zx81 on 2021-05-08 20:44:
Nice little challenge 1st Linux one I've looked at admittedly under Windows with static analysis.. I won't reveal the password. But it's a simple 8 charicter xor'd password. I don't fully understand the stack protection code but it was interesting.
SeppNel on 2021-05-11 08:44:
Hi, This was the first binary that I tried to reverse engineer with ghidra and is great for a beginner like me. I managed to get the password, but there are some things that i don't understand and I was looking for someone who can explain some things to me.
First, the password variable seems to be backwards and the last byte is the same as the xor key. Second, when checking the password shouldn't it overflow?
Sorry if this are noob questions or if this is not the place to ask. Here is a screenshot of my decompiled code.
https://imgpile.com/images/7eVscb.png
DirkD on 2021-05-11 20:43:
@Seppnel Ghidra makes this a lot easier with its decompiler. But remember the code generated is only a representation not the exact code. The string is not reversed but the way Ghidra shows it is not as a string but a value. the 0x55 at the beginning is not used when you run the code.Its just used as placeholder.
lemma on 2021-05-12 00:48:
Good beginner friendly challenge. I solved it by reading the very readable asm code and xoring one 64 bit value, both in radare2. First the key did not work, but i tried a very obvious/similar key, and that did the trick.
AwayyGG on 2021-05-15 23:45:
[Click to reveal]Password: NiceDude
You're given a buffer in hex and are asked to xor each char by 0x55(85 in decimal), thats how you get your key
devalfo on 2021-05-17 00:44:
please don't spoil the challenge in the comments
DirkD on 2021-05-17 20:50:
@Admin could you remove the spoiler post in comments?
Anhkhoa on 2021-05-20 08:09:
why xor 0x30 and 0x55 ??
bob123 on 2021-06-14 20:23:
Nice challenge to get back into reversing :)
littleb on 2021-06-21 10:26:
I solved it in static analysis with Radare2. I found this challenge simple but very interesting. it changes a bit from the classic easy crackme. Thanks !
Solution by lxeiqr on 2021-05-12 20:41: The "key" was extracted from a constant variable in the program, while the magic 0x30 number was extracted from a variable, that the main loop buffer overflows into. These have to be processed (each char has to be XORed with 0x55) and then you get the final key.