Reversing.kr Easy Crackme Writeup

Environment

• Host OS: Kali linux 2018.4
• Guest OS: Windows 7 Service Pack 1
• Virtualization: Virtualbox 5.2.22
• Debugger: IDA Pro Free 5.0

Explanation

Reversing.kr is a website which has some of reverse engineering challenges. This is a write-up of Easy Crackme on that website.

Solution

1. Running the app

When we run the app, we have a small dialogue and textbox. As we put a rundom string and put the button, we have a message “Incorrect Password”. This is likely we have to identify what is the “Password” by reverse engineering.

2. Opening with IDA Pro

To analyze this application, we can open the app with IDA Pro. Since we can see this application retrieves the input data in the textarea, we can assume that “GetDlgItemText” Windows API is used. We can find it in a subprocess”sub_401080”.

3. Getting password

According to the manual of GetDlgItemText, we can find where is the memory location the input data was stored.

UINT GetDlgItemTextA(
  HWND  hDlg,	    // A handle to the dialog box that contains the control
  int   nIDDlgItem, // The identifier of the control whose title or text is to be retired
  LPSTR lpString,   // The buffer to receive the title or text
  int   cchMax      // The maximum length, in characters, of the string to be copied to the buffer pointed to by lpString. If the length of the string, including the null character, exceeds the limit, the string is truncated.
);

In this case, the value of lpString is esp+0x08

String= byte ptr -64h
lea eax, [esp+6Ch+String] # lea eax, [esp+0x08]
push eax; lpString

After calling the GetDlgItemTextA, we can express the address is esp+0x04 since each argument of GetDlgItemTextA is 1 byte. We can find 1st cmp instruction in the next line.

cmp byte ptr [esp+0x05], 61h

The address of input chars is esp+0x04 so this is comparing 2nd character of password and Ascii Character “a”. Under the 1st comparison, we can find 2nd one. At first, there is a instruction

push 2

This time, the address of input chars changes to esp+0x08.

lea ecx, [esp+0x0Ah]
push offset a5y; "5y"
push ecx;
call strncmp

This means, this strncmp is comparing “5y” and 3rd, 4th chars of input. Next, we can see this section.

push ebx
push esi

After these 2 of push instruction, the address of input chars changes to exp+0x0C.

lea eax, [esp+70h+var_60] # lea eax, [esp+0x10]

In eax, there is an address of 5th chars of input. Then, comparing [eax] and [esi] with dl and bl. After that, there 2 pop instructions Then, address of input chars goes to [esp+0x04]. Finally we can see there instructions.

cmp [esp+68h+String],45h # cmp [esp+4], 45h

We can figure out 1st character of the input should be Ascii Character “E”. According to these information, we can figure out the password is

Ea5yR3versing

Solving Slack segfault on kali linux 2018.4

Environment

• OS: Kali linux 2018.4
• Slack: Slack desktop 3.3.3

Problem

Without any additional settings, we can’t launch Slack desktop on kali linux 2018.04 due to segfault.

Solution

1. Downloading Slack desktop (Beta)

From this web site, we can download slack desktop 3.3.3.

2. Install Slack desktop

With the following command, we can install the Slack desktop.

dpkg -i slack-desktop-3.3.3-amd64.deb

3. Segfault

As we can see, when we launch, Slack desktop was terminated with segmentation fault.

4. This is because Slack desktop is using older version of libnode.so

we can find other libnode.so with following commands.

updatedb
locate libnode

5. By having a symlink, we can use different libnode.so and we can lanuch the Slack desktop.

mv /usr/lib/slack/libnode.so /usr/lib/slack/libnode.so.old
ln -s /usr/share/skypeforlinux/libnode.so /usr/lib/slack/libnode.so

Enabling Share Folder on Windows 10

Environment

• Host OS: Kali linux 2018.3
• Guest OS: Windows 10 Enterprise Evaluation (Virtualbox)
• Virtualization: Virtualbox 5.2.20_Debian

Problem

How to enable Share Folder on Windows 10 with Virtualbox 5 ?

Solution

1. Configuring share folder on virtualbox From this web site, we can download the official Windows 10 virtualbox .ova file. After the importing of the win10 box, we can configure the share folder on virtualbox console

2. Run windows 10 With button “start”, we can run the virtual machine

3. Open “Network & Internet” From “Settings”, we can open the “Network & Internet” tab.

4. Open “Sharing options” By clicking the “Status” from “Network & Internet”, we can go to the “Sharing options” window.

As we can see, there are 2 option buttons and by changing the value of that we can enable the Share Folder.

