ARM Crackme - Starting with EOR
@Wunkolo and I have decided that there aren’t enough ARM crackmes on the forum and that we should add a few for people that are interested in learning how the architecture works and for those that just want to show their skills
We will start very easy with some challenges that don’t require any kind of setup or reading up specific processor manuals but that will change when the challenges get harder.
A binary is still provided in case static analysis is not your thing, anyways let’s start:
Rules and Goals
In this challenge the goal is to decrypt the password in ever way you want.
Post it in spoiler tags under the challenge so we can see who solved it!
Challenge
I’ve written myself this tool to encrypt all my passwords a few month ago but apparently I forgot to implement a decryption function.
I can’t find the source either so I’m left with this useless encrypted password. Maybe you can help me decrypt it?
Encrypted Password
1D 0E 11 27 0F 6D 11 0C 10 6F 03 6F 6C 0E 21
Dump of the relevant assembly
0845C main STMFD SP!, {R11,LR}
08460 ADD R11, SP, #4
08464 SUB SP, SP, #8
08468 LDR R3, =var_856C ; "%s"
0846C MOV R0, R3
08470 LDR R1, =input
08474 BL __isoc99_scanf
08478 MOV R3, #0
0847C STR R3, [R11,#-8]
08480 B loc_84B8
08484 loc_8484 LDR R2, =var_8570 ; "%02X "
08488 LDR R1, =input
0848C LDR R3, [R11,#-8]
08490 ADD R3, R1, R3
08494 LDRB R3, [R3]
08498 EOR R3, R3, #0x5C
0849C AND R3, R3, #0xFF
084A0 MOV R0, R2
084A4 MOV R1, R3
084A8 BL printf
084AC LDR R3, [R11,#-8]
084B0 ADD R3, R3, #1
084B4 STR R3, [R11,#-8]
084B8 loc_84B8 LDR R3, [R11,#-8]
084BC CMP R3, #0xE
084C0 BLS loc_8484
084C4 LDR R0, =var_8578 ; ""
084C8 BL puts
084CC SUB SP, R11, #4
084D0 LDMFD SP!, {R11,LR}
084D4 BX LR
(Optional) Binary in base64 format
Extract with:
cat base64below.txt | base64 -d | gunzip > binary.elf
File type:
ELF 32-bit LSB executable, ARM, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.26, not stripped
Base64 encoded gzip archive:
H4sIAErs31oAA5VYb2xUxxGfvT/mABvO2IR/Frk0jmIafD7A5U+qNDbG2KbmT8BtaIXyePaduUvO
d6e7d5FpQImxo0atKahFKorS+j6gqGpRRSU+UJVWKa1S1E9ItFL67c7uJUAS1ahKpKYV15mdfe/t
vZAPeae53Xnz29mZ2Z3dfftq//BeIQTYjw86gLhL0wDdWLaH6B0EuyECIZQ9Cm0kz50KApx6nQkh
kgKKGoDbdr/GJBUiBZXcTzLku6eYWoAp4EL5eY3pjSBTUL0jOb8Tkjbjix7B/ZIc7YULQSIhaRH5
RWWXbeMg4genmPYAky17rmrF4SGP3b4rnRrtSsc706lMcTJayEa38fuwsn3gwLdULLnNetWuVflO
8vd/YP23+tMfnf5u5clnn1n/7FPFz0o3SbZEYahd0NO/HZeA0u1XpVDYcNL3mE8bg/Arb5062/3g
3rWnXlp9+uPmlV0HnvnU65PQ6hGkTUjJaeZXKdtnNZ7G9ZjGR5EuavzXkSyNB8M4MZHNGAXLzFuG
ARi6MQrZdhSkCtmxXbuMwpiZGYdc0SqAOZrNW5DLpzLWOAIIrFpOmKkMDAwP7e4ztkZ3OLVuUJH2
I9FPIIXVWNCzJpVqokjtV+9aJe+D55X8Fw0CVmMQzmP5CAbuApUYxItUYhDfohLlJSox4JeoxGCH
