💻Problem
- Topic: You are given an .exe file named Easy_CrackMe.exe. When launching the program, a window will appear and ask for a password.
- Objective: Learn and decompile the source code to find the correct password for the application.
🤔Overview
Here I use Linux so there are a few different things.
- When launching the application, a window appears as follows:
- Enter a password (Here I enter any string) and press the ?? The following notification window appears:
=> This means maybe the logic of the application is to check if the user inputted data matches a predefined value by the programmer. Otherwise, the "Incorrect Password" message window will return as shown above.
=> So here we need to find a way to read the password value previously defined by the programmer to overcome this challenge.
🚩Let’s go
First, we need to use a debugger program to view the machine code of this program. Here, I use IDA Free.
Start IDA with Eazy_CrackMe.exe, a window will open with Eazy_CrackMe.exe's program startup function:
In this Function, it called a other function is DialogFunc
Double click on this function name to view its source code
Here, there are many things, but we just need to pay attention to one more called function, sub_401080, continue to look at its source code and can see its structure as shown below:
Here, you can also use the pseudo code generation function to make it easier (Press F5), but I will not use it because I can clearly understand the program using machine code and feel more difficult >.<
Looking through this function, we can see that this is the function that will check the entered password that we are looking for.
Now, we just need to look at the logic and figure out how it checks to know the correct password.
First, at the beginning of the function, it will declare a String with 100 characters (0x64 - 64h). This string then saves the value entered from the Easy_CrackMe program user window using the GetDlgItemTextA function.
Continuing, the program starts comparing the input string stored in String with a fixed number of strings.
Here, the program has compared the character at position 2 (array index is 1 - 63h) with 61h (which is the ascii code of 'a').
The program continues to compare the next two characters of the String with the string "5y”.
The next code looks complicated, but its purpose is to compare the remaining characters of the String with the string "R3versing”
At the end of the comparison before giving the password test results, the program compares the first character of the String with the character 'E' (45h).
So the password after concatenating all the above strings will be "Ea5yR3versing".
Let’s double check with this password
Okay, mission impossible is not impossible hehe ^.^
💡 Password is: Ea5yR3versing