Super basic reverse engineering of a crackme

In this article we want to reverse engineer our own small crackme program. This statement itself is contradictory since reverse engineering is defined as one not knowing the inner workings of the reverse-engineered subject. But let's get to the point and actually learn something new.

We will start with a simple Crackme program that checks for a password:

main.c

#include <stdio.h>
#include <string.h>

int main() {
	printf("Starting crackme...\n");

	printf("Please enter password: ");

	char password[265];
	fgets(password, sizeof(password), stdin);

	if (strcmp(password, "supersecretpassword\n") == 0) {
		printf("CORRECT password: %s", password);
		return 0;
	}

	printf("WRONG password: %s", password);
	return 1;
}

As you can see, everything is pretty straightforward for now. Now compile this program to get an executable:

Now we have an executable program. Let's test it:

It seems like our little program is working - great! Let's now crack it! First we will take a look at the executable program, the binary, and look at which character strings are to be found inside it. For that, we will use the GNU strings utility:

As you will see, there will be a lot of interesting strings. Make yourself familiar with the output and try to draw conclusions from your program and the compiler you used. For our current task, I highlighted the important part above. It is quite easy to dissect which string is the password, as there is no obfuscation going on. But let's assume, for fun, that we received way too many strings to manually review and test them. We will now instead brute force each line as the password as another task:

Using the xargs command we added, we now will try every single string output by the strings program. We call sh on every line of the output, using the echo program to prepare it as input for our crackme program, which we call within the sh program call. As you will see when running this on your own, there will be even more lines outputted as we are now also reviewing the output of the crackme program itself. To quickly filter through all the output, run:

As you can see, we filtered through the output and received the password easily.