noracodes / crackmes Goto Github PK
View Code? Open in Web Editor NEWSome CrackMe codes for Linux x86/x86_64
Some CrackMe codes for Linux x86/x86_64
i can't access the tutorial, is it temporary downtime ?
First of all, thank you for making the article.
I'm running Linux debian 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64 GNU/Linux
Here is the error. What am I missing?
root@debian:/usr/local/src/crackmes# make
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme07.c -o crackme07.64
objcopy -N FILE crackme07.64
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme01e.c -o crackme01e.64
objcopy -N FILE crackme01e.64
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme05e.c -o crackme05e.64
crackme05e.c: In function ‘check_with_mod’:
crackme05e.c:17:5: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
for (int i = 0; i < n; i++) {
^
crackme05e.c:17:5: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
Makefile:14: recipe for target 'crackme05e.64' failed
make: *** [crackme05e.64] Error 1
Hi there!
I've had a lot of fun cracking your CrackMe. Thanks for that!
In your makefile, you are using no optimization -O1. While this create a more straight forward disassembled code, it is also less challenging than the -O3. More over, the latter is more representative of the real life, I suppose.
I would suggest that you create a configuration script which choose between "easy" (-O1), "medium" (-O2) or "hard" (-O3) level!
Thanks for your tutorial. :)
So, if there’s a zero at
argv[1][1]
, we jump to 0x761. Where is that? It’s the block we just reversed above; it prints the success string and exits with the return code of 0. Our pseudocode looks like this:int main(int argc, char** argv){ if (argc != 2) { puts("Need exactly one argument."); return -1; } if (argv[1][0] == 0 || argv[1][1] == 0) { printf("Yes, %s is correct.", argv[1]); return 0; } if (argv[1][0] != 'o') { printf("No, %s is not correct.", argv[1]); return 1; } // Magic happens here }
This pseudocode (and the one below it) suggests that any single-character password will work: If you pass a one character to the program, it would check whether it's length 0 (which it is not) and then whether it's length 1, which it is and then proceed to print that the password is correct. But this doesn't seem to be the case.
Also, any longer password is also accepted because the program just stops checking after the comparison of the first 9 characters with "o'rrvnqc0"
is done. This means that passwords like "o'rrvnqc01"
or"o'rrvnqc0abcdefghijklmnopqrstuvwxyz
" also work. [I had to replace ` by ' in the code fragments because I don't know how to escape ` in code fragments.]
Hi,
there's maybe a typo in tutorial:
This is really all we need. Simply adding one to each letter of password1 in ASCII gives us “o`rrvnqc0”.
I guess it should be "subtracting one". Same for reversed code:
if (argv[1][i] != comparison[i] + 1)
should be
if (argv[1][i] != comparison[i] - 1)
as it is in crackme02.c
.
assembly code different in ubuntu installed in virtualbox
On Ubuntu 16.04.03 running make I get the error make: Nothing to be done for 'crackme01.c'.
Running gcc -o <output_file> compiles the file correctly. (as far as I can tell)
Basically the title. Is there a reason make all
doesn't work, and make
seems to actually trigger make clean
?
My naive impression was that make
with no arguments should build everything.
The blog post says
However, it’s impossible (from the command line) to inject a command line argument whose first byte is zero;
It's possible to do that:
$ ./crackme02.64 ""
Yes, is correct!
Hello NoraCodes , I think there is a problem with Crackme05 , i read your writeup and i solve it also , your solution was
EEBD,,,,2222QQOO,
i compile that c code in ARMV8 (64bit) ,and it does not work ,
BTW My answer is
AABAAAAAAAAAAQAA
and here is how i solve it
def find_mod(input,n, mod):
z = [ord(c) for c in input]
x = []
for i in range(len(z)-1):
for sum in range(n):
f = z[i]+sum
if (f % mod == 0):
print(chr(z[i]) +" << Found")
x.append(chr(f))
print(x)
return x
Hello, I'm new to Reverse Engineering and thank you from providing the tutorial. I encountered one issue under crackme03.c that as I have installed Radare2 and run r2 ./crackme03.64, I get a prompt like [0x000005d0]>, but when I enter afl, no result is returned. Any possible cause and/or solution to this issue? (Debian 9/Radare2 v3.0.1)
I know I am reviving an old github repo, but still it may be useful to someone else.
Crackme n°9 states that:
// Require that the input string pass a state machine matching:
// Qz+327x*n+[l9]+
This is almost true except it should be:
// Require that the input string pass a state machine matching:
// Qz+327x*n{2,}[l9]+
The difference being that there should be at least two 'n' characters.
Hi Leo,
Nice work on the tutorial!
You mentioned the incremental nature of the crackme02 password (first letter alone works, first 2 letters, first 3 letters). Its also interesting that an empty password works for the same reason.
./crackme02.64 ""
Yes, is correct!
regards
Bradain
First of all let me saying I'm enjoying this tutorial series just AF so thanks a lot!
I don't know if this is an issue or not (in case i hope you will accept my aplogize), but i will leave it here for you to check.
The thing is this, looking at control flow graph generated with radare2, I noticed that immediately after the check for the correct number of arguments, there was a "shortcut" (highlighted in yellow in the picture) to the "is correct" statement.
In fact the flow reaches the "is correct" statement immediately if the the result of test al, al
is positive, and since the al
register is determined by the user input, if the user input the NUL character ( ''
) the flow will reach "is correct".
Also further analysis made me discover that it will accept not only o'rrvnqc0' but also all of this:
o
o'
o'r
o'rr
o'rrv
o'rrvn
o'rrvnq
o'rrvnqc
o'rrvnqc0
and as said before it will also accept:
''
After i found this, I looked at the code and I think it makes sense; I can't wait to know your opinion about this. Thanks again 😄
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.