Home > Uncategorized > GDB Crackme

GDB Crackme

May 24, 2009

I wrote a really simple crackme (a la crackmes.de) for a team presentation I gave on software piracy. I’m usually interested in the low-level details of any computer topic and piracy is no exception. My portion of the presentation is focused on ‘real-world’ demos of cracking applications to divert program execution in an effort to illustrate how a software pirate may attempt to bypass copyright controls. It was a good excuse to learn some more about GDB – something I’d been meaning to do for a while.

The code is written in C and tested on Windows XP and OS 10.5.7. There’s really no input validation, so don’t be suprised if it breaks with fringe cases.

Get the Code

Stop reading here if you wish to figure out for yourself how to use GDB to make it print “you entered the correct serial number!” without actually entering the correct serial number. If you want to know how I did it, keep reading.

—–

1. Because this demo was just supposed to illustrate the ideas behind altering program flow, I built the crackme with debugging symbols (plus I’m not good enough with gdb to do it without the symbols…please comment if you know of any good tuts):

gcc -g crackme.c -o crackme

2. Then I ran the program and found its PID (two Terminal windows):

./crackme
ps

3. Next, I launched gdb and attached to the process:

gdb attach (PID of crackme)

4. If I wasn’t familiar with my code, I would probably run bt (backtrace) to see where I am frame-wise:

bt

5. Then I listed the variables in the scope of ‘main’ (because the other frames look pretty internal and uninteresting):

info scope main

6. I explained if I were a cracker, I’d probably jump at the chance to modify a variable named ‘correctSerialEntered‘. Because crackme was built with symbols, GDB knows its a signed int and will set it correctly if instructed:

ptype main::correctSerialEntered

7. Finally, I set ‘correctSerialEntered‘ to 1:

set main::correctSerialEntered=1

8. …and detached from the process:

detach

Back at my crackme Terminal window, I can enter almost anything I like into both the username prompt and the serial prompt and get the “you entered the correct serial number!” response.

About these ads
Tags: , , ,
Follow

Get every new post delivered to your Inbox.

%d bloggers like this: