ELF ARM basic crackme
Root-me challenge: Constant time. Get the validation password.
Decompile, for example with Ghidra, and find:
void FUN_00008470(int param_1,int param_2) {
size_t __status;
byte *__s;
int __status_00;
int local_14;
if (param_1 != 2) {
puts("Please input password");
/* WARNING: Subroutine does not return */
exit(1);
}
__s = *(byte **)(param_2 + 4);
printf("Checking %s for password...\n",__s);
__status = strlen((char *)__s);
if (__status != 6) {
puts("Loser...");
/* WARNING: Subroutine does not return */
exit(__status);
}
__status = strlen((char *)__s);
local_14 = -__status + 6;
if (*__s != __s[5]) {
local_14 = -__status + 7;
}
if ((uint)*__s + 1 != (uint)__s[1]) {
local_14 = local_14 + 1;
}
if ((uint)__s[3] + 1 != (uint)*__s) {
local_14 = local_14 + 1;
}
if ((uint)__s[2] + 4 != (uint)__s[5]) {
local_14 = local_14 + 1;
}
if ((uint)__s[4] + 2 != (uint)__s[2]) {
local_14 = local_14 + 1;
}
__status_00 = local_14 + ((uint)__s[3] ^ 0x72) + (uint)__s[6];
if (__status_00 == 0) {
puts("Success, you rocks!");
/* WARNING: Subroutine does not return */
exit(0);
}
puts("Loser...");
/* WARNING: Subroutine does not return */
exit(__status_00);
}
Analysis
The flag must be 6 characters =>
__smust be 0.Assume the tests should not be checked =>
local_14must also be 0.__s[3] ^ 0x72 = 0x00Walk through for each item of the array.
Convert.