TryHackMe: Reverse Engineering

tryhackme Reverse Engineering write-up

• Name: Reverse Engineering
• Description: This room focuses on teaching the basics of assembly through reverse engineering.
• Room: tryhackme.com

crackme1

./crackme1.bin

strings ./crackme1.bin

Some strings may be flagged, such as hax0r

Debugging and analysis

radare2 -Ad ./crackme1.bin

List of functions

afl

There is a main function

pdf @main

We need to check the value of the variable being compared to our input, to do this we set a breakpoint in strcmp.

db 0x5646de6007c7

Then we have to run the program to stop at the breakpoint we set

dc

pdf @main

Then we need to see the rsi register value

px @ rsi

As you can see, the first part is the value that is compared to the input

crackme2

./crackme2.bin

the program strings

There does not seem to be a flag in the strings

Debugging and analysis

radare2 -Ad ./crackme2.bin

List function

afl

main function

pdf @main

There’s comparison with value.

Convert hex to decimal with python

flag: 4988

crackme3

./crackme3.bin

the program strings

strings ./crackme3.bin

There does not seem to be a flag in the strings

Debugging and analysis

radare2 -Ad ./crackme3.bin

List function

afl

pdf @main

There are a number of strings that may be the flag😉

Set breakpoint

db 0x55f251800797

db 0x55f25180079b

Run program til breakpoint

dc

pdf @main

We examine the value of the variable var28_h

check the value

px @ rbp-0x28

flag: azt

thank you 🌏🔥