Une nuit pour hacker 2026: Thread of Doom

 Posted on March 29, 2026  |  16 minutes  |  3367 words  |  Rodolphe G.

Executive Summary

  • Challenge: Thread of Doom
  • Category: Reverse Engineering
  • Flags: NHK26{VirtualProtect_Overwritten}
  • Binary: NHK_CrackMe_V3.exe (PE32, x86, 43520 bytes)

Overview

Thread of Doom is a Windows crackme that presents a dialog with a “Demo” button. Clicking the button displays an error: “Tu n’es pas premium ! Prix : 2 BTC”. The goal is to understand the binary’s protection mechanisms and extract the hidden flag.

The flag is XOR-encrypted in memory with a single-byte key (0x55). The binary only decrypts it at runtime when several anti-tampering checks pass, but since both the ciphertext and key are visible in the decompilation, we can extract it statically without running the binary at all.

[Read More]
CTF  Reverse Engineering  Windows  Ghidra  XOR