Reverse Engineering - THM

For this room I used radare2. I know people are very opinionated about their debuggers and language, feel free to complain.

Seems I have been unable to post pictures, so just know that while you read you should be looking at your terminal after you issued the command

pdf @ main

in the radare console.

Task 1

The main function, after symbols and entry points analysis, is more than you need to solve this task.

I won't tell you where the password is, you should simply figure it out as it is already displayed on the console.

Task 2

Let's read this assembly code and figure out what it's doing. We need to understand when does the code perform the fundamental action of comparing our password with the correct one. You can see how the scanf function copies the read value in eax, which is then compared to 0x137c. Don't let this fool you, this is no address, but an actual value. Figure out what value it is (Google is your friend) and you have the password you were looking for.

Task 3

Again, your capability of spotting the extremely helpful comments of radare will get you through this even if you are no RE expert. Remember you need three characters, not a full password. What this code actually does is load the three bytes that are the characters we are searching into var_23h (two characters) and into var_21h (the third one). The last four bytes of var_28h (which means this three characters and a pointless additional byte, as we couldn't possibly move three bytes) are then copied into eax and converted (cdqe). These are then compared to see if they match (thus if the password, more precisely three bytes of it, is correct).