‘Incorrect password’, or ‘Correct password’ or ‘help’. We know a few strings when we executed the binary i.e. Once, the above screen is loaded, we will first search for strings in our binary. Whenever variables are passed on to another function, you will see them here. The bottom left window displays the memory dump of the binary, and the bottom right shows the stack. However for the curious cats, more information can be found here. I would recommend skipping this if you are A beginner. Fastcalls are 圆4 calling conventions which is done between just 4 registers. text section of the assembly code, and right one shows the fastcalls in 圆4 assembly. The middle two windows, left one shows you the. Since we are debugging a 圆4 binary, the values of x86 registers for example EAX or ECX will be inside of RAX or RCX itself. The top right window contains the values of the registers. It will walk you through the entire assembly code of the binary. This is the same as disassemble main in GDB. The top left window displays the disassembled code. Let me quickly explain what these windows are: Once, the binary is loaded, you will see six windows by default. To load the binary into 圆4dbg, below is the commandline you can use: So, unlike GDB where we can supply the argument inside the GDB in Windows, we will have to supply it during the loading of binary via the command line itself. Remember, that our binary accepts an argument which is our password. Once you have compiled the binary, let’s load it up in 圆4dbg. It all boils down to the preference of which one you are familiar with. I prefer to use the Mingw-圆4 compiler, but some also use clang 圆4. You can also download the binary from my repo mentioned above. Make sure you use a 64-bit version of g++ compiler else it will compile but won’t work. $ g++ crack_me.cpp -o crack_me圆4.exe -static -m64 You can compile the binary in Windows with the below command: Once you have downloaded the required debugger, you can compile the source code which is uploaded on my Git repo here. However, since we are only focusing on 圆4, we will have to use 圆4dbg which supports both x86 and 圆4 disassembly. Immunity Debugger is an awesome tool if you are debugging x86 binaries. If you are able to find other 圆4 debuggers for windows, do add them in the comment and I will mention them here.: However, below are alternatives along with the download links which you can choose. In this post, I will be using 圆4dbg since I wasn’t able to find a version of 圆4 Immunity debugger or Olly Debugger to reverse engineer the binary. This is however a re-posting of my own blog from here. The only difference you would find would be the kernel level calls and the DLLs which would be of Windows rather than the libraries of Linux. Reverse engineering tools in Windows are highly different from that of Linux, but on the assembly level, it would somewhat be the same. In this blog however, we will be using the same source code of the binary but compile and debug it in Windows. In the previous blog here, we reverse engineered a simple binary containing plaintext password in Linux with the help of GNU Debugger (GDB).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |