Alright, so here we have crackme4. It is going to be the most challenging crackme we have done yet but it should be awesome! We can see that its asking for 4 different things. If we type in any letters the program will crash but the program seems to accept numbers only. This is most probably because the variable type that it is storing the data as is an integer. We cannot put letters in an integer! So in the future if you are working with other crackmes and you experience something like that, then you know whats up! You will want to load up the program in olly, load up the program to where we get output on the screen and then search for strings!
Alright so we have made it to the 3rd part of our series awesome. In part 2 we learned how our decimal value is transformed to hexadecimal in the debugger. Now we will move on to a sequence or series of numbers. We will use the same skills we learned in the last couple parts and apply it to part 3. This will just take a little bit longer since we are dealing with multiple values. We will also learn to pay attention to a couple other things as we go along!
I go ahead and load the program in the debugger and locate the following text strings.
Welcome to part 2 of the mini-series on reversing!
We decided to keep the write up's free for the community. However I am also doing a video series for those of you who want to watch videos. The entire mini-series is only $10.00!! If you are interested, check out the store. As I go along with the write up's I will also be uploading the new videos.
I will not be as detailed in this one as I was in the last write up. Study the previous write up and you should have no problems with this one!
Alright lets dig into the 2nd crackme!
So this crackme is almost just like the 1st one. If you want to take the proper steps in identifying the file then go ahead! If not, it is a portable executable 32 - MZ - Windows executable. As we go through the different crackme's we will progress and learn new things with each one.
Welcome to the first post of a mini-series that I will be doing on reversing. If you plan on doing our upcoming CTF which has yet to be announced yet, there will probably be some reversing challenges and this little series may help you out. If you are not a CTF player, you are welcome to participate!
First things first, I am not a reverse engineer but I aspire to keep learning the needed skills. I am currently taking the ARES course from elearnsecurity. Its been a hobby of mine for a few years now.
Second thing, you may want to use a virtual machine with a few reversing tools installed such as ollydbg, IDA, CFF Explorer, PEiD, PEView, and HxD hex editor. There are a bunch of tools that do similar or same things, its just a matter of preference and opinion. Especially if you are wanting to look at malware or other malicious files. Obviously, run those types of things in a VM!
Third thing, All of the executable files that I will be showing are my own creation. So I will not only be able to show you the operation of the executable, but I can also show you the source code. It might be some nerd stuff to do but its quite fun and educational to debug your own programs.
We need to first identify the file. We can do this a number of ways, I will be running the file in CFF explorer. Depending on the executable, sometimes we may choose to use a debugger and sometimes we may use something like a decompiler.
We can see from the above shots that its a portable executable 32 and in the Hex Editor view, we can see the file header begins with 4D5A which = MZ. This is the proper header of a windows executable.
Lets go ahead and run the application to get the gist of what kind of user interaction it requires.
So in my spare time I will sometimes create vuln VM challenges, reverse engineering challenges etc. For me I get to see all the cool ways that different people solve problems etc. In my mind, I have my method of how I go about doing things so it's cool to see how others approach the same things and what their thought process is. Big shout out to vulnhub.com for hosting my latest VM challenges. Here are a couple RE challenges that I have come up with. I have also submitted them to crackmes.de but they are waiting for approval. Feel free to take a crack at these and submit a write up or video on how you solved them!
Scott "R4v3N", co-founder and trainer for Top-Hat-Sec.