Language:
Unspecified/other
Upload:
7:57 PM 02/11/2024
Description
Simple piece of code created as my first Rust program and Crackme. Coded it in Wsl Ubuntu, if you encounter a problem contact me via the comment section.
saSHA256 on 6:35 PM 02/12/2024: Pretty sure your program is not working as intended for me. Please correct me if I'm wrong.
I think I managed to find the password, however the program does not accept it. TO avoid spoiling it, let's assume the password is SECRET (which it is not).
I managed to debug it with gdb and found out that if I enter "SECRET" as password the program actually records "SECRET\n" as my input and then string comparison fails because the length of my input does not match the length of the password.
Am I missing something?
Oxymore on 9:38 PM 02/12/2024: Yeahhh sorry I am a beginner in coding ! The password you inputed is not right but it's my program that isn't working. I don't know why but like you said, the string comparaison is not working. It's an if statement. Maybe i can send you the code that I wrote to see if you can correct me !
Oxymore on 10:31 PM 02/12/2024: Okay fixed it ! Basically the user input was put into the 'input' value with the newline (\n) character, character that the password string didn't included. I used the trim method to correct that problem and compiled it again. If you want the new program I can create a new crackme.
Oxymore on 10:35 PM 02/12/2024: You are very talented into reverse engineering, thanks a lot and goodbye !
saSHA256 on 8:01 AM 02/13/2024: Thanks for looking into it!
Oxymore on 9:05 AM 02/13/2024: So what paswword di you find ?
I think I am gonna create another crackme to put the corrected version of the crackme, don't hesitate to check if you're password is right !
saSHA256 on 11:15 AM 02/13/2024: It was "NoiCe"
cnathansmith on 10:32 PM 02/14/2024: I've included a patched version of the binary in the solution I posted that works as intended
zdu on 7:18 AM 02/29/2024: Was the inconsistency in length caused by the command line input \n intentionally left there?
cnathansmith on 8:16 PM 02/29/2024: @zdu yes. The size of the input string has to be reduced by 1 to trim off the newline. The patch I made is really hacky -- it should've just gone in a new segment -- but it gets the job done lol
boritopalittoo on 1:26 PM 03/15/2024: "NoiCe"
LeonUPazz on 8:06 AM 04/15/2024: The problem is that the program doesn't account for the newline. If you change the last character of the password to 0xa (\n) it accepts the password, otherwise it won't.
You must me logged to submit a solution
Solution by cnathansmith:
Walk-through showing how to find the correct password and then patch the binary to fix the validation bug