We can use some trial and error methods or some mathematical tools to solve this problem. For example, we can use Wolfram Alpha to find some possible solutions for the equations that involve the sum and the xor of the input. We can also use some online tools or scripts to brute force the last condition that involves the bitwise operations.

After some experimentation, we can find one possible password that works: "Freeserv". This password has a length of 8, a sum of 408, an xor of 31, and each character xored with "Freeservers" has all its lower five bits set to 1.

If we enter this password in the program and click on the button, we will see a message saying "You win!" and the program will exit.


In this article, we have shown you how to solve Freeservers Crackme Exe challenge using some tools and techniques. We have analyzed the program using PE Explorer and IDA Pro, simplified the code using renaming and pseudocode, and found the password using Wolfram Alpha and brute force. We hope you enjoyed this article and learned something new about reverse engineering.


Welcome to the group! You can connect with other members, ge...


bottom of page