IOLI 0x00

This is the first IOLI crackme, and the easiest one.

$ ./crackme0x00
IOLI Crackme Level 0x00
Password: 1234
Invalid Password!

The first thing to check is if the password is just plaintext inside the file. In this case, we don't need to do any disassembly, and we can just use rabin2 with the -z flag to search for strings in the binary.

$ rabin2 -z ./crackme0x00
vaddr=0x08048568 paddr=0x00000568 ordinal=000 sz=25 len=24 section=.rodata type=a string=IOLI Crackme Level 0x00\n
vaddr=0x08048581 paddr=0x00000581 ordinal=001 sz=11 len=10 section=.rodata type=a string=Password:
vaddr=0x0804858f paddr=0x0000058f ordinal=002 sz=7 len=6 section=.rodata type=a string=250382
vaddr=0x08048596 paddr=0x00000596 ordinal=003 sz=19 len=18 section=.rodata type=a string=Invalid Password!\n
vaddr=0x080485a9 paddr=0x000005a9 ordinal=004 sz=16 len=15 section=.rodata type=a string=Password OK :)\n

So we know what the following section is, this section is the header shown when the application is run.

vaddr=0x08048568 paddr=0x00000568 ordinal=000 sz=25 len=24 section=.rodata type=a string=IOLI Crackme Level 0x00\n

Here we have the prompt for the password.

vaddr=0x08048581 paddr=0x00000581 ordinal=001 sz=11 len=10 section=.rodata type=a string=Password:

This is the error on entering an invalid password.

vaddr=0x08048596 paddr=0x00000596 ordinal=003 sz=19 len=18 section=.rodata type=a string=Invalid Password!\n

This is the message on the password being accepted.

vaddr=0x080485a9 paddr=0x000005a9 ordinal=004 sz=16 len=15 section=.rodata type=a string=Password OK :)\n

What is this? It's a string, but we haven't seen it in running the application yet.

vaddr=0x0804858f paddr=0x0000058f ordinal=002 sz=7 len=6 section=.rodata type=a string=250382

Let's give this a shot.

$ ./crackme0x00
IOLI Crackme Level 0x00
Password: 250382
Password OK :)

So we now know that 250382 is the password, and have completed this crackme.