Cracking Marquire's CrackMe_V3_Marquire
Let’s start off the crackmes series with a basic one: Marquire’s CrackMe_V3_Marquire .
It’s very standard, it just asks for the key and tells us if it’s right or wrong.
It’s quite clear what’s going on. Ask for the input, do some simple logic, say if right or wrong and exit.
The validation logic just compares each letter of our input (
[esp+114h] …) to randomly placed out offsets (
[esp_2Ch] …), checking to see if they’re equal.
Since I don’t know where
esp is statically, this’ll require some basic dynamic analysis.
The IDA Pro debugger makes this very easy, simply hover over the address and it’ll preview the values there.
S, which is compared to the first letter of our input, which is at
Using this, we can follow through the validation logic and obtain the correct key.
Here’s the debugging results:
- 1 -
- 2 -
- 3 -
- 4 -
- 5 -
- 6 -
- 7 -
- 8 -
- 9 -
- 10 -
- 11 -
I’ll turn that into some easier to read pseudo-code.
input == 'S' input == 'T' input == 'I' input == 'L' input == input // 'L' input == '_' input == 'E' input == 'A' input == input // 'S' input == 'Y' input == '?'
There you have it, using a combination of static and dynamic analysis we cracked it. It was a very simple crackme, next time will be more difficult.