We will solve a previous crackme but this time we will approach it in a completely different way. Instead of patching a conditional jump with radare, we will look for the correct password by monitoring the calls to the shared libraries.
The code is as simple as this:
vi 00.c
#include<stdio.h>
int main(void){
char str1[20];
printf("Crackme 0x00 Coded by Kr0m\n");
printf("Introduzca password: ");
scanf("%s", str1);
if (strcmp(str1, "666-666") == 0){
printf("Ohu yeyesss Password Correcto!\n");
} else {
printf("ERROR: Password incorrecto!\n");
}
}
We compile:
gcc 00.c -o 00
We compile and install the ltrace tool that will allow us to see the calls that the binary makes to the shared libraries:
emerge dev-util/ltrace
We run the binary using ltrace:
ltrace ./00
puts("Crackme 0x00 Coded by Kr0m"Crackme 0x00 Coded by Kr0m) = 27
printf("Introduzca password: ") = 21
__isoc99_scanf(0x55b473af78d9, 0x7ffeedf39420, 0x7f5dc37638a0, 0Introduzca password: asd) = 1
strcmp("asd", "666-666") = 43
puts("ERROR: Password incorrecto!"ERROR: Password incorrecto!) = 28
+++ exited (status 0) +++
The input was asd and it compares it with 666-666, what will happen if we enter 666-666 as the password?
./00
Crackme 0x00 Coded by Kr0m
Introduzca password: 666-666
Ohu yeyesss Password Correcto!