TryHackMe: Reversing ELF

  1. crackme1

Run the program

2. crackme2

Some 64 bit machine may not able to run this program. Install this package first

Run the program

Need argument

3. crackme3

Need argument

There’s base64 strings.

Decode it with cyberchef.

4. crackme4

Nothing much

Let’s debug

Analyze the program

List functions

There’s main function.

This looks like comparing function.

Here’s the string compare.

Set breakpoint

Supply argument

Run til breakpoint

Let’s check the value

5. crackme5

There’s main function.

There’s password declaration, but I’m too lazy to type one by one.

There’s string compare.

Set breakpoint

Run program til breakpoint

Verify breakpoint

Let’s get value of rsi.

6. crackme6

There’s main function.

There’s compar_pwd function.

There’s another function.

I think this is comparing character function.

Let’s use graph for easier viewing.

Graph view

Combine all strings and decode to text.

7. crackme7

Let’s input some strings

There’s main function.

There’s Wow such h4x0r!. This not appear when I ran the program.

Looking more closely, there’s comparing function.

Convert to ascii text.

Let’s try input “zi”


Let’s try decimal instead.


8. crackme8

There’s cmp here with “0xcafef00d”. Before that there’s atoi function.

This atoi will convert string to interger

Convert hex to decimal

Input numbers decimal and signed 2 complement.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store