radare-doc 1:1.5.2-6 / usr / share / doc / radare-doc / html / Section22.2.3.html

This file is indexed.

/usr/share/doc/radare-doc/html/Section22.2.3.html is in radare-doc 1:1.5.2-6.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below. 

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=US-ASCII">
<title>Level 0x02 - nop a jump</title>
<link rel="previous" href="Section22.2.2.html">
<link rel="ToC" href="contents.html">
<link rel="next" href="Section22.2.4.html">
</head>
<body>
<h1><a name="ioli-02"></a>22.2.3 Level 0x02 - nop a jump</h1>
<p>
Let's run the crackme:
</p>
<pre><code> $ ./crackme0x02
 IOLI Crackme Level 0x02
 Password: foo
 Invalid Password!
</code></pre>
<p>
As we can see, the goal is to patch the binary file to accept any password. We will proceed as in the previous level, first we open the file with radare, change the seek to sym.main and create a code graph:
</p>
<pre><code> $ radare crackme0x02
 open ro crackme0x02
 Adding strings &amp; symbol flags for crackme0x02
 14 symbols added.
 6 strings added.
 [0x08048330]&gt; s sym.main
 [0x080483E4]&gt; ag
</code></pre>
<p>
TODO: http://radare.nopcode.org/img/wk/crackme0x02-sym.main.png
</p>
<p>
Let's take a closer look at the disassembly:
</p>
<p>
TODO: http://radare.nopcode.org/img/wk/crackme0x02_pD_sym.main.png
</p>
<p>
This time the condition that makes the code branch is a jnz (jump if not zero), so if we make the jump we'll go through the "invalid password" block. We have to nop the jump to make the instruction pointer go to the next instruction, which will make the code flow to the "password ok" block.
</p>
<p>
To crack that, we open the file in write mode, and write two nop's (0x90) in the right place, substituting the "jnz" opcode, and use the print hex and print disassembly commands to make sure we've patched it correctly:
</p>
<p>
TODO: http://radare.nopcode.org/img/wk/crackme0x02-patch.png
</p>
<p>
Here's the graph output of the cracked program:
</p>
<p>
TODO: http://radare.nopcode.org/img/wk/crackme0x02-sym.main_cracked.png
</p>
<p>
Now just try if it works:
</p>
<pre><code> $ ./crackme0x02
 IOLI Crackme Level 0x02
 Password: foo
 Password OK :)
</code></pre>
<p>
Done! :D
</p>

<!-- version IDs:
$Id: radare.but 2009-04-25 pancake $
-->
</body>
</html>

APT Browse - Built by Thomas Orozco.