4.1. JAVA
Second example
Another simple crackme example:
public class password
{
public static void main(String[] args)
{
System.out.println("Please enter the password");
String input = System.console().readLine();
if (input.equals("secret"))
System.out.println("password is correct");
else
System.out.println("password is not correct");
}
}
Let’s load it in IDA:
Figure 4.4:IDAWe see here theifeqinstruction which does the job.
Its name stands forif equal, and this is misnomer, a better name would beifz(if zero), i.e, if value at
TOSis zero, then do the jump.
In our example, it jumps if the password is not correct (theequalsmethod returnsFalse, which is 0).
The very first idea is to patch this instruction.
There are two bytes inifeqopcode, which encode the jump offset.
To make this instruction a NOP, we must set the 3rd byte to the value of 3 (because by adding 3 to the
current address we will always jump to the next instruction, since theifeqinstruction’s length is 3 bytes):