file bin
to check what type of file it was:strings bin
to see if anything stood out:%32s
- maybe a C string output format (32 characters)?ACCESS DENIED
:main
function:b14
(cyan) there is a C function scanf
called which reads from the standard input.b20
(orange) calls a check_pw
routine - we can assume that the input captured from the instruction at b14
will be passed to check_pw
function to decide if the string received from the standard input matches the password the binary is protected with or notb25
carries out a check against the eax
register and based on if eax==0 or eax!=0, it will either take a jump to instructions at b27
(if eax==0) or continue executing instructions at b29
if eax!=0. Pressumably, the jumps are carried out based on if the provided password is correct or incorrect.disas
of the main
function to remind ourselves once again what the routine for password checking wascheck_pw
routine as wellc
to continue running the program until the scanf
function is called and then provide it with some dummy password, say test
:check_pw
:check_pw+88
:check_pw+88: cmp dl, al
- al and dl register values are being comparedrax
and rdx
values are b
and t
respectively (organge at the top). If you followed the register values whilst stepping through the code, you would notice that the value in the rdx is actually the first letter of our password t
est
. Having said this, it looks like the binary is checking if the first character of the provided password is actually an ascii b
dl==al
, the code should jump to check_pw+99
as seen at offset check_pw+90
check_pw+92
- suggesting the first character of the password does NOT start with a t
:b
est
this time (replacing the first t
with b
, since the binary seemed to be expecting to see in the dl
register)?cmp al,dl
sets the zero
flag to true
and the jump at check_pw+90
is taken - suggesting that the first character of the password is indeed a b
:%32s
string discussed previously?), we will eventually get the full password: