16 Oct
ELF Reversing , Beginner
Again it’s me , MrXX
Like what I was to say in this post I going to talk about sample ELF Reversing
I don’t know how many people talk about this later but this tut was some of the strange & maybe new to learn ( I was see many of cracking team just working on the windows , because Linux is free , he but all the OS need some time’s to do some cracking )
All the words you will read is going from author : MrXX ( like pervious post )
Ok let’s started
First think we need some tools
We use these tools for making are way easier
1-Some Program for Crack
2-the GUI Debugger
3-Hex Editor
4-some knowledge about the ASM , Cracking
Ok the first think : Some PJ for Crack
Source Code
Complied Project
Cracked Pj
I was write sample Crack Me for this part
The crack me is open source : he he
#include<stdio.h>
int
main(){
int password=123456;
int inputpass;
printf(“Please Enter a Password to continue > “);
scanf(” %d”,&inputpass);
if ( inputpass == password ){
printf(“\nWelcome u will able to access the Tool\n”);
printf(“\n======================================\n”);
printf(“\nU able Reverse the linux elf file \n”);
printf(“\nKeep Good job \n”);
printf(“\n======================================\n”);
}
else
{
printf(“\nBAD Password\n”);
}
return(0);
}
You will available to see in the code , we got the IF statement that was check to value
First the pass is = 123456 ok
If pass = user input show the good message or if not show the bad message
Ok I compile it before and executed and see the message
Please Enter a Password to continue > 123
I enter a wrong code and see the bad message

Bad Message
Know how can I able to see the Good message
Let’s start some reversing
2 – I need the GUI debugger ( why ? because many time I use the windows debugger like olly or ida and know I addict to use the gui )
Ok it isn’t problem ( but don’t be lazy like me , u must use the command line debugger like : many …. )
I going and get the Zero Debugger from address
http://www.zero-bugs.com
( this is one of the Linux app need to be Cracked | and I release the path for this later )
I startup my Ubuntu Linux ( because I use the Ubuntu version of zero debugger )
And after I install Zero Debugger ( need some pack to be installed ) and run the debugger
From zero debugger I go under File > Execute menu and open my ELF file and I see the disassemble face of the ELF

ZeroDebugger
I scroll done some line and see the CMP ( Compare ) and in the line under I see the JNZ statement , yeah look good ( 4-this is the way u need some knowledge about the ASM , Cracking )
I wrote done the line , 08048406 75 52 jnz 0x804845a
This is cool for the first Crack me , we don’t need to get to the line and see what’s inside , because the crack me is sample
3- know I need to edit the line and change the 75 52 hex to 74 52
Ok I start the hexedit program

HexEditing
And go to the 00000400 line , find the 406 hex code ( remember the 08048406 ) and change the 75 to 74
I save the file into crackme cracked and executed again
I enter a wrong code again and see , yeah the good message

Good Message
We able to Reverse the ELF file
This is it , all routine was sample
But don’t be happy , because when the code getting bigger you will got the bad problem ( why ? because there is no olly or ida or sample code to reverse )
And u must do with command line and many line of code
In the next step we going to crack be bigger crack me : called CrackMe2 using Function
Good luck