HackMe2 – Dynamic analysis

HackMe2:
This password uses a simple check-sum comparison for authorization.

Download File: HackMe2(Linux)
Download File: HackMe2(Windows)

Solution

First of all you can have a look at the contained strings.

strings hackme2_linux | less

Afterwords have a look at the hexdump.

hexdump -C hackme2_linux | less

ELF structure

  $readelf -h hackme2
  ELF Header:
  Magic:   7f 45 4c 46 02 01 01 00 00 00 00 00 00 00 00 00
  Class:                             ELF64
  Data:                              2's complement, little endian
  Version:                           1 (current)
  OS/ABI:                            UNIX - System V
  ABI Version:                       0
  Type:                              EXEC (Executable file)
  Machine:                           Advanced Micro Devices X86-64
  Version:                           0x1
  Entry point address:               0x4005c2
  Start of program headers:          64 (bytes into file)
  Start of section headers:          5472 (bytes into file)
  Flags:                             0x0
  Size of this header:               64 (bytes)
  Size of program headers:           56 (bytes)
  Number of program headers:         8
  Size of section headers:           64 (bytes)
  Number of section headers:         30
  Section header string table index: 27

GDB

$gdbtui hackme2

(gdb) layout asm
(gdb) start

Source code:


#include 

int main(void)
{
    char pass_in[15];
    int i;
    int valid = 0;

    printf("Copyright by NM-Projects.de\n");
    printf("Enter password: ");
    scanf("%15s[^\n]", pass_in);
    for(i = 0; i < 4; i++)
    {
        valid=valid+pass_in[i];
    }
    if(valid == 206) // input 1337 or combination
    {
        printf("\nRight password\n");
    }
    else
    {
        printf("\nWrong password!\n");
    }

    getchar();
    return 0;
}