In this article we'll be seeing yet another easy crackme... This crackme is another simple compare crackme but uses ints with C fuctions like scanf() etc.. For Earlier parts refer Basics of CrackMe With Sample and Example Basics of CrackMe With Sample and Example - Part 2 Basics of CrackMe With Sample and Example - Part 3 Cracking Lets first run the program and see what it has to tell us.. Code: aneesh@aneesh-laptop:~$ '/home/aneesh/Desktop/mycrk' Type cd-key: Aneesh wrong! Ok..So lets fire up GDB and lets crack this.. Code: aneesh@aneesh-laptop:~$ gdb '/home/aneesh/Desktop/mycrk' GNU gdb (GDB) 7.1-ubuntu Copyright (C) 2010 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software: you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. Type "show copying" and "show warranty" for details. This GDB was configured as "i486-linux-gnu". For bug reporting instructions, please see: <http://www.gnu.org/software/gdb/bugs/>... Reading symbols from /home/aneesh/Desktop/mycrk...done. (gdb) Now lets dissassemble the code in the intel syntax.. Code: (gdb) set disassembly-flavor intel (gdb) disas main Dump of assembler code for function main: 0x080483c4 <+0>: push ebp 0x080483c5 <+1>: mov ebp,esp 0x080483c7 <+3>: sub esp,0x18 0x080483ca <+6>: and esp,0xfffffff0 0x080483cd <+9>: mov eax,0x0 0x080483d2 <+14>: sub esp,eax 0x080483d4 <+16>: mov DWORD PTR [ebp-0x4],0x11e67 ; some ints here 0x080483db <+23>: mov DWORD PTR [ebp-0x8],0x5b1270 ; some int declarations 0x080483e2 <+30>: mov DWORD PTR [ebp-0x10],0x6 ; 0x080483e9 <+37>: sub esp,0xc 0x080483ec <+40>: push 0x8048514 ; The printf(“String”) 0x080483f1 <+45>: call 0x80482e4 <printf@plt> ; Call the printf 0x080483f6 <+50>: add esp,0x10 ; Clean up the stack 0x080483f9 <+53>: sub esp,0x8 ; 0x080483fc <+56>: lea eax,[ebp-0xc] ; load ebp-0xc it shpuld be the pre initialised int where the value entered by the user will be inputed 0x080483ff <+59>: push eax ; Push the syscall no 0x08048400 <+60>: push 0x8048522 ; Push the string it is “%d” we'll check it 0x08048405 <+65>: call 0x80482c4 <scanf@plt> ;Call the scanf 0x0804840a <+70>: add esp,0x10 ; Clear the stack 0x0804840d <+73>: mov eax,DWORD PTR [ebp-0x8] ; 0x08048410 <+76>: cmp eax,DWORD PTR [ebp-0xc] ;; its basically comparing the ont we inputed by the int declared already 0x08048413 <+79>: jne 0x8048432 <main+110> ; jmp to fail printf() and exit if we are unsuccessful ---Type <return> to continue, or q <return> to quit--- 0x08048415 <+81>: mov edx,DWORD PTR [ebp-0x10] ; else 0x08048418 <+84>: lea eax,[ebp-0x4] ; Print the success string 0x0804841b <+87>: xor DWORD PTR [eax],edx ; eax = eax^edx ; This certainly means that ; ebp-0x4 = ebp-0x4 ^ ebp-0x10 0x0804841d <+89>: sub esp,0x8 ; clear the stack 0x08048420 <+92>: push DWORD PTR [ebp-0x4] ; Push the xored output 0x08048423 <+95>: push 0x8048525 ; Push %d 0x08048428 <+100>: call 0x80482e4 <printf@plt> ; Printf the string 0x0804842d <+105>: add esp,0x10 ;Clear the stack 0x08048430 <+108>: jmp 0x8048442 <main+126> ; exit 0x08048432 <+110>: sub esp,0xc 0x08048435 <+113>: push 0x8048529 0x0804843a <+118>: call 0x80482e4 <printf@plt> 0x0804843f <+123>: add esp,0x10 0x08048442 <+126>: mov eax,0x0 0x08048447 <+131>: leave 0x08048448 <+132>: ret End of assembler dump. (gdb) So if we see the source above .. We can see that we have 3 int declarations at the top .. These ints are defined above and are used to compare the pass we entered.. I tried to make the rest of code as simple as possible ...I hope you understand the source.. The main line of code is the compare statement Code: 0x0804840d <+73>: mov eax,DWORD PTR [ebp-0x8] ; 0x08048410 <+76>: cmp eax,DWORD PTR [ebp-0xc] ;; its basically comparing the ont we inputed by the int declared already So basically we are comparing out input (ebp-0xC) and the int specified (ebp-0x8) So lets see whats is ebp-0x8 Code: 0x080483db <+23>: mov DWORD PTR [ebp-0x8],0x5b1270 ; some int declarations So basically 0x5b1270 is the cd-key.. As we are inputing data in int(“%d”) format so we need to first convert this pass to int then test it aginst the program.. Lets do it.. 0x5b1270 = 5968496 // in int format Lets test it against the program Code: aneesh@aneesh-laptop:~$ '/home/aneesh/Desktop/mycrk' Type cd-key: 5968496 73313 And again we did it!! WOW!!!! Thanks for reading and stay tuned
Hey Viewers :- I wanted to ask you guyz.. If you are liking my crackme's tutorials and want to view more.. If yes please reply!!