Writeup for CrackMe challenge Simples

Challenge ID: 5ab77f5f33c5d40ad448c807

Download the challenge file

Solution on GitHub

---

Approach 1 – Black-Box Interaction (Brute-Force)

1. Initial run
   Launching the executable produced a welcome prompt but ignored any keyboard input.

   

2. Process inspection
   With Sysinternals Process Explorer I discovered a listening socket on TCP 31279 and several interesting string references.

   

3. Triggering the program
   Sending a plain HTTP request to http://127.0.0.1:31279/ caused new output to appear in the console window.

   

---

Approach 2 – Static Analysis & Reverse Engineering

1. Loading the binary
   The executable was opened in Binary Ninja.

2. String & symbol reconnaissance

   • Located welcome, success, and error messages in the Strings view.
   • Symbol inspection revealed typical Winsock APIs (WSAStartup, socket, bind, etc.).

   

3. Control-flow graph analysis
   Focusing on the function that prints the welcome message, I annotated each call:

   • WSAStartup – initializes Winsock.
     Microsoft docs: https://learn.microsoft.com/en-us/windows/win32/api/winsock/nf-winsock-wsastartup

   • htons(0x7A4F) – converts 0x7A4F to network byte-order, confirming the listener uses port 31279.

   
   

4. Linear High Level IL
   The decompiler clarified the high-level logic:

   1. Initialize Winsock.
   2. Create a TCP socket bound to 127.0.0.1:31279.
   3. Enter a while loop waiting for data.
   4. Upon receiving any data, print the success banner and exit.

   

---

Solution

Send a single packet e.g., curl http://127.0.0.1:31279/ to satisfy the win condition.
No specific payload or key is required; any data triggers the win message.

---

Takeaways

• The value of environmental observation: network artefacts can reveal more than static inputs.

Extras - x32dbg Screenshots

• Call Stack

• Graph

---

Tags: Reverse Engineering, Assembly, Binary Ninja, x86dbg, Featured

← Back home