initial commit
This commit is contained in:
33
1/README.md
Normal file
33
1/README.md
Normal file
@ -0,0 +1,33 @@
|
||||
# CrackMeOne
|
||||
|
||||
## Steps
|
||||
|
||||
- Launch x32dbg and open the exe
|
||||
|
||||
- Run up until `EntryPoint`
|
||||
|
||||
- Open the strings view
|
||||
|
||||
- Find
|
||||
|
||||
> Congratulations, you found the secret password
|
||||
|
||||
This must be our code path on success. Double click to find it in the assembly view.
|
||||
|
||||
- Insert some breakpoints before and play around with entering password (anything is fine) and stepping through code, observing registers etc.
|
||||
|
||||
- Observe that there is a loop iterating through bytes at `*eax` and `*ecx` and comparing them.
|
||||
eax points to our entered password, ecx points to `j5%9lk`.
|
||||
|
||||
- Clearly we are checking for equality between these two strings, thus this is the password.
|
||||
|
||||
- If we complete the loop, we jump straight to the `test eax, eax` that gates the success path. If we don't, we jump a few instrs before, where `eax` is set to a value that is always non-zero (thus we take the branch, which we don't want to).
|
||||
`eax` will be zero in the success path due to the final equality check being performed on the null-byte string terminator.## Solution
|
||||
|
||||
|
||||
|
||||
## Solution
|
||||
|
||||
Password: `j5%9lk`.
|
||||
|
||||
|
||||
Reference in New Issue
Block a user