[Reverse Engineering] Crackme2-be-D4RK_FL0W Walkthrough

Syscall59
Syscall59
Jul 16 · 2 min read

This is a walkthrough for the second crackme of this series.

Here’s the main function. Here we can see there’s a function call to the “xxx” function right after the input is received.

Here’s the meat of the crackme. Inside the “xxx” function the password is generated:

If we step through this function in gdb we can see the generated string is “isAAthisFunBBCCD

Another good way to solve this is by tracking the library calls using ltrace

You can see here that the string “isAAthisFun” appears as the return value for the last strcat() being called right before the password check.

And that’s the password! That’s it!


syscall59

Shellcode for the masses

Syscall59

Written by

Syscall59

Twitter: @syscall59 | medium.syscall59.com | syscall59@protonmail.com

syscall59

syscall59

Shellcode for the masses