Easy_CrackMe

We will be solving the Easy_CrackMe challenge.

Download Location : Reversing.kr

Static Analysis

Opening the binary in IDA shows the graph view of the entry function WinMain . The below function shows a call to DialogBoxParamA which performs call to function DialogFunc as callback.

int WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine,int nShowCmd){
    DialogBoxParamA(hInstance,0x65,0,DialogFunc,0);
    return 0;
}

Lets disassemble DialogFunc function. This function in turns does some checks and calls sub_401080 function. The computational checks if failed, would exit the program.

int DialogFunc(HWND arg1,int arg2,int arg3){
    if(arg2==0x111){
        if((unsigned)arg3 == 2){
            EndDialog(arg1,2);
            return 1;
        }
        else if(arg3 == 0x3E7){
            sub_401080(arg1);
            return 1;
        }
    }
    return 0;
}

The sub function now seems interesting so lets deep dive into sub_401080. The following shows the disassembled view of sub function.

The if condition denotes that in the whole string the 2nd character i.e string[1] is 97 i.e a. string[0] is 69 i.e first character of string is E. Next string[2] equals Str2 i.e 5y. The remaining string[4] equals aR3versing i.e R3versing.

String = Ea5yR3versing.