Cracking levels

L00PeR
6 years ago

0

Hi, I would like to ask if flabby is already working on the Cracking levels.
If not, I could help at least with the first levels.

Also I would like to ask, where can I upload a .exe so the people can download it and try to reverse it.

Thanks !! :)

10replies
4voices
265views
SIGKILL [r4v463]
6 years ago

0

You can setup a github repo and link it here :)

L00PeR
6 years ago

0

mmmh, just happened a weird thing…
Logic told me that for making a crackme I just needed to code some C with some variables and thats all.

Like:

char msg1[] = "You loose", msg2[] = "You win";  
int flag = 0;  
if (flag == 0){  
printf("%s", msg1);  
}  
else{  
printf("%s", msg2);  
}  

But when I try to crack it, I can’t any of the strings.
Must add that I’m compiling it with Visual Studio 2017 community

Thanks :)

SIGKILL [r4v463]
6 years ago

0

You don’t have a main function ‘-’ how can this even compile?

L00PeR
6 years ago

0

hahaha this only was a piece of the code,
of course I have the main function !!!

Just add the iostream library and imagine you have written already the main function line xD

LoL I’m not so n00b @r4v463

dloser
6 years ago

0

But when I try to crack it, I can’t any of the strings.
Master hacker at work here… Can’t wait for those challenges… :p

L00PeR
6 years ago

0

Sorry I wanted to say: I can’t see any of the strings

Because when you find where a string is called you can set breakpoint, look at the stack, and see in which address the code decides if jumps to that piece of code or not.

And please stop ridicule me hhaha xD

dloser
6 years ago

0

You ridicule yourself, I just make it more explicit. ;)

But yeah, I wasn’t even talking so much about forgetting the word, but the fact that you cannot find the strings. Here’s a suggestion: try looking at what the program puts on the stack. Because the strings seem to be local to the function, it probably “allocates” some stack space and movs the strings in there (q/d)word by (q/d)word.

SIGKILL [r4v463]
6 years ago

0

@L00PeR they are not hard to find:

objdump -M intel -d a.out

Then take only the main.

0000000000400596 <main>: 400596: 55 push rbp 400597: 48 89 e5 mov rbp,rsp 40059a: 48 83 ec 40 sub rsp,0x40 40059e: 64 48 8b 04 25 28 00 mov rax,QWORD PTR fs:0x28 4005a5: 00 00 4005a7: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax 4005ab: 31 c0 xor eax,eax 4005ad: 48 b8 59 6f 75 20 6c movabs rax,0x736f6f6c20756f59 4005b4: 6f 6f 73 4005b7: 48 89 45 e0 mov QWORD PTR [rbp-0x20],rax 4005bb: 66 c7 45 e8 65 00 mov WORD PTR [rbp-0x18],0x65 4005c1: 48 b8 59 6f 75 20 77 movabs rax,0x6e697720756f59 4005c8: 69 6e 00 4005cb: 48 89 45 d0 mov QWORD PTR [rbp-0x30],rax 4005cf: c7 45 cc 00 00 00 00 mov DWORD PTR [rbp-0x34],0x0 4005d6: 83 7d cc 00 cmp DWORD PTR [rbp-0x34],0x0 4005da: 75 18 jne 4005f4 <main+0x5e> 4005dc: 48 8d 45 e0 lea rax,[rbp-0x20] 4005e0: 48 89 c6 mov rsi,rax 4005e3: bf b4 06 40 00 mov edi,0x4006b4 4005e8: b8 00 00 00 00 mov eax,0x0 4005ed: e8 7e fe ff ff call 400470 <printf@plt> 4005f2: eb 16 jmp 40060a <main+0x74> 4005f4: 48 8d 45 d0 lea rax,[rbp-0x30] 4005f8: 48 89 c6 mov rsi,rax 4005fb: bf b4 06 40 00 mov edi,0x4006b4 400600: b8 00 00 00 00 mov eax,0x0 400605: e8 66 fe ff ff call 400470 <printf@plt> 40060a: b8 00 00 00 00 mov eax,0x0 40060f: 48 8b 55 f8 mov rdx,QWORD PTR [rbp-0x8] 400613: 64 48 33 14 25 28 00 xor rdx,QWORD PTR fs:0x28 40061a: 00 00 40061c: 74 05 je 400623 <main+0x8d> 40061e: e8 3d fe ff ff call 400460 <__stack_chk_fail@plt> 400623: c9 leave 400624: c3 ret 400625: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0] 40062c: 00 00 00 40062f: 90 nop

Can you see them now?

L00PeR
6 years ago

0

Are on 0x736f6f6c20756f59 and 0x6e697720756f59

I’m correct ?

SIGKILL [r4v463]
6 years ago

0

Yes, this is the ascii representation in hexa. Just remind that it’s written backward.

Reply has been removed
You must be logged in to reply to this discussion. Login
1 of 11

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss