Simple crackme Walkthrough

(Updated: )
,
reference kawaii-flesh's Simple crackme

Scan with DIE:

pdf @ main:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
lea rax, qword [var_1a0h]    ; rax = address of variable var_1a0h
mov edx, 3                   ; edx = 3
mov esi, 0x20                ; esi = 0x20
mov rdi, rax                 ; rdi = rax
call 0x562911b75179          ; what does this function do

mov rdx, rax                 ; rdx = rax
lea rax, qword [var_110h]    ; rax = address of variable var_110h
mov rsi, rdx                 ; rsi = rdx
mov rdi, rax                 ; rdi = rax
call sym.imp.strcmp          ; if rsi and rdi is the same, eax = 0      ; memory of rax and rdx should be equal
                             ; if rsi and rdi not the same, eax = 1
test eax, eax                ; cmp eax, 0
sete al                      ; if zf = 1, al = 1
                             ; if zf = 0, al = 0
test al, al                  ; cmp al, 0

I don’t know why r2 doesn’t disassemble this function.
So I use cutter (still based on r2..) and ghidra.

Add several breakpoints, dc to mov rdx, rax to finish executing function 0x562911b75179:

Now the program will compare the memory of rax and rdx as shown above in the comments:

proof

Crack the hash online:

  • disassemble with cutter:
  • decompile with ghidra: