Classic passwd

I forgot my password, can you give me access to the program?

Analyze flags, function calls etc using: radare2 -A -d Challenge.Challenge
1.png

Now let's check what we can find inside the main function: pdf @main
2.png

We can see a call to sym.vuln and to sym.gfl. In order to see what lies in sym.vuln we use pdf @sym.vuln.
3.png

Let's set a breapoint at that call db 0x5643a570f25a and then run the application with dc. Next let's insert a random username and then use pdf to see where we currently are in the code.

sym.imp.strcmp seems to check rsi and rdi so let's take a look at these two registers with px @<NAME>: 4.png
In the rdi register we can see tester (the username I entered while debugging) and in the rsi register AGB6js5d9dkG7.

When using this string as an username we can now login and retrieve the flag:
5.png

Tags:

radare2, tryhackme, reversing, crackme, reverse engineering