CC: Radare2

Command Line Options

Analyzation

Information

Navigating Through Memory

Printing

The Mid-term

Debugging

Visual Mode

Write Mode

The Final Exam

The first step to solve this crackme was to disassemble main and set a breakpoint at the strcmp function.

Looking at this code we can see that if the password we provide is equal to youdidit we solve the crackme. But its not so simple, because the password we provide before being compared with that string goes through a function called get_password.

In this function we can see that there is a loop. It seems to go though every character of our input and increment it by 9? until the value of var_4h is 7, or less than 8, and then returns the now modified input to the main function to be compared with youdidit. Much like a Caesar cipher with a key of 9. So let's try to input a bunch of a's as the password to see what happens.

We know that once returned to the main function, the value of our modified input is stored in rdi.

So our 7 a are now 7 k. Interesting! Looking at an ASCII table we can confirm the the shift of the characters was an increment by 9.

So all we have to do is take the string youdidit and decrement it by 9. We can use a programming language to do this or we can just do it by hand looking at this chart. We end up with the string oekZ_Z_j. We can now test it in the debugger.

We can see that we have managed to match the string youdidit