Root-Me: GB – Basic GameBoy crackme walkthrough

Hello, In this article I will describe how I solved the GB – Basic GameBoy crackme challenge from Root-Me. Before reading this article you should attempt to solve the challenge on your own. Start by reading/skimming through the GameBoy CPU manual then download an emulator such as mGba and play with the ROM. To disassemble the ROM I’ve used Ghidra and mgbdis. After reading through the GameBoy CPU manual, I’ve opened the file in Ghidra and found these interesting strings:...

October 27, 2019 · 2 min · Denis Nuțiu

Root Me – Xor Madness – Walkthrough

Hello, In this article I will describe how I solved the PE x86 – Xor Madness challenge from Root-Me This challenge will ask you for a password and the password is also used to validate the flag. What makes this challenge interesting is that it only uses xor, sub, call and ret. Here’s how I approached the challenge: Since the binary had a few function and some strings were in plain text, I tried to figure out the big picture and labeled all the function accordingly: win, lose, check and so on....

October 6, 2019 · 5 min · Denis Nuțiu

Root-Me: ELF C++ – 0 protection solution

Hello! My daily work is doing full stack web development, and reversing is a side thing that I do for fun and in my free time. In this article I will show you an easy way to solve for ELF C++ – 0 protection challenge, which can be found on https://www.root-me.org under the cracking section. I found this challenge a bit difficult mostly because I’m not used to reverse C++ code but, since it doesn’t contain any protection at all, all you need to do is to inspect the parameters....

August 12, 2019 · 2 min · Denis Nuțiu

Root-Me Reversing: crackme_wtf hints

It’s been some time since I’ve done some Reverse Engineering and today I’ve completed a simple challenge on . The filename of the challenge is crackme_wtf and here are some hints to get you started: Determine type of FILEs. Don’t be afraid to patch and use a debugger. Try to eliminate the randomness. Maybe some functions that have to do with time, random numbers or the current process’s id. If the last hint doesn’t yield any results… Is the required password really needed to get to the flag?...

August 4, 2019 · 1 min · Denis Nuțiu

Root Me: ELF-CrackPass with Ghidra

Hello! I’ve been playing recently a bit with Ghidra, which is a reverse engineering tool that was recently open sourced by the NSA. The official website describes the tool as: A software reverse engineering (SRE) suite of tools developed by NSA’s Research Directorate in support of the Cybersecurity mission I’m at the beginning of my reverse engineering career, I didn’t do anything advanced and I don’t know what features to expect from a professional tool like this, if you’re looking to read about advanced Ghidra features them I’m sorry....

March 9, 2019 · 8 min · Denis Nuțiu

Keygenme or Not

Keygenme or Not is a cute reversing challenge I found on root-me.org. It requires an username and an activation key. I particularly enjoyed this challenge and decided to make a blog post about it. The twist of this challenge is that you can solve it without writing any code, thus the name ‘Keygenme or Not’. If you want to solve this challenge but you’re stuck you should definitely give it one more try because solving it is very easy....

December 25, 2018 · 2 min · Denis Nuțiu

Root Me: Cracking: PE – 0 protection

Since this challenge has 0 protection we can easily solve it by searching for the string in the strings window of IDA. Select from the menu: View -> Open Subviews -> Strings then double click on the: .rdata:00404053 0000000D C Gratz man 🙂 Now you should be in the .rdata section on the binary, while the string is still selected, right click on it and click on: Xrefs graph to… this will give you a nice graph that you can look at....

September 2, 2018 · 3 min · Denis Nuțiu

Root Me: Cracking: ELF – 0 protection & ELF – x86 Basic

I’ve just found out about this amazing website which offers a wide variety of challenges. Here’s my solution for the first challenge, this one is extremely easy, you just have to pay attention to the assembly code: Observe that the password is in plaintext and is loaded into [ebp+s2]. [ebp+s1] is passed to [esp] and is a pointer to the getString function, I just assumed that the function gets a string from stdin and puts it into [ebp+s1]....

September 1, 2018 · 1 min · Denis Nuțiu