you're reading...
Business Security, Computer Networking

Can You Crack It? (part 1) #Solution

Fire up your compiler ;) If you run into problems do let me know ....

// Cliffsull, twitter: @cliffsull
// Compiler solution to part #1 of http://www.canyoucrackit.co.uk/ via @badeip

#include <stdio.h>
#include <stdint.h>
#include <malloc.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <time.h>
#include <sys/types.h>
#include <sys/mman.h>
#include <sys/utsname.h>

static char part1[] = {
    0xeb, 0x04, 0xaf, 0xc2, 0xbf, 0xa3, 0x81, 0xec,   0x00, 0x01, 0x00, 0x00, 0x31, 0xc9, 0x88, 0x0c,
    0x0c, 0xfe, 0xc1, 0x75, 0xf9, 0x31, 0xc0, 0xba,   0xef, 0xbe, 0xad, 0xde, 0x02, 0x04, 0x0c, 0x00,
    0xd0, 0xc1, 0xca, 0x08, 0x8a, 0x1c, 0x0c, 0x8a,   0x3c, 0x04, 0x88, 0x1c, 0x04, 0x88, 0x3c, 0x0c,
    0xfe, 0xc1, 0x75, 0xe8, 0xe9, 0x5c, 0x00, 0x00,   0x00, 0x89, 0xe3, 0x81, 0xc3, 0x04, 0x00, 0x00,
    0x00, 0x5c, 0x58, 0x3d, 0x41, 0x41, 0x41, 0x41,   0x75, 0x43, 0x58, 0x3d, 0x42, 0x42, 0x42, 0x42,
    0x75, 0x3b, 0x5a, 0x89, 0xd1, 0x89, 0xe6, 0x89,   0xdf, 0x29, 0xcf, 0xf3, 0xa4, 0x89, 0xde, 0x89,
    0xd1, 0x89, 0xdf, 0x29, 0xcf, 0x31, 0xc0, 0x31,   0xdb, 0x31, 0xd2, 0xfe, 0xc0, 0x02, 0x1c, 0x06,
    0x8a, 0x14, 0x06, 0x8a, 0x34, 0x1e, 0x88, 0x34,   0x06, 0x88, 0x14, 0x1e, 0x00, 0xf2, 0x30, 0xf6,
    0x8a, 0x1c, 0x16, 0x8a, 0x17, 0x30, 0xda, 0x88,   0x17, 0x47, 0x49, 0x75, 0xde, 0x31, 0xdb, 0x89,
    0xd8, 0xfe, 0xc0, 0xcd, 0x80, 0x90, 0x90, 0xe8,   0x9d, 0xff, 0xff, 0xff, 0x41, 0x41, 0x41, 0x41,

// code to dump the decrypted memory:
static const char dump_mem[] = {
    0xba, 0x31, 0x00, 0x00, 0x00,   // mov    edx, 0x40
    0x8d, 0x4f, 0xce,               // lea    ecx, [edi-0x32]
    0x31, 0xdb,                     // xor    ebx, ebx
    0x43,                           // inc    ebx (stdout)
    0x31, 0xc0,                     // xor    eax, eax
    0xb0, 0x04,                     // add    al, 0x4           - sys_write
    0xcd, 0x80,                     // int    0x80
    0x31, 0xdb,                     // xor    ebx,ebx
    0x43,                           // inc    ebx
    0x31, 0xd2,                     // xor    edx,edx
    0x42,                           // inc    edx
    0x68, 0x0a, 0x00,0x00, 0x00,    // push   0xa
    0x8d, 0x0c, 0x24,               // lea    ecx,[esp]
    0xb8, 0x04, 0x00,0x00, 0x00,    // mov    eax, 0x4
    0xcd, 0x80,                     // int    0x80              - sys_write
    0x31, 0xdb,                     // xor    ebx,ebx
    0x31, 0xc0,                     // xor    eax,eax
    0x40,                           // inc    eax
    0xcd, 0x80,                     // int    0x80              - sys_exit

uint32_t patch_mem(char *ptr, size_t size)
    uint32_t i;

    for (i = 0; i < size; i++) {
        if (*(uint16_t *)&ptr[i] == 0x80cd) {
            *(uint16_t *)&ptr[i] = 0x45eb;
            return 0;
    return 1;

