IOLI Crackme 0x00

Writeup

IOLI Crackme

In this write up i'll resolve the challenge IOLI Crackme specific the level 0x00 with 2 tools: radare2 and ghidra. The goal of this challenge is crack the executable to accept any password.

radare2

If we run the binary and type some random password dont accept it. So lets start with the challenge.

The first thing that we need to do is load and parse the binary with r2 using the command aaaa.

One of the firts things to check in a binary is look at the strings in this case with r2 to do that we need to use the command iz. In the image below we can see that the password for the binary is 250382 lets check.

To edit the binary and allow any password we need to start r2 in write mode with the next command r2 -w crackme0x00.exe . Next we compile it and go to the main function and print less lines with the command pd #length . In the red box have a conditional jump[je] that is the validation of the password input but we change it to a unconditional jump that doesn't follow the execution instruction = accept any password.

https://www.tutorialspoint.com/assembly_programming/assembly_conditions.htm

With the command wx that means write hex in the current offset we add eb and print the output of our change. So now lets check the binary to see if the solution works.

;)

ghidra

The first thing to do is compile the binary after that we see a screen with the code. The second thing to do is Analyze the binary so ghidra now can interpret and then in the symbol tree we can search for the main function and see the password .

Hope you enjoy the writeup and feel free to get in touch with me if you have questions or suggestions.

Binary source: https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme