Crackme0x08 Dissected with Radare2

Crackme0x08 Dissected with Radare2

It’s not something new that both password and the environment variable are the same for the last exercises. But the fact that the code itself is almost the same… Well, that’s boring! Anyway, let’s analyze crackme0x08 and see what it reserved for us. Getting the Crackme0x08 password through analysis Contrary to what I expected, the name of the functions is very similar to the ones in Crackme0x06. I expected to see names like fcn.0804xxxx, the next step of “evolution” when…

Read More Read More

Crackme0x07 Dissected with Radare2

Crackme0x07 Dissected with Radare2

Crackme0x07 is the exercise of this week. New tricks are used to make our task more difficult. This tricks includes function names identical to native functions. Let’s see. Getting the Crackme0x07 password through analysis Those functions in purple are the ones that need our attention. Let’s now “divide and conquer”… sub.LOLO_4b4 Just like the previous exercise, this one requires an environment variable “LOL” in order to obtain the “Password OK”. This function is responsible for checking if that variable exists….

Read More Read More

Crackme0x06 Dissected with Radare2

Crackme0x06 Dissected with Radare2

Crackme0x06! A new exercise, a new function. Also, some new tricks are used to obtain the so wanted “Password OK”. This exercise is very alike the previous one, so I won’t go through the functions already explained.   Getting the Crackme0x06 password through analysis As usual, let’s check the functions available. We’ve got a new function: dummy. One of the conditions that we saw before, must be met if we want to jump to this function, we need to sum…

Read More Read More

Crackme0x05 Dissected with Radare2

Crackme0x05 Dissected with Radare2

When I started writing this posts about radare2, I was expecting to learn how to work with this tool. That was the objective and what drove me to start this blog. What I was not expecting, was to learn something about Assembly. Crackme0x05 is the first from this series of exercises that made learn a new instruction. GREAT!!!   Getting the Crackme0x05 password through analysis Just like Crackme0x04, this crackme has multiple solutions. Also, it has multiple functions. Let’s start…

Read More Read More

Crackme0x04 Dissected with Radare2

Crackme0x04 Dissected with Radare2

All the exercises solved so far, had one thing in common: there was only one solution for the problem. Crackme0x04 does not inherit that characteristic because it has multiple solutions and has some tricks to calculate those solutions when compared to the previous crackme.   Getting the Crackme0x04 password through analysis afll shows two functions, the main and the check. Let’s print them. Well, we can see the same as in the previous exercises, the prints of all those strings…

Read More Read More

Radare2’s Visual Mode

Radare2’s Visual Mode

So far, I’ve been using strictly the command line prompt of radare2. I do believe this was the perfect choice to start learning how it works, to learn the basics so I can have a strong base of knowledge in this tool. But let’s be honest, as you evolve, it become tedious use just the command line and I started to feel this in Crackme0x03 when I needed to debug the shift function. An option, was to put a breakpoint…

Read More Read More

Crackme0x03 Dissected with Radare2

Crackme0x03 Dissected with Radare2

Crackme0x03 is the first of this series of exercises to have more that one function. It actually has three (important) functions, described below: main function, where the core code is test function, which tests our input and decides the flow of the program shift function, responsible for decrypt the string Getting the Crackme0x03 password through analysis From now on, I’ll jump the part where I check what the program does, because they all test a string/value. So, let’s check the…

Read More Read More

Crackme0x02 Dissected with Radare2

Crackme0x02 Dissected with Radare2

For the Crackme0x02, I’ll follow two approaches. First, I’m going to find out the password through analysis. Then, I’ll modify the program in order to accept any password. If you’re not acquainted with any of the commands used in this post, you can always take a look at Radare Basics. Let’s start and first of all, we need to run the program.  Like the previous exercise, this one is a password challenge.   Getting the Crackme0x02 password through analysis To…

Read More Read More

Crackme0x01 Dissected with Radare2

Crackme0x01 Dissected with Radare2

In order to have some insight of what are we dealing with, let’s run the Crackme0x01 program first. Password Challenge! Apparently, its just a simple program that tests a password entered by the user. Let’s dig in, starting Radare2 with analyze and debug options (check Radare Basics to find out how). Analysis So, first thing, let’s look at the functions present in the binary. IMHO, it’s always a good idea take a peek in the program functions with the aim…

Read More Read More

An excuse to learn Radare2

An excuse to learn Radare2

Four weeks ago, the opportunity to learn something about Reverse Engineering presented itself, I was asked to analyze and, if possible, modify a DOS executable. I saw this as a great excuse to tune my skills in assembly, so I began to search for a tool fitted for this task and as a main goal, I wanted to teach myself how to use it. A few searches lead me to Radare2. At that point, I had already heard about IDA,…

Read More Read More