syscall59
Published in

syscall59

[Reverse Engineering] Crackme2-be-D4RK_FL0W Walkthrough

This is a walkthrough for the second crackme of this series.

Here’s the main function. Here we can see there’s a function call to the “xxx” function right after the input is received.

Here’s the meat of the crackme. Inside the “xxx” function the password is generated:

If we step through this function in gdb we can see the generated string is “isAAthisFunBBCCD

Another good way to solve this is by tracking the library calls using ltrace

You can see here that the string “isAAthisFun” appears as the return value for the last strcat() being called right before the password check.

And that’s the password! That’s it!

--

--

--

Hacking/Infosec writeups and articles

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Syscall59 — Alan Vivona

Syscall59 — Alan Vivona

Golang, Python, Javascript, Linux & Infosec. https://twitter.com/syscall59

More from Medium

HTB | Driver

Blueprint-TryHackMe[CTF Walkthrough]

Hack the box: backdoor write-up

Pickle Rick TryHackMe