Upload:
8:16 PM 07/05/2025
Description
Something's wrong... I can feel it
You must be logged in to post a comment
Boozy on 1:57 PM 07/06/2025: so in _start u can see the param's thats being passed to main is under going 1(so if x its passed as x/2) so when u pass ./argc x x,u are correct but not correct as in main the first param is being compared to 3(param_1==3) so,u either have to patch so param_1 == 1 or remove the 1.hope it helps :)
Ja4V8s28Ck on 2:17 PM 07/06/2025: @Boozy, You are right the argument count is cut in half during the `cmp`, So './argc deadbeef deadbeef deadbeef deadbeef deadbeef deadbeef' will work, but my question is why is the argument halved, I dont see any line of code that explain this behavior, So did you find any reason??
subham on 2:31 PM 07/06/2025: Help me , I am so confused !! it simply asks for 3 args I did ./argc hello hello doesn't it should be 3 ? Then i patched the je to jmp and still i am stuck at please provide valid args !
Ja4V8s28Ck on 3:15 PM 07/06/2025: @subham, There are 2 ways to solve this
1. Giving the proper number of arguments
2. Patching
So if you properly patch, it will definitely work.
Boozy on 4:36 AM 07/07/2025: @Ja48s28Ck it haves the number of arguments becaus in the _start function,the func which calls the main along with the arguments does a right shift by 1 on the first parameter which is basically dividing by 2,the first parameter holds the value of number of arguments entered
mabdelou on 2:01 PM 07/20/2025: as Boozy says. the argc are getting dividing by 2 in _start lable exactly at "10e1: d0 e8 shr al, 1" which means shift al by 1 or in another word dividing by 2. so to solve the issue you need to pass the five or six parameters which will be later dividing by two to be 3 before pass to main function. or you just simply change "d0 e8" from the argc binary in line "10e1" or "10e0" to "04 00" which mean add al, 0 this just overrid the shifting logic and do logic that do nothing. so by that we can now run ./argc 1 1 and it will work just fine. i hope you find my explaining usefull.
chai_homack on 7:38 PM 08/02/2025: ghidra says: __libc_start_main(main,in_stack_00000000 1,&stack0x00000008,0,0); but normally it should be without 1, so crackme wants 6 args cuz 110 1 = 011 = 3 [chai@archlinux ~]$ ./argc huh huh 4 5 6
correct! (˶ᵔ ᵕ ᵔ˶)
[chai@archlinux ~]$
You must be logged in to submit a writeup