[Reverse Engineering] Crackme2-be-D4RK_FL0W Walkthrough

This is a walkthrough for the second crackme of this series.

Here’s the main function. Here we can see there’s a function call to the “xxx” function right after the input is received.

Here’s the meat of the crackme. Inside the “xxx” function the password is generated:

If we step through this function in gdb we can see the generated string is “isAAthisFunBBCCD”

Another good way to solve this is by tracking the library calls using ltrace

You can see here that the string “isAAthisFun” appears as the return value for the last strcat() being called right before the password check.

And that’s the password! That’s it!

Syscall 59 (@syscall59) | Twitter