#let post_slug = "crackmes-license-checker"
#let post_preview_image = "cover.png"
#let post_summary = "Reverse engineering license-checker from crackmes.one"

= Crackmes.one license-checker solution
= Solution 1
First get a feel for the program.
```sh
$ ./license_checker_1 
Usage : ./license_checker_1 <license key here>
./license_checker_1 12345
12345 is not a valid license key.
```

Open it up in binary-ninja and go to the main function:

#image("/static/posts/crackmes-license-checker/image.png")

Notice the key is visible, so strings would have worked here too.

```c
if (!strcmp(arg2[1], "KS-LICENSE-KEY-2021-REV-1", "KS-LICENSE-KEY-2021-REV-1"))
{
  puts("
    Congratulations ! You have successfully registered your premium service.");
  exit(0);
}
```

Immediately the keys are visible. Trying it:

```sh
$ ./license_checker_1 KS-LICENSE-KEY-2021-REV-1
Congratulations ! You have successfully registered your premium service.
```

Looking at the program, what it does is verify the right number of inputs are present, and test the inputs against a known string. 

= Solution 2

The fastest solution would have been to use strings:
```sh
$ strings license_checker_1 | grep -v '\.' | grep -v '_'
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
exit
puts
printf
strcmp
u3UH
Usage : %s <license key here>
KS-LICENSE-KEY-2021-REV-1
;*3$"
main
```
Here it's easy to guess which of these results is the key.


= Notes
Author: NomanProdhan\
Challenge Link: https://crackmes.one/crackme/619eda7b33c5d455dece628d\
Description:\
This is a simple license checker made with C. This is for complete beginners.

I'm new to "crackmes" this so the challenge description feels appropriate to try.


I used binary-ninja-free. It feels much cleaner than IDA-free or ghidra which I've used for CTF's in the past. Very much overkill for this challenge though.