Reversing: Basic Crackme

• Category: Reverse Engineering
• Difficulty: Medium
• Goal: Recover the flag validated by a small native binary.

Scenario

You received a small Linux binary named crackme. It requests an input and prints Access denied unless the correct flag is provided.

Task

• Use strings, ltrace, or a disassembler (Ghidra, IDA, radare2, Binary Ninja) to analyze logic.
• Identify the flag format and reconstruct required transformations.

Hints

• Look for suspicious functions like strcmp, strncmp, or custom XOR loops.
• Sometimes the flag is built character-by-character in a loop.
• Check for environment checks or simple obfuscation (ROT/XOR/additive).

Expected approach

• Disassemble main, locate the comparison routine, and invert it.
• Optionally patch the binary to print the expected string.

Solution (expand to view)

Show solution

• In Ghidra, open main and find a loop performing buf[i] ^ 0x37 before comparing to a constant array.
• Invert: flag[i] = enc[i] ^ 0x37 across all bytes.
• Result reveals: flag{xor_moves_plain_sight}.