Welcome to HBH! If you had an account on hellboundhacker.org you will need to reset your password using the Lost Password system before you will be able to login.

App-2

  1. Home
  2. Forum
  3. Application Cracking
  4. App-2

RDXLOL's Avatar

RDXLOL

Member
0 0

I am kind of beginner. I have disassembled the code in radare2 and got a string called str.password but unable to see where does cmp register come for comparison or anywhere str.password is used?


rex_mundi's Avatar

rex_mundi

☆ Lucifer ☆
3,050 6

If we tell you exactly where to look there would be no challenge. You need to follow the flow of the code to find out where it's comparing the string you entered as the password, against the one it has stored.

Radare2 is pretty good at decompiling most binaries, but it's not a one stop universal cracker that you can just feed any old app into, and out pops the password.

As a beginner you'd be better off switching to visual mode. That way you don't remember too many commands or keep the program state in your mind. This will open it with a hexdump view of the loaded app, then you can see the output in the registers as you step through the code.

Pressing p will allow you to cycle through the rest of the visual mode views. Use F7 or s to step into and F8 or S to step over the current instruction. You can set breakpoints with F2 key.

Mastering that lot will allow you to crack most of the apps on HBH, except for ones where r2 would need to download a support package in order to allow it to load and read formats it doesn't already include.

Like I'm not sure if it can decompile swf or ActionScript and from memory, that may be needed for app2.

So your choices are simple, if you can't find the password in the code: either you need to get an update to work with .swf files,  or you could always just get a stand alone .swf decompiler.