[Reverse Engineering] Crackme2-be-D4RK_FL0W Walkthrough

This is a walkthrough for the second crackme of this series.

Here’s the main function. Here we can see there’s a function call to the “xxx” function right after the input is received.

Here’s the meat of the crackme. Inside the “xxx” function the password is generated:

If we step through this function in gdb we can see the generated string is “isAAthisFunBBCCD

Another good way to solve this is by tracking the library calls using ltrace

You can see here that the string “isAAthisFun” appears as the return value for the last strcat() being called right before the password check.

And that’s the password! That’s it!


Syscall59 — by Alan Vivona

Written by

Twitter: @syscall59 | medium.syscall59.com | syscall59@protonmail.com

syscall59

syscall59

Shellcode for the masses

Welcome to a place where words matter. On Medium, smart voices and original ideas take center stage - with no ads in sight. Watch
Follow all the topics you care about, and we’ll deliver the best stories for you to your homepage and inbox. Explore
Get unlimited access to the best stories on Medium — and support writers while you’re at it. Just $5/month. Upgrade