Go4Expert

Go4Expert (http://www.go4expert.com/)
-   Ethical hacking Tips (http://www.go4expert.com/articles/ethical-hacking-tutorials/)
-   -   Basics of CrackMe With Sample and Example - Part 4 (http://www.go4expert.com/articles/basics-crackme-sample-example-part-4-t24957/)

lionaneesh 13Feb2011 01:47

Basics of CrackMe With Sample and Example - Part 4
 
In this article we'll be seeing yet another easy crackme... This crackme is another simple compare crackme but uses ints with C fuctions like scanf() etc..

For Earlier parts refer
  1. Basics of CrackMe With Sample and Example
  2. Basics of CrackMe With Sample and Example - Part 2
  3. Basics of CrackMe With Sample and Example - Part 3

Cracking



Lets first run the program and see what it has to tell us..

Code:

aneesh@aneesh-laptop:~$ '/home/aneesh/Desktop/mycrk'

Type cd-key: Aneesh

wrong!

Ok..So lets fire up GDB and lets crack this..

Code:

aneesh@aneesh-laptop:~$ gdb '/home/aneesh/Desktop/mycrk'

GNU gdb (GDB) 7.1-ubuntu

Copyright (C) 2010 Free Software Foundation, Inc.

License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html>

This is free software: you are free to change and redistribute it.

There is NO WARRANTY, to the extent permitted by law.  Type "show copying"

and "show warranty" for details.

This GDB was configured as "i486-linux-gnu".

For bug reporting instructions, please see:

<http://www.gnu.org/software/gdb/bugs/>...

Reading symbols from /home/aneesh/Desktop/mycrk...done.

(gdb)

Now lets dissassemble the code in the intel syntax..
Code: asm

(gdb) set disassembly-flavor intel

(gdb) disas main

Dump of assembler code for function main:

   0x080483c4 <+0>: push   ebp

   0x080483c5 <+1>: mov    ebp,esp

   0x080483c7 <+3>: sub    esp,0x18

   0x080483ca <+6>: and    esp,0xfffffff0

   0x080483cd <+9>: mov    eax,0x0

   0x080483d2 <+14>:    sub    esp,eax

   0x080483d4 <+16>:    mov    DWORD PTR [ebp-0x4],0x11e67
    ; some ints here
   0x080483db <+23>:    mov    DWORD PTR [ebp-0x8],0x5b1270
    ; some int declarations
   0x080483e2 <+30>:    mov    DWORD PTR [ebp-0x10],0x6
    ;
   0x080483e9 <+37>:    sub    esp,0xc

   0x080483ec <+40>:    push   0x8048514
                    ; The printf(“String”)
   0x080483f1 <+45>:    call   0x80482e4 <printf@plt>
            ; Call the printf
   0x080483f6 <+50>:    add    esp,0x10
                    ; Clean up the stack
   0x080483f9 <+53>:    sub    esp,0x8
                        ;
   0x080483fc <+56>:    lea    eax,[ebp-0xc]
    ; load ebp-0xc it shpuld be the pre initialised int where the value entered by the user will be inputed
   0x080483ff <+59>:    push   eax
            ; Push the syscall no
   0x08048400 <+60>:    push   0x8048522
    ; Push the string it is “%d” we'll check it
   0x08048405 <+65>:    call   0x80482c4 <scanf@plt>
    ;Call the scanf
   0x0804840a <+70>:    add    esp,0x10
            ; Clear the stack
   0x0804840d <+73>:    mov    eax,DWORD PTR [ebp-0x8]
    ;
   0x08048410 <+76>:    cmp    eax,DWORD PTR [ebp-0xc]  ;; its basically comparing the ont we inputed by the int declared already

   0x08048413 <+79>:    jne    0x8048432 <main+110>
 ; jmp to fail printf() and exit if we are unsuccessful
---Type <return> to continue, or q <return> to quit---