uint32_t check_arch(void)
    struct utsname kernel_info;

    return strcmp(kernel_info.machine, "i686") ? 1 : 0;

int main(int argc, char **argv)
    void *mem;

    if (check_arch()) {
        printf("[-] this program must run on a 32-bit architecture\n");
        return 1;

    printf("[*] allocating page aligned memory\n");
    mem = memalign(4096, 4096);
    if (!mem) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;
    memset(mem, 0, 4096);

    printf("[*] setting page permissions\n");
    if (mprotect(mem, 4096, PROT_READ | PROT_WRITE | PROT_EXEC)) {
        printf("[-] error: %s\n", strerror(errno));
        return 1;

    printf("[*] copying payload\n");

    memcpy(mem, part1, sizeof(part1));
    memcpy(mem + sizeof(part1), part2, sizeof(part2));
    memcpy(mem + sizeof(part1) + sizeof(part2), dump_mem, sizeof(dump_mem));

    printf("[*] adding dump_mem payload\n");
    if (patch_mem(mem, sizeof(part1))) {
        printf("[-] failed to patch memory\n");
        return 0;

    printf("[*] executing payload..\n\n");


    return 0;

can you crack it - yes we can ;)

LOL – Check out – http://twitter.com/badeip  (he wrote this – NOT ME ) …check his paste bin – http://pastebin.com/uERE2WfF

About these ads

About cliffsull

More on twitter - http://twitter.com/cliffsull


58 thoughts on “Can You Crack It? (part 1) #Solution

  1. Slightly different method for part 1 to some of the posts seen: http://www.youtube.com/watch?v=e1uIpBI9u6g

    Posted by Matt Bartlett | December 13, 2011, 10:17 am
  2. cant this be performed by without the help of coding ?

    Posted by talun | December 11, 2011, 12:35 pm
  3. Solution: #cyber_security

    Posted by infernalhack | December 7, 2011, 8:13 pm
  4. easy one Password is Pr0t3ct!************* :) its how it starts… 04/12/2011

    Posted by ImRocker | December 4, 2011, 11:28 pm
  5. If you are asking for clues or the answer, you Do NOT have what it takes for what they are looking for or to man handle the best of the best in the world, although, the best of the best, have been man handled for a while now, and.

    It amazes me how Clueless the vast majority are in the world, and not to seem heartless, but even my own mom looked at and saw the answers to this, and said it’s just some game he’s playing. Sheer stupidity how the world really works that even some of the smartest phD’s and all those degrees and suits have NO CLUE! I’m beginning to understand why many things are kept under wraps, As my ideals and beliefs are always within reason and on a realist level.

    Without accountability on all levels, abuse will always be there, even those who have 4 stars on their shoulders… Or the president of any country in the world…

    The one who steps up to set the better example, is the smartest of the bunch in the world.. But not one country has done that yet, which shows the sheer stupidity of them all…

    Enjoy the game

    Posted by Zicon | December 4, 2011, 9:27 pm
    • Actually no, as Kevin Mitnick and others have repeatedly proven, hacking is more about social engineering and research skills than technological attacks, and looking up the answer should be step number one for all hack attempts. The good hacker doesn’t waste their time on things that are already broken. I’m sure GCHQ wouldn’t want you to be off writing programs when you could just look up the answer. Time is critical in the spy business – don’t waste it.

      Posted by Jasmine Adamson | December 5, 2011, 4:51 pm
  6. Copy the png file, import it to linux gimp graphics package, alter intensity and contrast even colour, divide picture into two halves and mask one, whats with all the programming in aid of. Probably done on an old commodore64 using a green crt monitor using CPM.

    Then visit – M15-M16_royal_arch_freemasonary.html

    Was it all worth it.

    Posted by Christafari | December 4, 2011, 9:10 pm
  7. Damn. I was thinking this was Letter swapping (I don’t know the technical term) ex: 3bb = a

    Now that I see it’s computer code, I’m out of the race. Boo :[ I love stuff like this.

    Posted by Open_eyes | December 4, 2011, 7:25 pm
  8. Well done :)

    Posted by tj | December 4, 2011, 2:57 pm
  9. password is:
    Correct – #cyber_security

    Posted by ckan9013 | December 4, 2011, 12:36 pm
  10. The code doesn’t make much sense to me. It seems as if all the patch_mem function is doing is replacing 0x80cd (int 0x80) with 0x45eb (don’t know what function that is, but if I remember correctly eb is jmp or something). I don’t understand how patching the int 0x80 would do anything. I have a weird feeling that this is impossible to crack. My compiler does not have some of those include files. Would you mind sharing what you compiled this with?

