IOLI 0x00

This is the first IOLI crackme, and the easiest one.

  1. $ ./crackme0x00
  2. IOLI Crackme Level 0x00
  3. Password: 1234
  4. Invalid Password!

The first thing to check is if the password is just plaintext inside the file. In this case, we don’t need to do any disassembly, and we can just use rabin2 with the -z flag to search for strings in the binary.

  1. $ rabin2 -z ./crackme0x00
  2. [Strings]
  3. nth paddr      vaddr      len size section type  string
  4. -------------------------------------------------------
  5. 0   0x00000568 0x08048568 24  25   .rodata ascii IOLI Crackme Level 0x00\n
  6. 1   0x00000581 0x08048581 10  11   .rodata ascii Password: 
  7. 2   0x0000058f 0x0804858f 6   7    .rodata ascii 250382
  8. 3   0x00000596 0x08048596 18  19   .rodata ascii Invalid Password!\n
  9. 4   0x000005a9 0x080485a9 15  16   .rodata ascii Password OK :)\n

So we know what the following section is, this section is the header shown when the application is run.

  1. nth paddr      vaddr      len size section type  string
  2. -------------------------------------------------------
  3. 0   0x00000568 0x08048568 24  25   .rodata ascii IOLI Crackme Level 0x00\n

Here we have the prompt for the password.

  1. 1   0x00000581 0x08048581 10  11   .rodata ascii Password:

This is the error on entering an invalid password.

  1. 3   0x00000596 0x08048596 18  19   .rodata ascii Invalid Password!\n

This is the message on the password being accepted.

  1. 4   0x000005a9 0x080485a9 15  16   .rodata ascii Password OK :)\n

What is this? It’s a string, but we haven’t seen it in running the application yet.

  1. 2   0x0000058f 0x0804858f 6   7    .rodata ascii 250382

Let’s give this a shot.

  1. $ ./crackme0x00
  2. IOLI Crackme Level 0x00
  3. Password: 250382
  4. Password OK :)

So we now know that 250382 is the password, and have completed this crackme.