   0x08048415 <+81>:    mov    edx,DWORD PTR [ebp-0x10]
 ; else
   0x08048418 <+84>:    lea    eax,[ebp-0x4]
            ; Print the success string
   0x0804841b <+87>:    xor    DWORD PTR [eax],edx
    ; eax = eax^edx
                                    ; This certainly means that
                                    ; ebp-0x4 = ebp-0x4 ^ ebp-0x10
   0x0804841d <+89>:    sub    esp,0x8
                ; clear the stack
   0x08048420 <+92>:    push   DWORD PTR [ebp-0x4]
    ; Push the xored output
   0x08048423 <+95>:    push   0x8048525
            ; Push %d
   0x08048428 <+100>:   call   0x80482e4 <printf@plt>  ; Printf the string

   0x0804842d <+105>:   add    esp,0x10
            ;Clear the stack
   0x08048430 <+108>:   jmp    0x8048442 <main+126>
    ; exit
   0x08048432 <+110>:   sub    esp,0xc

   0x08048435 <+113>:   push   0x8048529

   0x0804843a <+118>:   call   0x80482e4 <printf@plt>

   0x0804843f <+123>:   add    esp,0x10

   0x08048442 <+126>:   mov    eax,0x0

   0x08048447 <+131>:   leave 

   0x08048448 <+132>:   ret   

End of assembler dump.

(gdb)

So if we see the source above ..

We can see that we have 3 int declarations at the top ..

These ints are defined above and are used to compare the pass we entered..

I tried to make the rest of code as simple as possible ...I hope you understand the source..

The main line of code is the compare statement
Code: asm

0x0804840d <+73>:   mov    eax,DWORD PTR [ebp-0x8]
    ;
0x08048410 <+76>:   cmp    eax,DWORD PTR [ebp-0xc] ;; its basically comparing the ont we inputed by the int declared already
 


So basically we are comparing out input (ebp-0xC) and the int specified (ebp-0x8)
So lets see whats is ebp-0x8
Code: asm

0x080483db <+23>:   mov    DWORD PTR [ebp-0x8],0x5b1270
    ; some int declarations
 

So basically 0x5b1270 is the cd-key..

As we are inputing data in int(“%d”) format so we need to first convert this pass to int then test it aginst the program..

Lets do it..

0x5b1270 = 5968496 // in int format

Lets test it against the program
Code:

aneesh@aneesh-laptop:~$ '/home/aneesh/Desktop/mycrk'

Type cd-key: 5968496

73313

And again we did it!! WOW!!!!
Thanks for reading and stay tuned

lionaneesh 15Feb2011 23:09

Re: Basics of CrackMe With Sample and Example - Part 4
 
Thanks a ton for accepting.. I hope the viewers like it!!!!

lionaneesh 19Feb2011 20:39

Re: Basics of CrackMe With Sample and Example - Part 4
 
The post is not related to the thread..
I think shabbir you should check...

shabbir 20Feb2011 08:29

Re: Basics of CrackMe With Sample and Example - Part 4
 
Quote:

Originally Posted by lionaneesh (Post 79591)
The post is not related to the thread..
I think shabbir you should check...

Please don't quote those post into your post or else I have to edit yours as well.

lionaneesh 6Apr2011 20:01

Re: Basics of CrackMe With Sample and Example - Part 4
 
Hey Viewers :-

I wanted to ask you guyz.. If you are liking my crackme's tutorials and want to view more..
If yes please reply!!

ishaqforu 31May2011 22:00

Re: Basics of CrackMe With Sample and Example - Part 4
 
Hello Everyone,

Does 'CrackMe' can be used to get the keys for the trial softwares.

Ishaq.

lionaneesh 31May2011 22:14

Re: Basics of CrackMe With Sample and Example - Part 4
 
Quote:

Originally Posted by ishaqforu (Post 83725)
Hello Everyone,

Does 'CrackMe' can be used to get the keys for the trial softwares.

Ishaq.

Yes! even the top Softs ca be cracked but it obviously increases the difficulty


All times are GMT +5.5. The time now is 21:43.