So, its a dynamically linked, stripped, 64bit Linux executable - nothing fancy here. Let’s try to run it:

    2. ?
    3. Size of data: 2623
    4. pamparam
    5. Wrong!
    7. Size of data: 1

    OK, so it reads a number as a size from the standard input first, than reads further, probably “size” bytes/characters, processes this input, and outputs either “Wrong!”, nothing or something else, presumably our flag. But do not waste any more time monkeyfuzzing the executable, let’s fire up r2, because in asm we trust!

    It is a good practice to create a project, so we can save our progress, and we can come back at a later time:

    1. [0x00400720]> Ps avatao_reverse4
    2. avatao_reverse4
    3. [0x00400720]>

    We can list all the strings r2 found:

    OK, the strings looks interesting, especially the one at 0x00400f92. It seems to hint that this crackme is based on a virtual machine. Keep that in mind!

    These strings could be a good starting point if we were talking about a real-life application with many-many features. But we are talking about a crackme, and they tend to be small and simple, and focused around the problem to be solved. So I usually just take a look at the entry point(s) and see if I can figure out something from there. Nevertheless, I’ll show you how to find where these strings are used:

    2. d 0x400d1d mov esi, str.Such_VM__MuCH_reV3rse_
    3. d 0x400d4d mov edi, str.Use_everything_
    4. d 0x400d85 mov edi, str.flag.txt
    5. d 0x400db4 mov edi, str.You_won__The_flag_is:__s_n