![x32dbg download x32dbg download](https://www.99mediasector.com/wp-content/uploads/2020/10/activate-mrt-tool-min-300x182.jpg)
So, this is the point where our interesting function starts. This means that a function was called before reaching this point and the last function to be executed before the printing of ‘Correct/Incorrect password’ is the check_pass() function. The main reason for that is because I can see a jmp statement and a call statement right above it. What I have done over here in the above image, is I’ve added a breakpoint at 00000000004015F6. This will display the below screen in the disassembly area:
![x32dbg download x32dbg download](https://1.bp.blogspot.com/-lbB1BlS60UQ/Xkaj7RSUX_I/AAAAAAAAA1k/4Kk1xPZg4PwyvWxtzF3dg6eO5PO-1z3wwCEwYBhgL/w1200-h630-p-k-no-nu/Capture%2B2020-02-14%2B20.15.26.jpg)
Now right click on the ‘Incorrect Password’ area and select Follow in Disassembler.
#X32DBG DOWNLOAD CODE#
Since we know there will be a comparison between our input password and the original password before printing whether the password is correct or not, we need to find the same from the disassembled code to view the registers and the stack to search for the cleartext password. This will bring you to the below screen where it shows you the string Incorrect Password. To search for strings, right click anywhere in the disassembled code -> Search for -> All Modules -> String References As for now, our primary aim is to find the actual password and secondary aim is to modify the RAX register to Zero, to display ‘Correct Password’ since our check_pass() function returns 0 or 1 depending upon whether the password is right or wrong. ‘Incorrect password’, or ‘Correct password’ or ‘help’. We know a few strings when we executed the binary i.e. Once, the above screen is loaded, we will first search for strings in our binary. Whenever variables are passed on to another function, you will see them here. The bottom left window displays the memory dump of the binary, and the bottom right shows the stack. However for the curious cats, more information can be found here. I would recommend skipping this if you are A beginner. Fastcalls are 圆4 calling conventions which is done between just 4 registers. text section of the assembly code, and right one shows the fastcalls in 圆4 assembly. The middle two windows, left one shows you the. Since we are debugging a 圆4 binary, the values of x86 registers for example EAX or ECX will be inside of RAX or RCX itself. The top right window contains the values of the registers. It will walk you through the entire assembly code of the binary. This is the same as disassemble main in GDB. The top left window displays the disassembled code.
#X32DBG DOWNLOAD WINDOWS#
Let me quickly explain what these windows are: Once, the binary is loaded, you will see six windows by default. To load the binary into 圆4dbg, below is the commandline you can use: So, unlike GDB where we can supply the argument inside the GDB in Windows, we will have to supply it during the loading of binary via the command line itself. Remember, that our binary accepts an argument which is our password. Once you have compiled the binary, let’s load it up in 圆4dbg. It all boils down to the preference of which one you are familiar with. I prefer to use the Mingw-圆4 compiler, but some also use clang 圆4.
![x32dbg download x32dbg download](https://image.3001.net/images/20190929/1569728986_5d9029dac9c6e.png)
#X32DBG DOWNLOAD DOWNLOAD#
You can also download the binary from my repo mentioned above. Make sure you use a 64-bit version of g++ compiler else it will compile but won’t work. $ g++ crack_me.cpp -o crack_me圆4.exe -static -m64 You can compile the binary in Windows with the below command: Once you have downloaded the required debugger, you can compile the source code which is uploaded on my Git repo here.
![x32dbg download x32dbg download](https://image.3001.net/images/20190929/1569729025_5d902a012d1a6.png)
However, since we are only focusing on 圆4, we will have to use 圆4dbg which supports both x86 and 圆4 disassembly. Immunity Debugger is an awesome tool if you are debugging x86 binaries. If you are able to find other 圆4 debuggers for windows, do add them in the comment and I will mention them here.: However, below are alternatives along with the download links which you can choose. In this post, I will be using 圆4dbg since I wasn’t able to find a version of 圆4 Immunity debugger or Olly Debugger to reverse engineer the binary. This is however a re-posting of my own blog from here. The only difference you would find would be the kernel level calls and the DLLs which would be of Windows rather than the libraries of Linux. Reverse engineering tools in Windows are highly different from that of Linux, but on the assembly level, it would somewhat be the same. In this blog however, we will be using the same source code of the binary but compile and debug it in Windows. In the previous blog here, we reverse engineered a simple binary containing plaintext password in Linux with the help of GNU Debugger (GDB).