Zenk - Security

Outils d'utilisateurs

Outils du Site

Piste: reverse4
hackingweek_2014:reverse:reverse4

Ceci est une ancienne révision du document !

Reverse 4

Executable : https://repo.zenk-security.com/hackingweek2014_ctf/crackme-04 

$ file crackme-04
crackme-04: ELF 64-bit LSB executable, x86-64, version 1 (GNU/Linux), statically linked, for GNU/Linux 2.6.32, BuildID[sha1]=b3e7c4ad973543e323fad16c09fca15914211fa0, not stripped

La crackme 4 est un ELF 64 bits, compilé en static, mais non strippé, ce qui signifie que les symboles sont toujours présents. 

.text:000000000040103E main            proc near
.text:000000000040103E
.text:000000000040103E var_8           = qword ptr -8
.text:000000000040103E
.text:000000000040103E                 push    rbp
.text:000000000040103F                 mov     rbp, rsp
.text:0000000000401042                 sub     rsp, 10h
.text:0000000000401046                 mov     rax, cs:stdout
.text:000000000040104D                 mov     rcx, rax
.text:0000000000401050                 mov     edx, 26h
.text:0000000000401055                 mov     esi, 1
.text:000000000040105A                 mov     edi, offset aWelcomeToTheCr ; "Welcome to the crackme !!!\n\nPassword: "
.text:000000000040105F                 call    fwrite
.text:0000000000401064                 lea     rax, [rbp+var_8]
.text:0000000000401068                 mov     rsi, rax
.text:000000000040106B                 mov     edi, offset aAs ; "%as"
.text:0000000000401070                 mov     eax, 0
.text:0000000000401075                 call    scanf
.text:000000000040107A                 mov     rcx, [rbp+var_8]
.text:000000000040107E                 mov     rax, cs:first_half ; "K008JJ"
.text:0000000000401085                 mov     edx, 6
.text:000000000040108A                 mov     rsi, rcx
.text:000000000040108D                 mov     rdi, rax
.text:0000000000401090                 call    strncmp
.text:0000000000401095                 test    eax, eax
.text:0000000000401097                 jnz     short loc_4010B2
.text:0000000000401099                 mov     rax, [rbp+var_8]
.text:000000000040109D                 add     rax, 6
.text:00000000004010A1                 mov     esi, offset aDbvm4a ; "dBVm4A"
.text:00000000004010A6                 mov     rdi, rax
.text:00000000004010A9                 call    strcmp
.text:00000000004010AE                 test    eax, eax
.text:00000000004010B0                 jz      short loc_4010D2

Le code est trivial, les 6 premiers caractères du password sont comparés à “K008JJ” et les suivants à “dBVm4A”. 

$ ./crackme-04
Welcome to the crackme !!!

Password: K008JJdBVm4A
Excellent, you succeed !
hackingweek_2014/reverse/reverse4.1394215783.txt.gz · Dernière modification: 2017/04/09 15:33 (modification externe)

Outils de la Page

Sauf mention contraire, le contenu de ce wiki est placé sous la licence suivante : CC Attribution-Share Alike 3.0 Unported
CC Attribution-Share Alike 3.0 Unported Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki