Reverse Engineering Asked on May 27, 2021
In this crackme solution first the strings are found:
$ rabin2 -z crackserial_linux
addr=0x00000aa0 off=0x00000aa0 ordinal=000 sz=7 len=7 section=.rodata type=A string=User:
addr=0x00000aa7 off=0x00000aa7 ordinal=001 sz=11 len=11 section=.rodata type=A string=Password:
addr=0x00000ab2 off=0x00000ab2 ordinal=002 sz=10 len=10 section=.rodata type=A string=Good job!
addr=0x00000abc off=0x00000abc ordinal=003 sz=10 len=10 section=.rodata type=A string=Try again
after that referenced for “Good job” are looked for.
$ radare2 crackserial_linux
-- How about a nice game of chess?
[0x080488c4]> /c ab2
f hit_0 @ 0x08048841 # 5: push 0x8048ab2
[0x080488c4]>
I tried the same thing, but for me is not working:
$ r2 crackserial_linux
[0x080488d0]> !!rabin2 -z crackserial_linux
[strings]
addr=0x08048d80 off=0x00000d80 ordinal=000 sz=7 section=.rodata string=User:
addr=0x08048d87 off=0x00000d87 ordinal=001 sz=9 section=.rodata string=Serial:
addr=0x08048d90 off=0x00000d90 ordinal=002 sz=10 section=.rodata string=Good job!
addr=0x08048d9a off=0x00000d9a ordinal=003 sz=10 section=.rodata string=Try again
4 strings
[0x080488d0]> /c d90
[0x080488d0]>
By the way, why are the strings in my case at different locations?
Update:
As commented by Daniel W Crompton the /c
command has been reassigned to crypto stuff use axt
to find references.
[0x140035bf0]> !radare2 -v
radare2 4.3.1 6 @ windows-x86-64 git.4.3.1
commit: 54ac837b5503f10f91e2069ac357791f7a3e635a build: Fri 03/06/2020__15:52:24.93
[0x140035bf0]> /c?
Usage: /c Search for crypto materials
| /ca Search for AES keys expanded in memory
| /cc[algo] [digest] Find collisions (bruteforce block length values until given checksum is found)
| /cd Search for ASN1/DER certificates
| /cr Search for ASN1/DER private keys (RSA and ECC)
Original:
Judging from the several posts you made recently it appears you do not have a proper installation may be you should try uninstalling and reinstalling the radare2 package
The commend per se seems to work correctly for me here:
radare2-w32-0.9.9> cat xxxhelloworld.cpp
#include <stdio.h>
int main (void) {
printf("hello worldn");
return 0;
}
radare2-w32-0.9.9> radare2 xxxhelloworld.exe
[0x00401347]> iz~hello world
vaddr=0x0041218c paddr=0x0001118c ordinal=000 sz=13 len=12 section=.rdata type=a string=hello worldn
/c
uses pattern matching using 1118c
wont give you any results using 18c
will spew a lot of results think about it before asking why (that is one of the drawbacks of following tuts blindly your /d90
or /ab2
are falling in this category )
Lets search for xrefs to the virtual address
[0x00401347]> /c 41218c
0x00401003 # 5: push 0x41218c
Disassemble around the hit
[0x00401347]> pd 5 @0x401000
;-- section..text:
0x00401000 55 push ebp ;
0x00401001 8bec mov ebp, esp
;-- hit0_0:
0x00401003 688c214100 push str.hello_world_n ; "hello world."
0x00401008 e807000000 call 0x401014 ;0x00401014(unk, unk)
0x0040100d 83c404 add esp, 4
Correct answer by blabb on May 27, 2021
Also axt
:
Use like axt @ hello_world_n
gives you the reference.
Answered by Maijin on May 27, 2021
Get help from others!
Recent Answers
Recent Questions
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP