HackMD
Crackme1
用 IDA 打開後,小改一下程式
#include <stdio.h>
#include <string.h>
int main() {
char s[32]; // [rsp+10h] [rbp-90h] BYREF
int v5[27]; // [rsp+30h] [rbp-70h]
unsigned int i; // [rsp+9Ch] [rbp-4h]
v5[0] = 37;
v5[1] = 43;
v5[2] = 32;
v5[3] = 38;
v5[4] = 58;
v5[5] = 45;
v5[6] = 46;
v5[7] = 51;
v5[8] = 30;
v5[9] = 51;
v5[10] = 39;
v5[11] = 32;
v5[12] = 51;
v5[13] = 30;
v5[14] = 42;
v5[15] = 40;
v5[16] = 45;
v5[17] = 35;
v5[18] = 30;
v5[19] = 46;
v5[20] = 37;
v5[21] = 30;
v5[22] = 36;
v5[23] = 43;
v5[24] = 37;
v5[25] = 60;
v5[26] = -65;
memset(s, 65, 27);
for (i = 0; i <= 0x1A; ++i)
s[i] += (char)v5[i];
puts(s);
return 0;
}
flag{not_that_kind_of_elf}
Crackme2
直接用 r2 打開看,就可以看到 password
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ./crackme2 super_secret_password
Access granted.
flag{if_i_submit_this_flag_then_i_will_get_points}
Crackme3
用 r2 打開看發現這次的 password 變成 base64 , decode 後就是這題答案
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
┌──(kali㉿G)-[/tmp]
└─$ echo "ZjByX3kwdXJfNWVjMG5kX2xlNTVvbl91bmJhc2U2NF80bGxfN2gzXzdoMW5nNQ==" | base64 -d
f0r_y0ur_5ec0nd_le55on_unbase64_4ll_7h3_7h1ng5
Crackme4
觀察後可以發現是用 strcmp 做比較用 ltrace 追中,即可看到答案
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ./crackme4
Usage : ./crackme4 password
This time the string is hidden and we used strcmp
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ltrace ./crackme4 adsf
__libc_start_main(0x400716, 2, 0x7ffca957ed28, 0x400760 <unfinished ...>
strcmp("my_m0r3_secur3_pwd", "adsf") = 12
printf("password "%s" not OK\n", "adsf"password "adsf" not OK
) = 23
+++ exited (status 0) +++
Crackme5
同上
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ./crackme5 adsf
Enter your input:
asdf
Good game
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ltrace ./crackme5 adsf
__libc_start_main(0x400773, 2, 0x7ffffac06388, 0x4008d0 <unfinished ...>
puts("Enter your input:"Enter your input:
) = 18
__isoc99_scanf(0x400966, 0x7ffffac06220, 0, 0x7f324c3504e0
d
) = 1
strlen("d") = 1
strlen("d") = 1
strncmp("d", "OfdlDSA|3tXb32~X3tX@sX`4tXtz2\177", 28) = 21
puts("Good game"Good game
) = 10
+++ exited (status 0) +++
ans:OfdlDSA|3tXb32~X3tX@sX`4tXtz2
Crackme6
用 IDA 追中到這個 function 是做密碼檢查
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
分別把那些數值轉ASCII,得知密碼
1337_pwdCrackme7
整個流程大致長這樣
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
其中追中到右下角那部分
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
可以發現拿到 flag 的神奇數字
0x7a69┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ./crackme7
Menu:
[1] Say hello
[2] Add numbers
[3] Quit
[>] 31337
Wow such h4x0r!
flag{much_reversing_very_ida_wow}
Crackme8
分析完程式後,直接 patch 把原本的 je 0x8048502 改成 jne 0x8048502
Image Not Showing
Possible Reasons
- The image was uploaded to a note which you don't have access to
- The note which the image was originally uploaded to has been deleted
┌──(kali㉿G)-[/mnt/d/Users/cheng/Downloads]
└─$ ./crackme8 asdf
Access granted.
flag{at_least_this_cafe_wont_leak_your_credit_card_numbers}
