Dr Von Noizeman’s Nuclear Bomb defused with Radare2

Dr Von Noizeman’s Nuclear Bomb defused with Radare2

Today, I bring to you another binary bomb that I found in 0x00sec website. This bomb has 4 stages, each one corresponding to a color. Let’s now defuse it, phase by phase. First, let’s take a look at the main menu of this Dr Von Noizeman’s nuclear bomb. Yellow Phase Yellow phase, it’s probably the easiest one in this binary bomb. It starts by asking you for a password that will be stored in obj.buffer. Looking at the code, you…

Read More Read More

BombLab Dissected with Radare2

BombLab Dissected with Radare2

The exercise of this week is a bomb! A binary one, of course. The bomblab is an exercise from the UCR that I found here. I ended up finding more bombs like this one in other sites and, for me, this exercise is more challenging that the previous crackme‘s. So, this is what the bomblab looks like. Awesome, right? If you list the functions present in the binary, you will be presented with a considerable number of functions. Seeking to…

Read More Read More

IOLI-Crackme with Radare2: Closing Thoughts

IOLI-Crackme with Radare2: Closing Thoughts

If you are an active reader of this blog (if you aren’t, why not start now?), then you probably know that I’ve been solving exercises from IOLI-Crackme aiming to learn about Radare2 and to take the first steps in the Reverse Engineering field, but you can read the full motivation in the first article that I wrote when I started this project. So, for the past weeks, I’ve been solving every IOLI-Crackme of this series of challenges, uploading content every…

Read More Read More

Crackme0x09 Dissected with Radare2

Crackme0x09 Dissected with Radare2

The IOLI-Crackme’s exercises have come to an end. Crackme0x09 is the last exercise of this series. Let’s start analyzing the Assembly to see what changed since the last exercise.   Getting the Crackme0x09 password through analysis When we check the available functions, we’re able to notice that the names have changed again, as they are similar to the native functions. Another detail is that there are no strings visible in the code. Although, we can see there are strings in…

Read More Read More

Crackme0x08 Dissected with Radare2

Crackme0x08 Dissected with Radare2

It’s not something new that both password and the environment variable are the same for the last exercises. But the fact that the code itself is almost the same… Well, that’s boring! Anyway, let’s analyze crackme0x08 and see what it reserved for us. Getting the Crackme0x08 password through analysis Contrary to what I expected, the name of the functions is very similar to the ones in Crackme0x06. I expected to see names like fcn.0804xxxx, the next step of “evolution” when…

Read More Read More

Crackme0x07 Dissected with Radare2

Crackme0x07 Dissected with Radare2

Crackme0x07 is the exercise of this week. New tricks are used to make our task more difficult. This tricks includes function names identical to native functions. Let’s see. Getting the Crackme0x07 password through analysis Those functions in purple are the ones that need our attention. Let’s now “divide and conquer”… sub.LOLO_4b4 Just like the previous exercise, this one requires an environment variable “LOL” in order to obtain the “Password OK”. This function is responsible for checking if that variable exists….

Read More Read More

Crackme0x06 Dissected with Radare2

Crackme0x06 Dissected with Radare2

Crackme0x06! A new exercise, a new function. Also, some new tricks are used to obtain the so wanted “Password OK”. This exercise is very alike the previous one, so I won’t go through the functions already explained.   Getting the Crackme0x06 password through analysis As usual, let’s check the functions available. We’ve got a new function: dummy. One of the conditions that we saw before, must be met if we want to jump to this function, we need to sum…

Read More Read More

Crackme0x05 Dissected with Radare2

Crackme0x05 Dissected with Radare2

When I started writing this posts about radare2, I was expecting to learn how to work with this tool. That was the objective and what drove me to start this blog. What I was not expecting, was to learn something about Assembly. Crackme0x05 is the first from this series of exercises that made learn a new instruction. GREAT!!!   Getting the Crackme0x05 password through analysis Just like Crackme0x04, this crackme has multiple solutions. Also, it has multiple functions. Let’s start…

Read More Read More

Crackme0x04 Dissected with Radare2

Crackme0x04 Dissected with Radare2

All the exercises solved so far, had one thing in common: there was only one solution for the problem. Crackme0x04 does not inherit that characteristic because it has multiple solutions and has some tricks to calculate those solutions when compared to the previous crackme.   Getting the Crackme0x04 password through analysis afll shows two functions, the main and the check. Let’s print them. Well, we can see the same as in the previous exercises, the prints of all those strings…

Read More Read More

Radare2’s Visual Mode

Radare2’s Visual Mode

So far, I’ve been using strictly the command line prompt of radare2. I do believe this was the perfect choice to start learning how it works, to learn the basics so I can have a strong base of knowledge in this tool. But let’s be honest, as you evolve, it become tedious use just the command line and I started to feel this in Crackme0x03 when I needed to debug the shift function. An option, was to put a breakpoint…

Read More Read More