# Find The Easy Pass

For this challenge it is given only one executable file:

• EasyPass.exe

Since this is a Windows executable, lets use wine to run this application. In case you don't have wine installed, this is what you should do:

$ sudo dpkg --add-architecture i386 
$ sudo apt update 
$ sudo apt install wine wine64 wine32 winbind winetricks

Now we can simply run wine EasyPass.exe and the application will load:

We also need a debugger that works for Windows executables, there are many out there but I will be using Ollydbg. Remember that Ollydbg requires wine to run. Installing Ollydbg:

$ sudo apt install ollydbg

First thing lets have a look at the string that are longer than 10 characters, maybe we can quick find some passwords or something like that:

strings -n 10 EasyPass.exe

No luck.

To start Ollydbg simply run:

$ ollydbg

We can go to File -> Open -> (select the EasyPass.exe file)

Now that we have the file loaded lets search for some strings.

• Right click
• Go to "Search for"
• Click on "All referenced text strings"

  

We see:

• Good job. Congratulations
• Wrong Password!

So it seems that these are the message sent in case of right or wrong password entered. Double-click in the "Good job" to see where it is implemented.

It's basically just comparing two values (EAX and EDX). Depending on their equality, we get a zero flag or not:

All we need to do now is find out what is the JNZ comparing to and we could potentially find the password. Lets set a breakpoint in the CALL just before the JNZ.

Select the line and press F2.

Now lets run the application clicking in the Play button. We can enter anything when prompted for a password:

As soon as we press the "Check Password" button we hit the breakpoint. If we look at the registers we can spot the two ASCII that are probably being compared to define if the password entered is good: