.. | ||
README.md |
CrackMeOne
Steps
-
Launch x32dbg and open the exe
-
Run up until
EntryPoint
-
Open the strings view
-
Find
Congratulations, you found the secret password
This must be our code path on success. Double click to find it in the assembly view.
-
Insert some breakpoints before and play around with entering password (anything is fine) and stepping through code, observing registers etc.
-
Observe that there is a loop iterating through bytes at
*eax
and*ecx
and comparing them. eax points to our entered password, ecx points toj5%9lk
. -
Clearly we are checking for equality between these two strings, thus this is the password.
-
If we complete the loop, we jump straight to the
test eax, eax
that gates the success path. If we don't, we jump a few instrs before, whereeax
is set to a value that is always non-zero (thus we take the branch, which we don't want to).eax
will be zero in the success path due to the final equality check being performed on the null-byte string terminator.## Solution
Solution
Password: j5%9lk
.