Brain Dump
  • Description
  • Reversing
    • IOLI Crackme 0x00
    • IOLI Crackme 0x01
    • IOLI Crackme 0x02
  • Malware Analysis
    • Mozi Botnet
    • VBS.Dunihi
    • SUNNYSTATION
    • PMA Chapter 1 - Labs
      • PMA Chapter 1-02 - Labs
      • PMA Chapter 1-03 - Labs
      • PMA Chapter 1-04 - Labs
Powered by GitBook
On this page

Was this helpful?

  1. Reversing

IOLI Crackme 0x01

Writeup

PreviousIOLI Crackme 0x00NextIOLI Crackme 0x02

Last updated 4 years ago

Was this helpful?

In this write up i'll resolve the challenge IOLI Crackme specific the level 0x01 with the tool radare2. First of all run the executable to check a random password and validate.

After that lets analyzing with radare2. Like the previous writeup use aaaa to analyze the executable.

So if you move to the main function and print it you can see something like the image below. In the image we can see that a variable is compared(cmp) with the value 0x149a what in decimal is 5274. If the variable is equal at that value get moving to the conditional je and print the message "Password OK :)" if not print the message "Invalid Password". So if we try 5274 as a password the crackme accept it.

To patch the binary to accept any password we need to change the je conditional to the unconditional jmp, because jmp dont need to perform some condition and with this the binary accept any password. So we need to start radare in write mode with the flag -w. In the image below we can see how to write jmp into je, the equals of 740e in jmp is eb0e. So with the command wx we write the instruction jmp and the lenght of 9. After that the binary is patched and accept any password.

Hope you enjoy the writeup and feel free to get in touch with me if you have questions or suggestions.

Reference

Binary source

https://www.tutorialspoint.com/assembly_programming/assembly_conditions.htm
https://github.com/Maijin/radare2-workshop-2015/tree/master/IOLI-crackme
;)