crackmes/1
2023-02-13 15:42:53 +00:00
..
README.md initial commit 2023-02-13 15:42:53 +00:00

CrackMeOne

Steps

  • Launch x32dbg and open the exe

  • Run up until EntryPoint

  • Open the strings view

  • Find

    Congratulations, you found the secret password

    This must be our code path on success. Double click to find it in the assembly view.

  • Insert some breakpoints before and play around with entering password (anything is fine) and stepping through code, observing registers etc.

  • Observe that there is a loop iterating through bytes at *eax and *ecx and comparing them. eax points to our entered password, ecx points to j5%9lk.

  • Clearly we are checking for equality between these two strings, thus this is the password.

  • If we complete the loop, we jump straight to the test eax, eax that gates the success path. If we don't, we jump a few instrs before, where eax is set to a value that is always non-zero (thus we take the branch, which we don't want to). eax will be zero in the success path due to the final equality check being performed on the null-byte string terminator.## Solution

Solution

Password: j5%9lk.