Skip to content

Add a Crackme

The MAS project is a powerful learning resource and the MAS Crackmes are no exception. They allow the MAS community not only to practice the MAS skills they've learned from the MASTG but also let them confirm their approaches to the used techniques, especially when performing reverse engineering.

Who Can Contribute with a Crackme?

Anyone from individuals to companies. You only have to read and accepts the Terms and Conditions listed below.

Before submitting a crackme, first of all contact the MAS team here: https://mas.owasp.org/contact/

Terms and Conditions

If you want to contribute to the MAS crackmes please consider that:

☑️ The source code of the crackme apps must be made publicly available at https://github.com/OWASP/mas-crackmes.

☑️ The crackme apps must be reviewed and approved by the MAS project leaders. Some form of documentation and solution writeup/video must be provided for the review process. That must include a list of "features" including techniques used (e.g. obfuscation, whitebox crypto, inline assembly, etc.)

☑️ The crackme apps must not contain any company branding or advertising material (ads, company URL, etc.).

☑️ The crackme apps must align with the MASVS and MASTG in some way.

☑️ The crackme authors are fully responsible for the maintenance of the crackme in the case bugfixes or updates are needed and the MAS team is not able to perform those actions.

Publishing and Acknowledgements

When successfully adding a crackme, its authors will be credited in the corresponding crackme page in the project website at https://mas.owasp.org/crackmes and an announcement will be made via the official MAS social media channels.

OWASP Openness and Licencing Guidelines

The OWASP projects have a strong foundation in openness and this includes all material related to the projects.

OWASP Projects must be open in all facets, including source material, contributors, organizational structure, and finances (if any). Project source code (if applicable) must be made openly available, project communication channels (e.g. mailing lists, forums) should be open and free from censorship, and all project materials must be licensed under a community friendly license as approved by the Free Software Foundation (Appendix 8.2).

Please refer to the OWASP Project Leader Handbook that we as project leaders need to comply with: https://owasp.org/www-pdf-archive/PROJECT_LEADER-HANDBOOK_2014.pdf