nasm crack
Challenge description Link to heading
Title | Platform | Language | Difficulty |
---|---|---|---|
nasm crack | Unix/Linux | Assembler | 1.0 |
Welcome to this easy crackme. Program made with nasm for 64bit intel. Have fun! Can you receive the “Correct!” message?
Solution Link to heading
The first step is get informations about the file:
$ file nasm_crack
nasm_crack: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), statically linked, not stripped
It’s a basic 64 bits linux file.
Then we can open the file in Cutter
:
;-- correct_func:
0x00401000 mov eax, 1 ; [00] -r-x section size 162 named .text
0x00401005 mov edi, 1
0x0040100a movabs rsi, correct ; 0x402016
0x00401014 mov edx, 9
0x00401019 syscall
0x0040101b mov eax, 0x3c ; '<' ; 60
0x00401020 mov edi, 0
0x00401025 syscall
0x00401027 ret
;-- _start:
entry0();
0x00401028 mov eax, 1
0x0040102d mov edi, 1
0x00401032 movabs rsi, msg1 ; 0x402000
0x0040103c mov edx, 0x16 ; loc.len1
0x00401041 syscall
0x00401043 mov eax, 0
0x00401048 mov edi, 0
0x0040104d movabs rsi, input ; loc._edata
; 0x402031
0x00401057 mov edx, 0x10 ; 16
0x0040105c syscall
0x0040105e movabs rdi, passwd ; 0x402026
0x00401068 movabs rsi, input ; loc._edata
; 0x402031
0x00401072 mov ecx, 0xb ; 11
0x00401077 repe cmpsb byte [rsi], byte ptr [rdi]
0x00401079 je correct_func
0x0040107b mov eax, 1
0x00401080 mov edi, 1
0x00401085 movabs rsi, wrong ; 0x40201f
0x0040108f mov edx, 7
0x00401094 syscall
0x00401096 mov eax, 0x3c ; '<' ; 60
0x0040109b mov edi, 0
;-- msg1:
0x00402000 .string "Enter your password: "
We can now analyze the code.
Firstly, we can see there is a call to msg1
-> the sentence “Enter your password: " will appear on the screen.
Then we can see an input is asked then is stored in 0x402031
.
After this step we can see there is 0x10
set in edx -> the offset for the next string.
Now, the passwd
value is set in rdi
-> the string is supersecret
and then there is a comparison between our entry and this value.
If the both values are equals, then we move to correct function, else to the wrong function.
The correct function print Correct!
on the screen then done.
We can now check if dynamic:
./nasm_crack
Enter your password: supersecret
Correct!
That’s All Falks