Solucion - Linux - cyrex's Linux CrackMe

http://www.crackmes.de/users/cyrex/linux_crackme/

$ wget http://www.crackmes.de/users/cyrex/linux_crackme/download
--2011-01-04 17:28:23--  http://www.crackmes.de/users/cyrex/linux_crackme/download
Resolviendo www.crackmes.de... 88.198.55.82
Conectando a www.crackmes.de|88.198.55.82|:80... conectado.
Petición HTTP enviada, esperando respuesta... 200 OK
Longitud: 5497 (5,4K) [application/tgz]
Guardando en: «download»

100%[============================================================================================================>] 5.497       --.-K/s   en 0,1s

2011-01-04 17:28:26 (48,0 KB/s) - «download» guardado [5497/5497]

$ file crackme_01.tgz
crackme_01.tgz: gzip compressed data, from Unix, last modified: Mon Feb 21 20:39:58 2005
$ mv download crackme_01.tgz
$ tar xvzf crackme_01.tgz
crackme_01/
crackme_01/crackme

$ ./crackme
-[ Linux CrackMe (Level:2) by cyrex ]-
-[ TODO: You have to get the valid Password ]-
Enter Password: 1234
-[ Ohhhh, your skills are bad try again later ]-
$
$ strings crackme
/lib/ld-linux.so.2
libc.so.6
printf
__deregister_frame_info
strcmp
scanf
_IO_stdin_used
__libc_start_main
__register_frame_info
__gmon_start__
GLIBC_2.0
PTRhP
QVhP
[^_]
-[ Linux CrackMe (Level:2) by cyrex ]-
-[ TODO: You have to get the valid Password ]-
Enter Password:
47ghf6fh37fbgbgj
-[ Good, You're ready to begin linux reversing ]-
-[ Ohhhh, your skills are bad try again later ]-
$

$ ./crackme
-[ Linux CrackMe (Level:2) by cyrex ]-
-[ TODO: You have to get the valid Password ]-
Enter Password: 47ghf6fh37fbgbgj
-[ Good, You're ready to begin linux reversing ]-

Veamoslo con el GDB, pero vamos es bastante sencillo de entender:

$ gdb ./crackme
GNU gdb (GDB) 7.2-ubuntu
Copyright (C) 2010 Free Software Foundation, Inc.
License GPLv3+: GNU GPL version 3 or later 
This is free software: you are free to change and redistribute it.
There is NO WARRANTY, to the extent permitted by law.  Type "show copying"
and "show warranty" for details.
This GDB was configured as "i686-linux-gnu".
Leyendo símbolos desde /home/uknow/Escritorio/kk/pruebas/crackme_01/crackme...hecho.
(gdb) disass main
Dump of assembler code for function main:
0x08048450 <+0>: push   %ebp
0x08048451 <+1>: mov    %esp,%ebp
0x08048453 <+3>: sub    $0x28,%esp
0x08048456 <+6>: add    $0xfffffff4,%esp
0x08048459 <+9>: push   $0x8048620
0x0804845e <+14>: call   0x804835c 
0x08048463 <+19>: add    $0x10,%esp
0x08048466 <+22>: add    $0xfffffff4,%esp
0x08048469 <+25>: push   $0x8048660
0x0804846e <+30>: call   0x804835c 
0x08048473 <+35>: add    $0x10,%esp
0x08048476 <+38>: add    $0xfffffff4,%esp
0x08048479 <+41>: push   $0x8048690
0x0804847e <+46>: call   0x804835c 
0x08048483 <+51>: add    $0x10,%esp
0x08048486 <+54>: add    $0xfffffff8,%esp
0x08048489 <+57>: lea    -0x20(%ebp),%eax
0x0804848c <+60>: push   %eax
0x0804848d <+61>: push   $0x80486a1
0x08048492 <+66>: call   0x804832c 
0x08048497 <+71>: add    $0x10,%esp
0x0804849a <+74>: add    $0xfffffff8,%esp
0x0804849d <+77>: push   $0x80486a4
0x080484a2 <+82>: lea    -0x20(%ebp),%eax
0x080484a5 <+85>: push   %eax
0x080484a6 <+86>: call   0x804831c 
0x080484ab <+91>: add    $0x10,%esp
0x080484ae <+94>: mov    %eax,%eax
0x080484b0 <+96>: test   %eax,%eax
0x080484b2 <+98>: jne    0x80484c6 
0x080484b4 <+100>: add    $0xfffffff4,%esp
0x080484b7 <+103>: push   $0x80486c0
0x080484bc <+108>: call   0x804835c 
0x080484c1 <+113>: add    $0x10,%esp
0x080484c4 <+116>: jmp    0x80484d6 
0x080484c6 <+118>: add    $0xfffffff4,%esp
---Type  to continue, or q  to quit---q
Quit
(gdb) x/s 0x80486a4
0x80486a4:  "47ghf6fh37fbgbgj"
(gdb) r
Starting program: /home/uknow/Escritorio/kk/pruebas/crackme_01/crackme 47ghf6fh37fbgbgj
-[ Linux CrackMe (Level:2) by cyrex ]-
-[ TODO: You have to get the valid Password ]-
Enter Password: 47ghf6fh37fbgbgj
-[ Good, You're ready to begin linux reversing ]-

Program exited normally.
(gdb) x/s 0x80486c0
0x80486c0:  "-[ Good, You're ready to begin linux reversing ]-\n"
(gdb) q