Target: rezk2ll’s Crackme_Nasm
URL: http://www.crackmes.de/users/rezk2ll/crackme_nasm/
Protection: Code.
Description: Crackme with a code.
Tools: objdump / x86 assembly knowledge.
First disassemble the crackme and take a look at what it does.
objdump -d -M intel CrackMe_ASM
CrackMe_ASM: file format elf32-i386
Disassembly of section .text:
08048080 <_start>:
8048080: b8 04 00 00 00 mov eax,0x4 ; sys_write
8048085: bb 01 00 00 00 mov ebx,0x1 ; stdout
804808a: b9 70 91 04 08 mov ecx,0x8049170 ; variable to use
804808f: ba 07 00 00 00 mov edx,0x7 ; length 0x7
8048094: cd 80 int 0x80 ; syscall
8048096: b8 03 00 00 00 mov eax,0x3 ; sys_read
804809b: bb 00 00 00 00 mov ebx,0x0 ; stdin
80480a0: b9 a8 91 04 08 mov ecx,0x80491a8 ; variable to use
80480a5: ba 0b 00 00 00 mov edx,0xb ; length 0xb
80480aa: cd 80 int 0x80 ; syscall
80480ac: b8 b3 91 04 08 mov eax,0x80491b3 ; move variable to eax
80480b1: c6 00 53 mov BYTE PTR [eax],0x53 ; first char of variable = S
80480b4: 83 c0 01 add eax,0x1 ; increase index
80480b7: c6 00 33 mov BYTE PTR [eax],0x33 ; second char of variable = 3
80480ba: 83 c0 01 add eax,0x1 ; increase index
80480bd: c6 00 43 mov BYTE PTR [eax],0x43 ; third char of variable = C
80480c0: 83 c0 01 add eax,0x1 ; increase index
80480c3: c6 00 72 mov BYTE PTR [eax],0x72 ; fourth char of variable = r
80480c6: 83 c0 01 add eax,0x1 ; increase index
80480c9: c6 00 45 mov BYTE PTR [eax],0x45 ; fifth char of variable = E
80480cc: 83 c0 01 add eax,0x1 ; increase index
80480cf: c6 00 2b mov BYTE PTR [eax],0x2b ; sixth char of variable = +
80480d2: 83 c0 01 add eax,0x1 ; increase index
80480d5: c6 00 46 mov BYTE PTR [eax],0x46 ; seventh char of variable = F
80480d8: 83 c0 01 add eax,0x1 ; increase index
80480db: c6 00 6c mov BYTE PTR [eax],0x6c ; eight char of variable = l
80480de: 83 c0 01 add eax,0x1 ; increase index
80480e1: c6 00 34 mov BYTE PTR [eax],0x34 ; ninth char of variable = 4
80480e4: 83 c0 01 add eax,0x1 ; increase index
80480e7: c6 00 47 mov BYTE PTR [eax],0x47 ; tenth char of variable = G
80480ea: 83 c0 01 add eax,0x1 ; increase index
80480ed: c6 00 21 mov BYTE PTR [eax],0x21 ; eleventh char of variable = !
80480f0: 31 db xor ebx,ebx
80480f2: 31 c9 xor ecx,ecx
80480f4: 8b 0d b3 91 04 08 mov ecx,DWORD PTR ds:0x80491b3 ; eax ="S3CrE+Fl4G!"
80480fa: 8b 1d a8 91 04 08 mov ebx,DWORD PTR ds:0x80491a8 ; ebx = input
8048100: 39 d9 cmp ecx,ebx ; compare input to valid key
8048102: 75 0e jne 8048112 ; jump to failure method if not equal
8048104: eb 2c jmp 8048132 ; else jump to success method
8048106: e8 44 00 00 00 call 804814f
804810b: b8 01 00 00 00 mov eax,0x1
8048110: cd 80 int 0x80
08048112 :
8048112: b8 04 00 00 00 mov eax,0x4
8048117: bb 01 00 00 00 mov ebx,0x1
804811c: b9 8a 91 04 08 mov ecx,0x804918a
8048121: ba 1d 00 00 00 mov edx,0x1d
8048126: cd 80 int 0x80
8048128: e8 22 00 00 00 call 804814f
804812d: e9 4e ff ff ff jmp 8048080 <_start>
08048132 :
8048132: b8 04 00 00 00 mov eax,0x4
8048137: bb 01 00 00 00 mov ebx,0x1
804813c: b9 77 91 04 08 mov ecx,0x8049177
8048141: ba 13 00 00 00 mov edx,0x13
8048146: cd 80 int 0x80
8048148: b8 01 00 00 00 mov eax,0x1
804814d: cd 80 int 0x80
0804814f :
804814f: ba 01 00 00 00 mov edx,0x1
8048154: b9 be 91 04 08 mov ecx,0x80491be
8048159: bb 00 00 00 00 mov ebx,0x0
804815e: b8 03 00 00 00 mov eax,0x3
8048163: cd 80 int 0x80
8048165: 80 7c 11 ff 0a cmp BYTE PTR [ecx+edx*1-0x1],0xa
804816a: 75 e3 jne 804814f
804816c: c3 ret
If we try the key we found we get the success-text.
./CrackMe_ASM
Flag : S3CrE+Fl4G!
you are correct !
kza 