Reverse Engineering Series — 4
Hi Squad,
Hi Squad,
Today we are going to look at a few easy crackme challenges.
Challenge 1
file: https://crackmes.one/static/crackme/61e9983133c5d413767ca5ac.zip
Analysis
IDA PRO
we can expect the values to be input and “g!ug” + “s?u”
However, we need to confirm it.
let’s use gdb for the purpose,
we can see that the arguments are “gu!gu?s” and “test”
Challenge 2
Link: https://crackmes.one/static/crackme/6044083333c5d42c3d016d3d.zip
Static Analysis
IDA PRO
the cmp instruction compares something and deciding whether it is success or failure.
let’s use GDB to analyse it.
it is comparing 0x4 with 0xd
and we could see “solarwinds123” in the stack.
cmp compares 0x5 and 0xd
as we could see “solarwinds123” in the stack, we can try that.
Challenge 3
file: https://crackmes.one/static/crackme/5fd5c44c33c5d424269a1b76.zip
IDA PRO Analysis
As we see above, the flow should follow the red line after jle instruction.
for that, we need to change the flag register values.
change ZF to 0x0
Then, you will get the flag as F{BGDeGOVCIRT}
Challenge 4
File: https://crackmes.one/static/crackme/5fa94bb233c5d424269a17b7.zip
IDA PRO
The logic is:
- It takes 16 byte input.
- Adds first 4 bytes to get a sum and compare with the bytes [8:12]
- Then checks whether the sum of all bytes = 1070
- If so, then check [sum of first 4 bytes — 11] to byte [12:16]
- One password would be: AAACAAANAAACAAAN
Hay Yay!!!
Please give me a clap if you found it to be helpful and follow me to get more Security knowledge.