Crackmes.one license-checker solution

Solution 1

First get a feel for the program.

$ ./license_checker_1 
Usage : ./license_checker_1 <license key here>
./license_checker_1 12345
12345 is not a valid license key.

Open it up in binary-ninja and go to the main function:

Notice the key is visible, so strings would have worked here too.

if (!strcmp(arg2[1], "KS-LICENSE-KEY-2021-REV-1", "KS-LICENSE-KEY-2021-REV-1"))
{
  puts("
    Congratulations ! You have successfully registered your premium service.");
  exit(0);
}

Immediately the keys are visible. Trying it:

$ ./license_checker_1 KS-LICENSE-KEY-2021-REV-1
Congratulations ! You have successfully registered your premium service.

Looking at the program, what it does is verify the right number of inputs are present, and test the inputs against a known string.

Solution 2

The fastest solution would have been to use strings:

$ strings license_checker_1 | grep -v '\.' | grep -v '_'
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
exit
puts
printf
strcmp
u3UH
Usage : %s <license key here>
KS-LICENSE-KEY-2021-REV-1
;*3$"
main

Here it’s easy to guess which of these results is the key.

Notes

Author: NomanProdhan
Challenge Link: https://crackmes.one/crackme/619eda7b33c5d455dece628d
Description:
This is a simple license checker made with C. This is for complete beginners.

I’m new to “crackmes” this so the challenge description feels appropriate to try.

I used binary-ninja-free. It feels much cleaner than IDA-free or ghidra which I’ve used for CTF’s in the past. Very much overkill for this challenge though.