tryhackme Reverse Engineering write-up
- Name: Reverse Engineering
- Description: This room focuses on teaching the basics of assembly through reverse engineering.
- Room: tryhackme.com
crackme1
./crackme1.bin
strings ./crackme1.bin
Some strings may be flagged, such as hax0r
Debugging and analysis
radare2 -Ad ./crackme1.bin
List of functions
afl
There is a main function
pdf @main
We need to check the value of the variable being compared to our input, to do this we set a breakpoint in strcmp.
db 0x5646de6007c7
Then we have to run the program to stop at the breakpoint we set
dc
pdf @main
Then we need to see the rsi register value
px @ rsi
As you can see, the first part is the value that is compared to the input
crackme2
./crackme2.bin
the program strings
There does not seem to be a flag in the strings
Debugging and analysis
radare2 -Ad ./crackme2.bin
List function
afl
main function
pdf @main
There’s comparison with value.
Convert hex to decimal with python
flag: 4988
crackme3
./crackme3.bin
the program strings
strings ./crackme3.bin
There does not seem to be a flag in the strings
Debugging and analysis
radare2 -Ad ./crackme3.bin
List function
afl
pdf @main
There are a number of strings that may be the flag😉
Set breakpoint
db 0x55f251800797
db 0x55f25180079b
Run program til breakpoint
dc
pdf @main
We examine the value of the variable var28_h
check the value
px @ rbp-0x28
flag: azt
thank you 🌏🔥