Posts: 2017 Location: Scotland Joined: 20.02.08 Rank: God
Posted on 04-07-18 23:55
If we tell you exactly where to look there would be no challenge.
You need to follow the flow of the code to find out where it's comparing the string you entered as the password, against the one it has stored.
Radare2 is pretty good at decompiling most binaries, but it's not a one stop universal cracker that you can just feed any old app into, and out pops the password.
As a beginner you'd be better off switching to visual mode. That way you don't
remember too many commands or keep the program state in your mind. This will open it with a hexdump view of the loaded app, then you can see the output in the registers as you step through the code.
Pressing p will allow you to cycle through the rest of the visual mode views. Use F7 or s to step into and F8 or S to step over the current instruction. You can set breakpoints with F2 key.
Mastering that lot will allow you to crack most of the apps on HBH, except for ones where r2 would need to download a support package in order to allow it to load and read formats it doesn't already include.
Like I'm not sure if it can decompile swf or ActionScript and from memory, that may be needed for app2.
So your choices are simple, if you can't find the password in the code: either you need to get an update to work with .swf files, or you could always just get a stand alone .swf decompiler.
Hellbound Hackers is the collective work of the staff and the community and is therefore licensed under the CC BY-NC-SA license.