Researchs
  • About Me
  • Bypassing DEP - Increasing the Gap
  • Hijacking Cloud CI/CD Systems for Fun and Profit
  • Found some Access Keys?
  • AWS Cloud Security
    • AWS Cloud Researchs
      • AWS and the Secrets Exposed on Public ECR Repository
    • Hacking API Gateway
      • API Gateway - Security
      • API Gateway API Calls
    • Hacking S3
      • S3 - Security
      • S3 API Calls
    • Hacking Cognito
      • Cognito - Security
      • Cognito - API Calls
    • Hacking Lamda
      • Lambda - Security
      • Lambda - API Calls
    • Hacking Cloudbuild
      • Cloudbuild - Security
      • Cloudbuild - API Calls
    • AWS Services
  • Windows Security Research
    • Exploit Development
      • RTCore64.sys - CVE-2019-16098
      • Mouse Server
      • mskssrv.sys - CVE-2023–29360
    • Fuzzing
      • WTF
  • Supply Chain Research
    • Abusing Netlify Functions
  • Reverse Engineering
    • Reversing.kr
      • Easy_CrackMe
      • Easy KeyGen
  • Failed Research Attempts
    • Github Actions - Cloud
    • CloudTrail
Powered by GitBook
On this page
  1. Reverse Engineering
  2. Reversing.kr

Easy_CrackMe

PreviousReversing.krNextEasy KeyGen

Last updated 2 years ago

We will be solving the Easy_CrackMe challenge.

Download Location :

Static Analysis

Opening the binary in IDA shows the graph view of the entry function WinMain . The below function shows a call to DialogBoxParamA which performs call to function DialogFunc as callback.

int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,int nShowCmd){
    DialogBoxParamA(hInstance,0x65,0,DialogFunc,0);
    return 0;
}

Lets disassemble DialogFunc function. This function in turns does some checks and calls sub_401080 function. The computational checks if failed, would exit the program.

int DialogFunc(HWND arg1,int arg2,int arg3){
    if(arg2==0x111){
        if((unsigned)arg3 == 2){
            EndDialog(arg1,2);
            return 1;
        }
        else if(arg3 == 0x3E7){
            sub_401080(arg1);
            return 1;
        }
    }
    return 0;
}

The sub function now seems interesting so lets deep dive into sub_401080. The following shows the disassembled view of sub function.

The if condition denotes that in the whole string the 2nd character i.e string[1] is 97 i.e a. string[0] is 69 i.e first character of string is E. Next string[2] equals Str2 i.e 5y. The remaining string[4] equals aR3versing i.e R3versing.

String = Ea5yR3versing.

Reversing.kr