Reverse Engineering | TryHackMe Writeup

Daniel Kasprzyk
3 min readJun 5, 2021

--

A very simple room with three task that have us reverse engineering some simple programs to finds passwords. To prepare, all we have to do is download the files and run the “chmod -x” command on each of them to give them execute permissions. Some might also need to run “sudo apt get radare2” to install the command line reverse engineering tool.

To get started, we open the first file with r2 which brings up quite a blank space. By running “aaa” we analyse the file which will dig through the binary and find all the data we need after which we can run “afl” to list all the functions found in the program. Now that everything is prepared, we can enter the main function with “pdf @main”.

Upon looking at the assembler code, we can see a few strings that radare pulled out of the binary with the one that stands out the most being “hax0r”.

We repeat the same preparation steps for the second binary to dig through the next task. To get this answer, I looked at the strings to find the text that would display for a valid password. I could then backtrack and see the conditions that would trigger this happening. Just 2 lines back we can see that the eax register is comparing with a hex value of “0x137c” which converted to decimal gives us “4988“.

The final challenge wants us to find the first three letters of the password. As usual, I took a look at the strings to see if there is anything worthy to find. Near the top of the entry point, we can see a few random letters that were found. I tried my luck with those and just like that the room is done.

In summary, I didn’t really learn anything new however I did get to practise my reversing skills. The room specified that it would teach the basics of assembly but didn’t give much assistance when it came to doing the work. I’m guessing this was mostly an independant room to get people to research into reversing but other than that, that’s all there is to this.

--

--

No responses yet