- Prison Code Breaker Diary -

==:: Crackme Info ::==
Difficulty: 1 - Very easy, for newbies
Platform: Unix/linux etc.
Language: C/C++
Refer: click here
Click to Download

Use GDB to disassemble the main function

0x080483c4 <main+0>:    push   %ebp
0x080483c5 <main+1>:    mov    %esp,%ebp
0x080483c7 <main+3>:    sub    $0x18,%esp
0x080483ca <main+6>:    and    $0xfffffff0,%esp
0x080483cd <main+9>:    mov    $0x0,%eax
0x080483d2 <main+14>:    sub    %eax,%esp
0x080483d4 <main+16>:    movl   $0x11e67,-0x4(%ebp)
0x080483db <main+23>:    movl   $0x5b1270,-0x8(%ebp)
0x080483e2 <main+30>:    movl   $0x6,-0x10(%ebp)
0x080483e9 <main+37>:    sub    $0xc,%esp
0x080483ec <main+40>:    push   $0x8048514
0x080483f1 <main+45>:    call   0x80482e4 <printf@plt>
0x080483f6 <main+50>:    add    $0x10,%esp
0x080483f9 <main+53>:    sub    $0x8,%esp
0x080483fc <main+56>:    lea    -0xc(%ebp),%eax
0x080483ff <main+59>:    push   %eax
0x08048400 <main+60>:    push   $0x8048522
0x08048405 <main+65>:    call   0x80482c4 <scanf@plt>
0x0804840a <main+70>:    add    $0x10,%esp
0x0804840d <main+73>:    mov    -0x8(%ebp),%eax
0x08048410 <main+76>:    cmp    -0xc(%ebp),%eax
0x08048413 <main+79>:    jne    0x8048432 <main+110>
0x08048415 <main+81>:    mov    -0x10(%ebp),%edx
0x08048418 <main+84>:    lea    -0x4(%ebp),%eax
0x0804841b <main+87>:    xor    %edx,(%eax)
0x0804841d <main+89>:    sub    $0x8,%esp
0x08048420 <main+92>:    pushl  -0x4(%ebp)
0x08048423 <main+95>:    push   $0x8048525
0x08048428 <main+100>:    call   0x80482e4 <printf@plt>
0x0804842d <main+105>:    add    $0x10,%esp
0x08048430 <main+108>:    jmp    0x8048442 <main+126>
0x08048432 <main+110>:    sub    $0xc,%esp
0x08048435 <main+113>:    push   $0x8048529
0x0804843a <main+118>:    call   0x80482e4 <printf@plt>
0x0804843f <main+123>:    add    $0x10,%esp
0x08048442 <main+126>:    mov    $0x0,%eax
0x08048447 <main+131>:    leave
0x08048448 <main+132>:    ret 

So,
[ebp-4] = 0x11E67
[ebp-8] = 0x5b1270
[ebp-c] is our input key

the comparison check

0x0804840d <main+73>:    mov    -0x8(%ebp),%eax
0x08048410 <main+76>:    cmp    -0xc(%ebp),%eax
0x08048413 <main+79>:    jne    0x8048432 <main+110>

So easy, the real key is hardcoded, and it is at [ebp-8] = 0x5b1270, which is 5968496 in decimal.
If equal, the [ebp-4] is calculated

0x08048415 <main+81>:    mov    -0x10(%ebp),%edx
0x08048418 <main+84>:    lea    -0x4(%ebp),%eax
0x0804841b <main+87>:    xor    %edx,(%eax)

After XOR, the value of eax is 0x11E61, which is 73313 in decimal.
If wrong, the message "wrong" is output.
This is a good easy crackme for newbie.

Have fun!@