22.2 IOLIs crackme tutorial

Crackme solution

This aims to be a practical example to learn basic radare usage through following the steps to solve a few simple crackmes. No previous knowledge of radare is assumed, so you can use this guide as a manual to learn how to use the disassembler, make code flow graphs (IDA like), and learn using the debugger.

Let's start by setting up some reasonable defaults on our ~./radarerc file, we will assume the user has them set for the rest of the tutorial:

 eval scr.color = 1
 eval file.id = true
 eval file.flag = true
 eval dbg.bep = entry
 eval dbg.bt = false
 eval graph.depth = 7
 eval graph.callblocks = false

Here we've set the file.identify variable to true, this way when whe open a binary file (PE or ELF executable), radare will detect the virtual address (io.vaddr), physical address (io.paddr) and visually rebase the disassembly. We've also set file.flag to true, so radare will also flag the strings and symbols found inside the binary to make the disassembly more readable, and change the seek to the file entry point. We've set it as default because it will save us typing some commands, however if you use the defaults (file.identify and file.flag set to false) you can still do such things manually (see !rsc and rabin commands).

IOLI Crackme

It consists of 10 levels (from 0 to 9), each level is a bit more difficult than the previous. Level 0 is a piece of cake :) We will use radare to solve all the 10 levels. This crackme contains 3 directories: bin-linux, bin-win32 and bin-pocketPC. The first two are intel x86 binaries, the last one is ARM.

Examples here are done using the Linux version of the crackme, and everything is done using the linux version of radare, however if you prefer to do the windows version the examples will be the same, and you can do it either in linux or windows. Some parts of the output might differ when you reproduce them, because radare is constantly evolving, this tutorial has been done using radare PVC version 0.9.2. The ARM disassembler is broken at the moment of writing this, so better take one of the intel versions.

Download:

http://pof.eslack.org/tmp/IOLI-crackme.tar.gz