    Posted by Paul | December 4, 2011, 9:18 am
  11. How did you figure it out? Everything I’ve tried hasn’t worked…..

    Posted by Josh | December 4, 2011, 6:52 am
  12. #Cyber_security

    Posted by loic | December 4, 2011, 6:50 am
  13. P.S. on the website they have written “The challenge continues”. Maybe indicating that its more than the password many people have cracked or just copied and pasted.

    Posted by Grant | December 4, 2011, 4:10 am
  14. If everyone seems to get it or find it on the internet (as i did) and there are only 35 available job positions dont you think its not that easy? Maybe the REAL job offers are after you crack the website itself rather than the code or something like that. Just my opinion.

    Posted by Grant | December 4, 2011, 4:03 am
  15. crappy! you gotta be a goddamn limey to get a job witrh them saps! hehehe! im american!

    Posted by Jumpman Lane (@JumpmanLane) | December 4, 2011, 1:40 am
  16. *Original Comment removed :)

    Correct Answer !!
    ( Click Home – see my latest blogpost explaining why I don’t publish the actual answer) – very well done ! #cybersecurity

    Posted by Ledion Shahinas | December 3, 2011, 4:17 pm
  17. is that a single word that we are left with to crack ?

    Posted by deepak | December 3, 2011, 12:49 pm
  18. Cryptography, and other junks. went through bunch of processes. and got this as my answer:

    (REMOVED) – But you are right – which you knew becuase you would have checked it at the website ;) WELL DONE ShiftyB

    Posted by ShiftBy3 | December 3, 2011, 5:27 am
  19. (REMOVED) – BUT YES!! Well done izzy!

    Posted by izzy | December 2, 2011, 9:31 pm
  20. I have it compiled but how do I execute the results, I have never done anything with c++ just java?

    Posted by daswahnsinn | December 2, 2011, 6:07 pm
  21. Linux gcc doesn’t eat it, mussing part2.h, so this is no solution without part2.h.
    Greedy bastard wants job for himself, no scriptkiddies allowed

    Posted by Scriptkiddy | December 2, 2011, 8:57 am
  22. all ihave so far is Just bingo and x=AAAA and x=BBBB

    Posted by eddy | December 2, 2011, 1:06 am
  23. Keyword: $$$$$$$$$$$$$$$$$$$$$$$$$$$$ ( Answer Removed )
    WELL DONE Warren – that was correctimundo ;)

    Posted by Warren | December 2, 2011, 12:20 am
  24. can you solve it without computers?

    Posted by gomesy2010 | December 2, 2011, 12:01 am
  25. I thought this looked familiar!

    I found an old 6507 assembler (well, 6502 actually) and modded it a bit (remember: 6502 is an 8-bit machine; this is obviously 16-bit code…) before running it, and this is what I got:

    Can You Crack It Solution


    Posted by Graham Strong | December 1, 2011, 10:09 pm
    • Excellent :) the easy option is to check the site with websucker/pyton and go to the page entitled ‘ So you did it’ – NO PASSWORD required – lol

      Posted by cliffsull | December 1, 2011, 10:20 pm
  26. Well it was a bit easy a bit hard http://www.canyoucrackit.co.uk/soyoudidit.asp here is the solution.

    Posted by Jersey Island (@jerseyisland) | December 1, 2011, 5:44 pm
  27. Try this link http://www.canyoucrackit.co.uk/soyoudidit.asp and yes it was easy.

    Posted by Jerzzy | December 1, 2011, 5:43 pm
  28. How does it work ???I speake only alitittle bit englisch

    Posted by pascal | December 1, 2011, 5:27 pm
  29. Oh my brain! Don’t have a clue how this coding thing works but I don’t know how to crack it just using my noggin either lol!

    Posted by DunDeagh | December 1, 2011, 4:55 pm
  30. So easy ! Lol
    Thanks for sharing!
    Best Regards

    Posted by Loic Helias | December 1, 2011, 4:53 pm
  31. as usual the bofins are overly complicating things. This can be solved on a peice of paper or in your head. NUMPTY

    Posted by Tango | December 1, 2011, 3:54 pm
  32. What did you use to compile?

