Assembly on Siddharth Mishra

Bruteverse Solution - A Simple Bruteforce Attack

Fri, 02 Dec 2022 15:35:35 +0000

This is also another easy crackme. I don’t know why is it rated 4.0 in difficulty. It should be like 2 or less than that. All you have to do is read the assembly of the program or decompiled code (if available) and everything will be clear. When I opened this in IDA first I saw that this only had one simple function. I was confused that a 4.0 rated challenge and only this function? Maybe something advanced was going on. So I objdumped it and found nothing more than what was already shown in IDA.

Participating in r2wars - r2con 2021

Sun, 03 Oct 2021 14:30:42 +0000

So I participated in this year’s online r2con’s r2wars event. It was amazing. Me and my friend (X3eRo0) participated in this years r2con. I never heard of this event before and it was introduced to me by X3eRo0 himself. Also this type of event was completely new to me.

Source: radareorg/r2wars repository.

Beginning

My exams were already over and I was sitting waiting for a nice thing to happen in my life (working on my side projects). As I’ve mentioned in my earlier post (Solving X3eRo0’s CrackME The Hard Way) X3eRo0 challeged me to solve his CrackMe and he’ll invite me to his ctf-team. This acted as a motivation to me. At the time of writing this post, the CrackMe is still unsolved (I am still at reversing stage, the read time is 109mins and I guess it will probably increase to 400mins+ after I’m done with it). After a month approx he sent me an invitation to join his ctf-team (probably by seeing how foolish I am and that I won’t be able to complete his crackme in an eternity 😂 🤣). Everyone is polite and helpful in the team I feel comfortable with them 😄.

Solving X3eRo0's CrackMe The Hard Way

Fri, 03 Sep 2021 17:50:32 +0000

“Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” ― Edward Snowden

In this post, I will make an attempt to solve X3eRo0’s crackme named Pyaz. Below is the information provided on crackme’s page

;------------------;----------------;------------;
| Platform | Difficulty: | Quality: |
| Unix/linux etc. | 4.0 | 4.0 |
;------------------;----------------;------------;

;-------------;
| Description |
;-------------;-------------------------------------------------------------------;
| x86_64 linux binary (tested on ubuntu, should run on any distro). Takes input |
| through stdin and outputs "Correct Password" if it's correct, "Wrong Password" |
| if it's not. |
| Written in C |
| Don't patch the binary, of course - find the correct input. |
;---------------------------------------------------------------------------------;
| SHA256: 2078795d5f56c25c09301d345f07a93df915693f9976633040d9093d1a303e98 ./xvm |
| 29bea5fdd57949fb349e7e06c40ad4578aca6b8af6787bf39a9474857db01649 ./pyaz.xvm |
;---------------------------------------------------------------------------------;

We will reverse this one by looking at the disassembly only (unlike last time we used Ghidra). This is because, unlike last crackme, this is a complex one and I like to feel like GOD after solving a difficult crackme by looking at the disassembly! (obviously many can do the same but that’s just how I feel!)