jack/crackmes
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e341625a66
crackmes/1/README.md
Jack Bond-Preston e341625a66
initial commit
2023-02-13 15:42:53 +00:00

1.1 KiB
Raw Blame History

CrackMeOne

Steps

  • Launch x32dbg and open the exe

  • Run up until EntryPoint

  • Open the strings view

  • Find

    Congratulations, you found the secret password

    This must be our code path on success. Double click to find it in the assembly view.

  • Insert some breakpoints before and play around with entering password (anything is fine) and stepping through code, observing registers etc.

  • Observe that there is a loop iterating through bytes at *eax and *ecx and comparing them. eax points to our entered password, ecx points to j5%9lk.

  • Clearly we are checking for equality between these two strings, thus this is the password.

  • If we complete the loop, we jump straight to the test eax, eax that gates the success path. If we don't, we jump a few instrs before, where eax is set to a value that is always non-zero (thus we take the branch, which we don't want to). eax will be zero in the success path due to the final equality check being performed on the null-byte string terminator.## Solution

Solution

Password: j5%9lk.