If you are an active reader of this blog (if you aren’t, why not start now?), then you probably know that I’ve been solving exercises from IOLI-Crackme aiming to learn about Radare2 and to take the first steps in the Reverse Engineering field, but you can read the full motivation in the first article that I wrote when I started this project.
So, for the past weeks, I’ve been solving every IOLI-Crackme of this series of challenges, uploading content every Monday. Crackme0x09 marks the end of this chapter. During this time, I was able to experience the power of Radare2 but I completely understand that only scratched the surface of such powerful tool.
About Radare2, in one of my first posts on this blog, I made an article where I listed and described every command that I used to solve the crackmes. I kept this list updated and I plan to keep it that way: always updated! There, you can find a brief explanation for every command as well as alternatives to start Radare2.
I’m not going to describe, nor even explain and rate every crackme, because at this point, that does not make sense to me, considering that I’ve done it for that past weeks, and also because you can check it. But as a quick review, I can tell that I do not think the level of expertise required is that high. Crackme0x01 is pretty simple and straightforward and the following exercises just keep adding more tricks and obfuscation techniques.
I did enjoy very much the Crackme0x05 because it truly taught me something new, the test operator. One of my most important goals is really that, learn! The next challenge, Crackme0x06 was very nice too, considering that made me bang my head on the wall for a while until I understand all that environment variables stuff. I did not find the next challenges to be much more sophisticated, even with those obfuscation techniques, like hiding the strings to print bewind a memory address which needed to be calculated.
Let me now talk about Visual Mode. Since Crackme0x03 from the series of IOLI-Crackme exercises, I’ve been using 90% of Visual Mode and 10% of Radare’s CLI. Using the CLI is a great way to learn the basics of Radare2, and I strongly advise everyone to start there, but it becomes very difficult to just use this mode when you are analyzing “large” binaries. Furthermore, there is a great chance of making some mistake when you have many variables and start jumping from function to function.
Visual Mode kind of simplifies this task. It’s so much better to use Visual Mode, I can set up breakpoints so much faster and see the value of the registers and stack in real time.
I do understand that the videos where I use the Visual Mode are not as clear as those where I strictly use the CLI, but I think that’s a way of encouraging the discussion about the challenges in the different platforms, for example reddit.
All things considered, it’s has been an awesome experience solving these challenges, I’m now so much more comfortable with Radare2. For now, I think I’ll keep solving challenges about Reverse Engineering, but that does not mean that the purpose of this blog is strictly to solve Reverse Engineering problems, or generally speaking, that this is a Reverse Engineering blog. For now, it has only Reverse Engineering content, but I don’t intend to keep it that way for much longer.