TryHackMe: Reverse Engineering

tryhackme Reverse Engineering write-up

  • Name: Reverse Engineering
  • Description: This room focuses on teaching the basics of assembly through reverse engineering.
  • Room: tryhackme.com

crackme1

./crackme1.bin

strings ./crackme1.bin

Some strings may be flagged, such as hax0r

Debugging and analysis

radare2 -Ad ./crackme1.bin

List of functions

afl

There is a main function

pdf @main

We need to check the value of the variable being compared to our input, to do this we set a breakpoint in strcmp.

db 0x5646de6007c7

Then we have to run the program to stop at the breakpoint we set

dc

pdf @main

Then we need to see the rsi register value

px @ rsi

As you can see, the first part is the value that is compared to the input

crackme2

./crackme2.bin

the program strings

There does not seem to be a flag in the strings

Debugging and analysis

radare2 -Ad ./crackme2.bin

List function

afl

main function

pdf @main

There’s comparison with value.

Convert hex to decimal with python

flag: 4988

crackme3

./crackme3.bin

the program strings

strings ./crackme3.bin

There does not seem to be a flag in the strings

Debugging and analysis

radare2 -Ad ./crackme3.bin

List function

afl

pdf @main

There are a number of strings that may be the flag😉

Set breakpoint

db 0x55f251800797

db 0x55f25180079b

Run program til breakpoint

dc

pdf @main

We examine the value of the variable var28_h

check the value

px @ rbp-0x28

flag: azt

thank you 🌏🔥

--

--

--

Computer student and interested in programming and security

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Object-Oriented Coding in Python

Basics of HTML !

SETTING UP WALLET, BUYING TOKENS AND PORIANS

Great products are built by people who find meaning in them

ChiPy Mentorship Program Blog Post #2

Unit-Testing

Who coined the term ‘Continuous Deployment’?!

Who coined the term Continuous Deployment?! | @iSwamiK

4 Really Small Things That Say a Lot about You Hint: It’s not what you say.

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Hassan Mohammadi

Hassan Mohammadi

Computer student and interested in programming and security

More from Medium

Oh My Webserver — Writeup

Breaking the ICE

Cybersploit 1 Walkthrough — Vulnhub

Log4Shell Part 2: Discovery, Mitigation, and a Digital Vaccine!