# Modern BinaryExploitation Writeups-0x03

This is the 3rd writeup of Tools and Basic Reverse Engineering by RPISEC, a subpart of Modern Binary Exploitation Course.

Link of lectures:- http://security.cs.rpi.edu/courses/binexp-spring2015/

All the lecture materials and other necessary files are available on the above link to check it out.

⬅️ Previous writeup__________________________________ Next WriteUp ➡️

### crackme0x01

`\$./crackme0x01`

`radare2 crackme0x01 [0x08048330]> aaa[0x08048330]> pdf @ main`
• aa:- analyze all.
• aaa:- analyze all with more info.
• pdf:- print disassemble function.

At the location 0x0804842b there is cmp(compare) of local_4h with 0x149a. local_4h is a variable in which we store the input(password).

Input the 0x149a(comapred value) as a int(5274).

Cracking using gdb

`\$gdb crackme0x01gdb-peda\$ disassemble main`
`gdb-peda\$ break *0x0804842bBreakpoint 1 at 0x804842bgdb-peda\$ run`

0x804842b cmp DWORD PTR [ebp-0x4],0x149a. PTR [ebp-0x4] is the variable which take the input(password) and compare with the 0x149a.

DWORD:- it refers to the double word, doubleword is 32 bit or 4 bytes(8 bit =1 byte).

PTR:- Abbreviation of Pointer.

[ebp-0x4]:- subtract 4 bytes from the ebp(base pointer) register, so now it is pointing to the first local variable of the subroutine.

`\$p/d 0x149a`
• p:- print command (abbreviated p )
• d:- Print as an integer in signed decimal.
`\$p/u 0x149a`
• p:- print command (abbreviated p )
• u:- Print as an integer in unsigned decimal.

Converting ‘0x149a’ using python

``\$ python -c "print 0x149a"``

Special thanks to Aleksey Covacevice for helping me.

Thanks for reading! If you enjoyed this story, please click the 👏 button and share to help others! Feel free to leave a comment 💬 below. Have feedback? Let’s connect on Twitter.