Part : 1 [crackmes.one] — Beginner Friendly Reversing Challenges

4 min readNov 17, 2019

This series will contain explaination of some easy/medium crackmes I solved from crackmes.one,

Note : This writeup will not cover anything in depth , rather this is just my way of approaching reversing challenges(mainly Linux RE challs).

If you are new to Linux Reverse engineering you can refer this awesome article as a kickstarter.

Linux RE challenges will require basic understanding of Assembly too , you can check out this awesome 10 min video for grabbing basic concepts, You might find assembly a little bit difficult , but soon you will start falling in love with assembly ❤.

Skill set required :

Basic understading of Linux commands
Familiarity with assembly(x86)
Understanding of C/C++ code
And ofcourse brain.exe and catchy_eyes.exe

Tools Required :

Ghidra

Ghidra is a software reverse engineering (SRE) framework created and maintained by the National Security Agency Research Directorate. This framework includes a suite of full-featured, high-end software analysis tools that enable users to analyze compiled code on a variety of platforms including Windows, macOS, and Linux.

Radare2

Radare2 (also known as r2) is a complete framework for reverse-engineering and analyzing binaries; composed of a set of small utilities that can be used together or independently from the command line

Fun Fact : Radare2 made appearance in Mr.Robot too, I mean isnt it cooool?

Challenge 1 : easy keyg3nme

You can download this file from here (password : crackmes.one)

After extracting the downloaded zip file you will see a file named “keyg3nme”

Right now we have no idea what this file is , so lets run a file command on the given file

file command is used to determine the type of a file. .file type may be of human-readable(e.g. ‘ASCII text’) or MIME type(e.g. ‘text/plain; charset=us-ascii’). This command tests each argument in an attempt to categorize it.

[More about file command : https://www.geeksforgeeks.org/file-command-in-linux-with-examples/]

Output from file command :

from file command it is clear that keyg3nme is an ELF 64-Bit executable (non stripped).

Lets run this binary.

On running this binary , we are asked to enter a key, and obviously we don’t know the correct key, and on entering any random key we are getting a “nope” message. Our goal here is to find the correct key.

Lets run strings command to find out printable strings in this binary.

I found some interesting strings :

Enter your key :
Good job mate, now go keygen me [this will be displayed when user will enter the correct key]
nope [this will be displayed when user will enter the wrong key]

But unfortunately there is no hardcoded key present in the binary,neither any strcmp functions

Fun Fact : CTFs challenges arent just about strings challfile | grep flag

Lets Open this file in Ghidra for decompiling and analyzing function definitions.

on first time opening the binary in ghidra you will see this pop-up

Click on yes and then on analyze.

On this left side of the ghidra’s interface you will see symbol tree.

Search for main function and start analyzing the main function.

Note : As this is the first challenge in this series that’s why am analyzing decompiled C code , in the further challenges I might directly analyze assembly code(using radare2).

Main function

This code seems to be this pretty straightforward, lets breakdown the variables first.

ivar1 : It is just for returning status (if ‘1' then Pass)

local_14 : Our entered key

local_14 is getting passed in a function named validate_key, the returned result will be saved in ivar1 , and if that result is ‘1’ (ivar1 is 1)that means our entered key is correct.

Lets take a look at validate_key function.