notes (1012B)
1Open the binary in your favorite reverse engineering tool, using R2 here since its free. 2 3R2: 4 5aaa: **a**nalyze **a**ll functions & symbols (**a**hh!) 6s main: **s**eek to main function 7pdf: **p**rint **d**isassembly of current **f**unction 8 9we see the function calls initialize_flag, then puts 10 11then `read`s is called with arguments `read(0: rdi, buf: rsi, 0x1f: rdx)` 12 13In the x86_64 caling convetion the arguments are stored first in the 14registers `rdi`, `rsi`, `rdx`, `rcx` then `r8` to `r15` and any 15further arguments on the stack. Such a calling convention is defined 16to allow interoperability between e.g. dynamically loaded libraries. 17Theoretically, the binary could choose to call internal functions differently, 18and some do (e.g. via stack variables directly). 19 20If a strcmp on the result from `read` yields 0 (meaning they are the same) 21the program outputs "Thats the right password!" else "Thats not the password!". 22 23We can inspect the arguments to strcmp to find that the password is `m4gic_passw0rd`.