x86 Assembly: Crack Challenge 1

Uncategorized Leave a comment

Dear Friends,

I would like to write a walkthrough of challege so that we can practice the reverse engineering more detail.

I have downloaded an application from crackme.one but you can download it here https://github.com/rioasmara/wordpress/raw/master/keyme.exe

This application is actually a simple DOS application that is asking you to input series of key and check it with its internal calculation and will give you a congratulation if the answer is correct

First load the application to IDA Pro and see what is the flow and behaviour of this application

Since it is keygen like application then you need to understand hex to ascii convertion table as below or you can access https://www.garykessler.net/library/ascii.html

First we can check what is the the calculation logic happen

The above code will check that the char that we input shall enqual to 16 chars. it use std::string::size() to return the size of array. the code cmp eax, 10h is comparing the size of array that returned from string::size in eax. 10h is equal to 16

Here whenever the user input the key into the application the first check that we need to pass is the condition that check our input less than @ or 64 because it use jle comparation. there you can see the command cmp byte ptr [eax], 40h jle loc_4015FA .Now you must be asking what is the char that it compare to. it will try to extract a char from the array using command __ZNSsixEj std::string::operator[](uint) where it requires two input which are the index and the array.

Based on the above command, it needs to push 0 and the array to the function so that we can conclude that it will get the char that sit on the index 0 and return it.

The second check that it check is the value of char in the first array which is index 0 shall greater than Z because it use the jg comparation

We can see the above two blocks of codes are basically checking the other char in the array. first it will ensure that at array index no. 0Bh = 11 is actually “.” and check another index that is no 8 the where key shall be “space” = 2Eh

OK thats is all the first 2 checks happen in the application. I will continue to check the code in the next posts.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s