    Posted by Rob | December 1, 2011, 3:51 pm
  33. i get this error:

    prog.c: In function ‘main’:
    prog.c:99: error: ‘part2’ undeclared (first use in this function)
    prog.c:99: error: (Each undeclared identifier is reported only once
    prog.c:99: error: for each function it appears in.)

    any help please?

    Posted by Ryan | December 1, 2011, 3:50 pm
    • Solution to part2 of hxxp://www.canyoucrackit.co.uk: pastebin.com/pJmZYbMy This is the missing pice from level1 (pastebin.com/cqzbkw4H)

      Posted by cliffsull | December 1, 2011, 3:55 pm
  34. can you explain the code to dump the decrypted memory please?

    Posted by James Attard | December 1, 2011, 3:36 pm
  35. you are all a bunch of faggots

    Posted by the faggot finder | December 1, 2011, 2:54 pm
    • Cheers for your insight – its very enlightening. and well done on spelling faggots ALL BY YOURSELF!! Woohoo – well done – tomorrow we shall be learning how to spell ASSHOLE!

      Posted by cliffsull | December 1, 2011, 3:08 pm

    Posted by shivam anand | December 1, 2011, 2:30 pm


  1. Pingback: Socially engineering a Password – or ‘How to get 100,000 hits in 4 days’ « Cliffsull's Blog - December 5, 2011

RSS Blog – ‘@cliffsull’ – a.k.a. PC Insecurities

  • Virtually learning October 6, 2014
    With little time to spare, I have still somehow managed to find the time to do some of the fantastic free Learning Courses available through the Microsoft Virtual Academy – http://www.microsoftvirtualacademy.com/Profile.aspx?alias=2533358 This week I am 2nd in the U.K overall…Read more →
  • Getting Mobile – UK August 24, 2014
    Having recently taken a 2nd second job to supplement my income (damned austerity) – I don’t have as much time online to blog and interact Socially. (I do update my twitter a lot )- Say Hello So, I’m sorry for…Read more →
  • Why Gmail sucks (when you don’t even have a GMail account) May 18, 2014
    Recently I received an email from a friend who has a gmail account. She’s not very well at the moment and is lightening her workload to free up her time to deal with her health issues. She gave me a…Read more →
  • Only In America – US Defense Department investigate Bitcoin re: Terrorism, but US Politicians can accept them for donations? May 9, 2014
    ONLY IN America – The two sides of Bit-Coin The US Defense Department is conducting a counterterrorism program investigation of virtual currencies like Bitcoin and other new technologies, including smartphones and social media, to better understand if they pose security…Read more →
  • A warning for Dropbox users May 6, 2014
    If you are a Dropbox user then you really should take note of a problem with Dropbox making your Shared Documents available via Referral to Search Engines. GRAHAM CLULEY explains …Read more →
Cliffsull's Blog

Just the ramblings of a UK based Irishguy, interested in Network Security, Archaeology and anthropology!

Post Concussion Syndrome Awareness UK & Worldwide

Bringing Awareness, News, Education & Discussion for PCS


Making a difference, one day at a time.

Dumok's ComicsWeblog

Just another WordPress.com weblog

Don Charisma

because anything is possible with Charisma

A Mummy's View

Telling it like it is

Random Hardware Collector

Various reviews on hardware and gadgets I try or find interesting

Percy's Random Ramblings

Random thoughts from a random guy

zprávy ze světa 2.0 (nejen) v českém jazyce

Social Work/Social Care & Media

Social Work / Social Care and Media

UK Constitutional Law Association

affiliated to the IACL

Turn Left 2013

Australian Politics

A Mummys View

Telling it like it is

Power of Positive Thoughts

Positive Thoughts, Inspirational Photos & Mental Health Advocacy


by A. S. J. Ellis

Bournemouth & Poole Holocaust Memorial Committee

Holocaust Memorial Day. To be held at Lighthouse Poole's Centre for the Arts (26.1.2014)

Paul Bernal's Blog

Privacy, Human Rights, Law, The Internet, Politics and more


4 out of 5 dentists recommend this WordPress.com site


Get every new post delivered to your Inbox.

Join 63 other followers

%d bloggers like this: