TryHackMe: Reversing ELF

6 min readAug 1, 2020
  1. crackme1

Run the program


2. crackme2

Some 64 bit machine may not able to run this program. Install this package first

apt-get install lib32z1

Run the program


Need argument

./crackme2 test
strings crackme2
./crackme2 super_secret_password

3. crackme3


Need argument

./crackme3 test
strings crackme3

There’s base64 strings.

Decode it with cyberchef.

4. crackme4

./crackme4 test
strings crackme4

Nothing much

Let’s debug

r2 -d ./crackme4

Analyze the program


List functions


There’s main function.

pdf @main

This looks like comparing function.

pdf @sym.compare_pwd

Here’s the string compare.

Set breakpoint

db 0x004006d5

Supply argument

ood 'argement'

Run til breakpoint

pdf @sym.compare_pwd

Let’s check the value

px @rdi

5. crackme5

strings crackme5

There’s main function.

pdf @main

There’s password declaration, but I’m too lazy to type one by one.

There’s string compare.

Set breakpoint

db 0x0040082f

Run program til breakpoint


Verify breakpoint

pdf @main

Let’s get value of rsi.

px @rsi

6. crackme6

./crackme6./crackme 123
strings crackme6
r2 -d ./crackme6

There’s main function.

pdf @main

There’s compar_pwd function.

pdf @sym.compare_pwd

There’s another function.

pdf @sym.my_secure_test

I think this is comparing character function.

Let’s use graph for easier viewing.

VV @sym.my_secure_test

Graph view

Combine all strings and decode to text.

7. crackme7


Let’s input some strings

strings crackme7
r2 -d ./crackme7aaaafl

There’s main function.

There’s Wow such h4x0r!. This not appear when I ran the program.

Looking more closely, there’s comparing function.

Convert to ascii text.

Let’s try input “zi”


Let’s try decimal instead.


8. crackme8

./crackme8./crackme8 test
strings crackme8
r2 -d ./crackme8aaaafl
pdf @main

There’s cmp here with “0xcafef00d”. Before that there’s atoi function.

This atoi will convert string to interger

Convert hex to decimal

Input numbers decimal and signed 2 complement.