Elf x86–0 protection Rootme (Cracking)

Just started some basic reverse engineering in Root-me today! This challenge is very easy to crack.

When we start the challenge, we get a ch1.bin file. Let us make a note of the file type.

So the binary is dynamically linked and not stripped. Next, I try “strings” and surprisingly you get the answer :) So I just don’t want to finish the challenge there. So I open the ch1.bin with the cutter. You could use ghidra or radare2 for this.

Then I go to the decompiler section. I like to use ghidra more than jsdec decompiler.

When we try to analyze the code, We take the user input in uVar1. Then we strcmp uVar1 and “123456789” and store the result of strcmp to iVar2. So if we try to give the input “123456789”. iVar2 is going to be 0 and will bypass the “if” condition. Let us see this with ltrace ( Which I know is not necessary).

So if I give 123456789 as the input, The if condition is bypassed. Easyyyyyy 5 points.

Do check out my other blogs and give some claps if you reached here.
Goodbye!