After the saving the configuration, we can browse the network share folder.

Fix VMware workstation gcc error

Environment

OS: Kali linux 2017.2

Problem

When I finished installing VMware workstation 12.5.7 and tried to run, I got this error below.

However, I have already installed gcc version 6.4.0-5. Somehow, it can not be found by vmware.

Solution

Then, I ran the command by root user

$ sudo vmplayer

After selecting the correct gcc-6 in /usr/bin, we can see this view

Then, I succeeded to open vmware console correctly.

Example content

Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Sed posuere consectetur est at lobortis. Cras mattis consectetur purus sit amet fermentum.

Curabitur blandit tempus porttitor. Nullam quis risus eget urna mollis ornare vel eu leo. Nullam id dolor id nibh ultricies vehicula ut id elit.

Etiam porta sem malesuada magna mollis euismod. Cras mattis consectetur purus sit amet fermentum. Aenean lacinia bibendum nulla sed consectetur.

Inline HTML elements

HTML defines a long list of available inline tags, a complete list of which can be found on the Mozilla Developer Network.

• To bold text, use <strong>.
• To italicize text, use <em>.
• Abbreviations, like HTML should use <abbr>, with an optional title attribute for the full phrase.
• Citations, like — Mark otto, should use <cite>.
• Deleted text should use <del> and inserted text should use <ins>.
• Superscript ^text uses <sup> and subscript _text uses <sub>.

Most of these elements are styled by browsers with few modifications on our part.

Heading

Vivamus sagittis lacus vel augue rutrum faucibus dolor auctor. Duis mollis, est non commodo luctus, nisi erat porttitor ligula, eget lacinia odio sem nec elit. Morbi leo risus, porta ac consectetur ac, vestibulum at eros.

Code

Cum sociis natoque penatibus et magnis dis code element montes, nascetur ridiculus mus.

// Example can be run directly in your JavaScript console


// Create a function that takes two arguments and returns the sum of those arguments

var adder = new Function("a", "b", "return a + b");

// Call the function

adder(2, 6);
// > 8

Aenean lacinia bibendum nulla sed consectetur. Etiam porta sem malesuada magna mollis euismod. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa.

Gists via GitHub Pages

Vestibulum id ligula porta felis euismod semper. Nullam quis risus eget urna mollis ornare vel eu leo. Donec sed odio dui.

Aenean eu leo quam. Pellentesque ornare sem lacinia quam venenatis vestibulum. Nullam quis risus eget urna mollis ornare vel eu leo. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Donec sed odio dui. Vestibulum id ligula porta felis euismod semper.

Lists

Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus. Aenean lacinia bibendum nulla sed consectetur. Etiam porta sem malesuada magna mollis euismod. Fusce dapibus, tellus ac cursus commodo, tortor mauris condimentum nibh, ut fermentum massa justo sit amet risus.

• Praesent commodo cursus magna, vel scelerisque nisl consectetur et.
• Donec id elit non mi porta gravida at eget metus.
• Nulla vitae elit libero, a pharetra augue.

Donec ullamcorper nulla non metus auctor fringilla. Nulla vitae elit libero, a pharetra augue.

1. Vestibulum id ligula porta felis euismod semper.
2. Cum sociis natoque penatibus et magnis dis parturient montes, nascetur ridiculus mus.
3. Maecenas sed diam eget risus varius blandit sit amet non magna.

Cras mattis consectetur purus sit amet fermentum. Sed posuere consectetur est at lobortis.

HyperText Markup Language (HTML)

The language used to describe and define the content of a Web page

Cascading Style Sheets (CSS)

Used to describe the appearance of Web content

JavaScript (JS)

The programming language used to build advanced Web sites and applications

Integer posuere erat a ante venenatis dapibus posuere velit aliquet. Morbi leo risus, porta ac consectetur ac, vestibulum at eros. Nullam quis risus eget urna mollis ornare vel eu leo.

Images

Quisque consequat sapien eget quam rhoncus, sit amet laoreet diam tempus. Aliquam aliquam metus erat, a pulvinar turpis suscipit at.

Tables

Aenean lacinia bibendum nulla sed consectetur. Lorem ipsum dolor sit amet, consectetur adipiscing elit.

Nullam id dolor id nibh ultricies vehicula ut id elit. Sed posuere consectetur est at lobortis. Nullam quis risus eget urna mollis ornare vel eu leo.

Want to see something else added? Open an issue.