ezrvPgnwYbjn93c21roqgXJnNVCeq64onyuHFv9Q3UwxePfcfOivs/Ob/329atfbtXqbVm/V6o1a
PUD1K6UFKJcWAuGf/bMpUqoEItgXdFbD78xVA+90VhthrtoYm6veqdU+XES6M4NjhPQRUhu+b4vM
Vf2xc2Vf5CcfABxeINvLtdoG2/YLZzDPKT6IhcjtKmFEpOSHyJ+CJL+KPrdjHyFsB7HzKD+ygKFY
1kp4rK8sl5pbal3NIaXvfFDNqsHOu4ErZ+dDt/bPJxHrh1IlHp6r/hlthFhpIRRbjrbDvRG0bxjf
h2Ib0M6pMsRuV4/FHp+vxfzzPmzjD5cqv8I2JBex6XlqR/UV2Pe/arU316Jtb6M8cOub8zDINqRx
XbqGduewnESid4sDnXePluaqRw+h3cdLFZErVXyvlSo/xLaDaF/w0ItlilP/c1cqy0rT5aXoI/SU
FhrQhiVoQ4hi/8c3P0B/K22oT/TMzAdhpPJprfb04oCaB7VaLYSUnuI5YseY5uUTBYAnYluPRtTc
63hQe9XOvw4cq8YZNydprmJsYCfOoybKOfRhHfCat0HluMxN5NvAXbtmsd9PHtSy16d4TTh+hteC
xSlyBsBEWq70r1Z90zoy0yDkWhIDXqeaKXeQQtNch2nOZ1rnW1T5oFbL3kL96G6WbMa5l71xBr70
cyHorkKD0w8n/Rno63s60rEnMZoyM5Hu6Pbots4t3Zu45hV2R3d0bt3EFeil1c1MmKMpEI8C7Woj
0OALiaViVaBVrBZr/GvFOrHehxtKtHBywjJHsbTyXCbtGi5OiXwOopmslYj27h7qtMwTijuRKUZH
iyncG1JxkFzSLCQhGj+ZQX1cWnmWvJzIF1LZTB1joCyfSBOOK7m0RR2m8N9KTOL/ODIoysZNy4Ro
7+H90cRkKj4J0UTSGM+bEwmGG2Y+b55kuF1/cSwvLTAnUmPYaxa1sZbRQgGiY9mJiUTGYp2mZeVT
o0UrUfgy40jzkkaS5pHc2wXPFfuxR/lx4H2OcHIPFrz32E9AlVs0XBJxScHrlBc3CDzXCUfzf1bw
PG7QcES0x2OuZglH+XFd8H7mxR0AzhHCUd4s0oFH2SLA3eu/De4eTHl23Mf55fX3BeAcIRzlxw2s
rND69Sl6CTinqE55dcvHfuj90vM9pKWqDeUlGRHy+BFSIhtHeRzyu3Fp0nCzSj+9p/Vmp9/dP/U4
f1/DybxE3DEPjujHGo7OkZcQd018Xt9FDUfr27Egr3le3M/BnVdJxCWDvEZ5cW8zLkdLkDybBtm/
FR7cbzR9M4ibCboyHfc71ZbGmM+aD8f9BWmlwtF6PPsFuNuqX8LRHnn+C3DvqZgQjs+wfH5douHI
r4qmj9bvGWzU4dFH9L6Gu4y4yw3c3tvvR0ov4WjPv9rw8DjfV/piiifcLg1nn+E/Y105+/3HiPuq
B0dPs+rTftago8vE53H2mNnP/3CyxFDnRqzvAzcvl3r0bcZF6KDWUD/zeh9at0C2Z9Sgw7OCpMNz
D7MOz9G57vB8el90eM7O42dsnkfzhsPziNxy+KVcmbb5ZbIMOfxyWe50eM6cQYdvkuUlh+csoDxj
fiX74/Cc8accXu76Mj+Yl6d5mQfM88o+6/A8U847PJ8uLjj8I6yvwebXyPKyw6+V5VWHXwf645en
HZ3fIEfIHh+aGQHNX8pcoflDs4z4v3nkSUcelrxtD6A9pK+s4ZdovE+1D8y4csLvdPCNkj/m6F8p
+R6P/LgmX6P5F4D7ta+AG0/8SpH9XfHY16j136Xxtn3tmrwfOL6cn+tkOeucvVphROMF8qS/Q2v/
isbb+kc0OX+X2/pa5H7xhqOvRcqvOvavk+u17i9J0tp4yPh59L/nifcdj/zQ6y7vjSfJZxz5Kvi1
xgvkSe58u2C8r0N9/G/WxasF/gHu/MavQpj3+P8JuPNdoDXy3sEZ/ybZ31GNl/5q/HLB/gWktStg
g+BvGsrcZozfY8KdrxGcD3QPon+bf0O48Q6j/8NYvanxz3vkLwh3vq7CXuIefE7rL4z9nRb1dwVn
Rf23/y+1hTaC9Fvhzt9m31p4V3D+BaQ/Yfi74G/WnPK36un/nnDzm+T3PfL/ePwJ+nj+zCr8Ml+9
PRt99XcbO331dxlDPjefV9H62h6HdhPGzHRau9SAsbxVsIrj49ExMIx9fYeN4aEjI4aBTDxrnEhn
R820Ebey+YJhFicBz9m5dMJKxKNf275tx8NBhntsN/BMnj8J8mhvxIsTEyexicYZ7mlfQSezeWOL
tGXv4d79/Ub/gT3SGLLMrtc1ioOx5zsHevcP9dVL2DtjYPjg7t5h4+DevUf6R4yR3t3D/YZ9NzNW
KEpbIZXJFS2gzwnVjO9wenrcixrDwO8M5x5IMtg3VRPyM4QVGbrA0BUWrUK9Os/tUL2w7tIJFRWy
RtLMxNMJMIYOoiCeyhjFQiKueyK/szggynfHEMd0kBdRxr6XjcOJE6kCfgn2pc1CAT+U6u+zXGt2
8K1WnXmyp/8DjmgtOHsVAAA=
References
As these challenges are meant for learning this section will contain some resources to look into that will help solving this challenge.