Cracking levels

You can setup a github repo and link it here :)

mmmh, just happened a weird thing…
Logic told me that for making a crackme I just needed to code some C with some variables and thats all.

Like:

char msg1[] = "You loose", msg2[] = "You win";  
int flag = 0;  
if (flag == 0){  
printf("%s", msg1);  
}  
else{  
printf("%s", msg2);  
}  

But when I try to crack it, I can’t any of the strings.
Must add that I’m compiling it with Visual Studio 2017 community

Thanks :)

You don’t have a main function ‘-’ how can this even compile?

hahaha this only was a piece of the code,
of course I have the main function !!!

Just add the iostream library and imagine you have written already the main function line xD

LoL I’m not so n00b @r4v463

But when I try to crack it, I can’t any of the strings.
Master hacker at work here… Can’t wait for those challenges… :p

Sorry I wanted to say: I can’t see any of the strings

Because when you find where a string is called you can set breakpoint, look at the stack, and see in which address the code decides if jumps to that piece of code or not.

And please stop ridicule me hhaha xD

You ridicule yourself, I just make it more explicit. ;)

But yeah, I wasn’t even talking so much about forgetting the word, but the fact that you cannot find the strings. Here’s a suggestion: try looking at what the program puts on the stack. Because the strings seem to be local to the function, it probably “allocates” some stack space and movs the strings in there (q/d)word by (q/d)word.

@L00PeR they are not hard to find:

objdump -M intel -d a.out

Then take only the main.

0000000000400596 <main>: 400596: 55 push rbp 400597: 48 89 e5 mov rbp,rsp 40059a: 48 83 ec 40 sub rsp,0x40 40059e: 64 48 8b 04 25 28 00 mov rax,QWORD PTR fs:0x28 4005a5: 00 00 4005a7: 48 89 45 f8 mov QWORD PTR [rbp-0x8],rax 4005ab: 31 c0 xor eax,eax 4005ad: 48 b8 59 6f 75 20 6c movabs rax,0x736f6f6c20756f59 4005b4: 6f 6f 73 4005b7: 48 89 45 e0 mov QWORD PTR [rbp-0x20],rax 4005bb: 66 c7 45 e8 65 00 mov WORD PTR [rbp-0x18],0x65 4005c1: 48 b8 59 6f 75 20 77 movabs rax,0x6e697720756f59 4005c8: 69 6e 00 4005cb: 48 89 45 d0 mov QWORD PTR [rbp-0x30],rax 4005cf: c7 45 cc 00 00 00 00 mov DWORD PTR [rbp-0x34],0x0 4005d6: 83 7d cc 00 cmp DWORD PTR [rbp-0x34],0x0 4005da: 75 18 jne 4005f4 <main+0x5e> 4005dc: 48 8d 45 e0 lea rax,[rbp-0x20] 4005e0: 48 89 c6 mov rsi,rax 4005e3: bf b4 06 40 00 mov edi,0x4006b4 4005e8: b8 00 00 00 00 mov eax,0x0 4005ed: e8 7e fe ff ff call 400470 <printf@plt> 4005f2: eb 16 jmp 40060a <main+0x74> 4005f4: 48 8d 45 d0 lea rax,[rbp-0x30] 4005f8: 48 89 c6 mov rsi,rax 4005fb: bf b4 06 40 00 mov edi,0x4006b4 400600: b8 00 00 00 00 mov eax,0x0 400605: e8 66 fe ff ff call 400470 <printf@plt> 40060a: b8 00 00 00 00 mov eax,0x0 40060f: 48 8b 55 f8 mov rdx,QWORD PTR [rbp-0x8] 400613: 64 48 33 14 25 28 00 xor rdx,QWORD PTR fs:0x28 40061a: 00 00 40061c: 74 05 je 400623 <main+0x8d> 40061e: e8 3d fe ff ff call 400460 <__stack_chk_fail@plt> 400623: c9 leave 400624: c3 ret 400625: 66 2e 0f 1f 84 00 00 nop WORD PTR cs:[rax+rax*1+0x0] 40062c: 00 00 00 40062f: 90 nop

Can you see them now?

Are on 0x736f6f6c20756f59 and 0x6e697720756f59

I’m correct ?

Yes, this is the ascii representation in hexa. Just remind that it’s written backward.