Oxymore's Password

Author:
Oxymore

Language:
Unspecified/other

Upload:
2024-02-11 19:57

Download

Platform:
Unix/linux etc.

Difficulty:
1.2

Quality:
2.2

Arch:
x86-64

Downloads:
10

Size:
4.22 MB

Writeups:
1

Comments:
12

Description

Simple piece of code created as my first Rust program and Crackme. Coded it in Wsl Ubuntu, if you encounter a problem contact me via the comment section.

Comments (12)
Writeups (1)

You must be logged in to post a comment

saSHA256 on 2024-02-12 18:35: Pretty sure your program is not working as intended for me. Please correct me if I'm wrong. I think I managed to find the password, however the program does not accept it. TO avoid spoiling it, let's assume the password is SECRET (which it is not). I managed to debug it with gdb and found out that if I enter "SECRET" as password the program actually records "SECRET\n" as my input and then string comparison fails because the length of my input does not match the length of the password. Am I missing something?

Oxymore on 2024-02-12 21:38: Yeahhh sorry I am a beginner in coding ! The password you inputed is not right but it's my program that isn't working. I don't know why but like you said, the string comparaison is not working. It's an if statement. Maybe i can send you the code that I wrote to see if you can correct me !

Oxymore on 2024-02-12 22:31: Okay fixed it ! Basically the user input was put into the 'input' value with the newline (\n) character, character that the password string didn't included. I used the trim method to correct that problem and compiled it again. If you want the new program I can create a new crackme.

Oxymore on 2024-02-12 22:35: You are very talented into reverse engineering, thanks a lot and goodbye !

saSHA256 on 2024-02-13 08:01: Thanks for looking into it!

Oxymore on 2024-02-13 09:05: So what paswword di you find ? I think I am gonna create another crackme to put the corrected version of the crackme, don't hesitate to check if you're password is right !

saSHA256 on 2024-02-13 11:15: [Click to reveal]

cnathansmith on 2024-02-14 22:32: I've included a patched version of the binary in the solution I posted that works as intended

zdu on 2024-02-29 07:18: Was the inconsistency in length caused by the command line input \n intentionally left there?

cnathansmith on 2024-02-29 20:16: @zdu yes. The size of the input string has to be reduced by 1 to trim off the newline. The patch I made is really hacky -- it should've just gone in a new segment -- but it gets the job done lol

boritopalittoo on 2024-03-15 13:26: [Click to reveal]

LeonUPazz on 2024-04-15 08:06: The problem is that the program doesn't account for the newline. If you change the last character of the password to 0xa (\n) it accepts the password, otherwise it won't.

Show all spoilers

You must be logged in to submit a writeup

Solution by cnathansmith on 2024-02-13 09:00:
Walk-through showing how to find the correct password and then patch the binary to fix the validation bug

Download

crackmes.one

crackmes.one

Oxymore's Password