{"id":126,"date":"2014-05-02T23:01:23","date_gmt":"2014-05-02T21:01:23","guid":{"rendered":"http:\/\/remchp.com\/blog\/?p=126"},"modified":"2017-02-16T17:56:06","modified_gmt":"2017-02-16T15:56:06","slug":"simple-crackme-with-radare2","status":"publish","type":"post","link":"https:\/\/futex.re\/blog\/?p=126","title":{"rendered":"Simple crackme with Radare2"},"content":{"rendered":"

Jvoisin<\/a> and Maijin<\/a>, a members of my hackerspace (Hackgyver)<\/a> always talk to me about Radare<\/a>, a new reverse engineering open source framework which they are working on.<\/p>\n

So i want to try it on a very simple Linux crackme.<\/p>\n

Classic and easy install, download it to the git<\/a>, configure, make and make install.<\/p>\n

The condemned binary’s called “Easy_ELF”<\/p>\n

Start to see who is it<\/p>\n

\"rabin2\"<\/p>\n

Sections:<\/p>\n

\"sections\"<\/p>\n

I want to see it’s strings.<\/p>\n

\"strings\"<\/p>\n

We have the good and bad boy and they offset \ud83d\ude42<\/p>\n

Try to launch the crackme:<\/p>\n

\"launch\"<\/p>\n

Ok, we can start static analysis, disassemble the 15 first lines<\/p>\n

\"start\"<\/p>\n

We arrive to the start function and we can see the main function start at 0x804851b.<\/p>\n

Show the 30 first lines of the main function<\/p>\n

\"begin\"<\/p>\n

We assumed the password check function is at 0x8048451<\/p>\n

\"check1\"<\/p>\n

The first cmp compare the second letter of the pass with 0x31, an the fifth with 0x58. <\/p>\n

All other characters is just xored.<\/p>\n

\"xor\"<\/p>\n

We have 0x4C 0x31 0x4E 0x55 0x58<\/p>\n

\"rax\"<\/p>\n

\"result\"<\/p>\n

\\o\/<\/p>\n

Radare support many architectures arm,x86, x86-64, gameboy, mips, sparc,… and many type of files, dex, bios, elf, PE, COFF. Radare team make a great work!<\/p>\n

So, i have try 1% of all Radare possibility the 99% others is here:<\/p>\n

Official web site<\/a><\/p>\n

Documentation<\/a><\/p>\n

rasm<\/a><\/p>\n

other crackme<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

Jvoisin and Maijin, a members of my hackerspace (Hackgyver) always talk to me about Radare, a new reverse engineering open source framework which they are working on. So i want to try it on a very simple Linux crackme. Classic … Continue reading →<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/posts\/126"}],"collection":[{"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=126"}],"version-history":[{"count":27,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/posts\/126\/revisions"}],"predecessor-version":[{"id":224,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=\/wp\/v2\/posts\/126\/revisions\/224"}],"wp:attachment":[{"href":"https:\/\/futex.re\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=126"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=126"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/futex.re\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=126"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}