Basically the title. Is there a reason make all doesn't work, and make seems to actually trigger make clean?

My naive impression was that make with no arguments should build everything.

Hi there!

I've had a lot of fun cracking your CrackMe. Thanks for that!

In your makefile, you are using no optimization -O1. While this create a more straight forward disassembled code, it is also less challenging than the -O3. More over, the latter is more representative of the real life, I suppose.

I would suggest that you create a configuration script which choose between "easy" (-O1), "medium" (-O2) or "hard" (-O3) level!

Hi Leo,
Nice work on the tutorial!

You mentioned the incremental nature of the crackme02 password (first letter alone works, first 2 letters, first 3 letters). Its also interesting that an empty password works for the same reason.
./crackme02.64 ""
Yes, is correct!
regards
Bradain

Thanks for your tutorial. :)

So, if there’s a zero at argv[1][1], we jump to 0x761. Where is that? It’s the block we just reversed above; it prints the success string and exits with the return code of 0. Our pseudocode looks like this:

int main(int argc, char** argv){
   if (argc != 2) {
       puts("Need exactly one argument.");
       return -1;
   }

   if (argv[1][0] == 0 || argv[1][1] == 0) {
       printf("Yes, %s is correct.", argv[1]);
       return 0;
   }

   if (argv[1][0] != 'o') {
       printf("No, %s is not correct.", argv[1]);
       return 1;
   }

   // Magic happens here
}

This pseudocode (and the one below it) suggests that any single-character password will work: If you pass a one character to the program, it would check whether it's length 0 (which it is not) and then whether it's length 1, which it is and then proceed to print that the password is correct. But this doesn't seem to be the case.

Also, any longer password is also accepted because the program just stops checking after the comparison of the first 9 characters with "o'rrvnqc0" is done. This means that passwords like "o'rrvnqc01" or"o'rrvnqc0abcdefghijklmnopqrstuvwxyz" also work. [I had to replace ` by ' in the code fragments because I don't know how to escape ` in code fragments.]

First of all, thank you for making the article.

I'm running Linux debian 3.16.0-5-amd64 #1 SMP Debian 3.16.51-3+deb8u1 (2018-01-08) x86_64 GNU/Linux

Here is the error. What am I missing?

root@debian:/usr/local/src/crackmes# make
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme07.c -o crackme07.64
objcopy -N FILE crackme07.64
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme01e.c -o crackme01e.64
objcopy -N FILE crackme01e.64
gcc -O1 -fno-stack-protector -lcrypt -m64 crackme05e.c -o crackme05e.64
crackme05e.c: In function ‘check_with_mod’:
crackme05e.c:17:5: error: ‘for’ loop initial declarations are only allowed in C99 or C11 mode
     for (int i = 0; i < n; i++) {
     ^
crackme05e.c:17:5: note: use option -std=c99, -std=gnu99, -std=c11 or -std=gnu11 to compile your code
Makefile:14: recipe for target 'crackme05e.64' failed
make: *** [crackme05e.64] Error 1

Hello NoraCodes , I think there is a problem with Crackme05 , i read your writeup and i solve it also , your solution was

EEBD,,,,2222QQOO,

i compile that c code in ARMV8 (64bit) ,and it does not work ,

BTW My answer is

AABAAAAAAAAAAQAA

and here is how i solve it

def find_mod(input,n, mod):
    z = [ord(c) for c in input]
    x = []
    for i in range(len(z)-1):
        for sum in range(n):
           f = z[i]+sum
           if (f % mod == 0):
              print(chr(z[i]) +" <<  Found")
              x.append(chr(f))
    print(x)
    return x

i can't access the tutorial, is it temporary downtime ?

assembly code different in ubuntu installed in virtualbox

First of all let me saying I'm enjoying this tutorial series just AF so thanks a lot!

I don't know if this is an issue or not (in case i hope you will accept my aplogize), but i will leave it here for you to check.

The thing is this, looking at control flow graph generated with radare2, I noticed that immediately after the check for the correct number of arguments, there was a "shortcut" (highlighted in yellow in the picture) to the "is correct" statement.
In fact the flow reaches the "is correct" statement immediately if the the result of test al, al is positive, and since the al register is determined by the user input, if the user input the NUL character ( '' ) the flow will reach "is correct".
Also further analysis made me discover that it will accept not only o'rrvnqc0' but also all of this:
o
o'
o'r
o'rr
o'rrv
o'rrvn
o'rrvnq
o'rrvnqc
o'rrvnqc0
and as said before it will also accept:
''

After i found this, I looked at the code and I think it makes sense; I can't wait to know your opinion about this. Thanks again 😄

On Ubuntu 16.04.03 running make I get the error make: Nothing to be done for 'crackme01.c'.

Running gcc -o <output_file> compiles the file correctly. (as far as I can tell)

I know I am reviving an old github repo, but still it may be useful to someone else.

Crackme n°9 states that:

// Require that the input string pass a state machine matching:
// Qz+327x*n+[l9]+

This is almost true except it should be:

// Require that the input string pass a state machine matching:
// Qz+327x*n{2,}[l9]+

The difference being that there should be at least two 'n' characters.

The blog post says

However, it’s impossible (from the command line) to inject a command line argument whose first byte is zero;

It's possible to do that:

$ ./crackme02.64 ""
Yes,  is correct!

Hi,

there's maybe a typo in tutorial:

if (argv[1][i] != comparison[i] + 1)

if (argv[1][i] != comparison[i] - 1)

Hello, I'm new to Reverse Engineering and thank you from providing the tutorial. I encountered one issue under crackme03.c that as I have installed Radare2 and run r2 ./crackme03.64, I get a prompt like [0x000005d0]>, but when I enter afl, no result is returned. Any possible cause and/or solution to this issue? (Debian 9/Radare2 v3.0.1)