Find Crackme Password from Hex String | Ghidra
G++ on Reddit ran into an issue while reversing a crackme called 'basik" from crackmes.one
Since the password is saved as a local variable, Ghidra does not count it as a Null-Terminated C-String. Which makes it difficult to find in Ghidra. Furthermore, it decompiles it as Little Endian; so even if you put it into a decoder, the password would be backwards.
Here is a quick tip on how to get it in a human readable format.
Links:
Original Reddit Post
/ help_with_ghidra_converting_hex_constant_to
Ghidra SRE
https://ghidra-sre.org/
nkrinc's basik on Crackmes
https://crackmes.one/crackme/65765512...
Cyberchef
https://gchq.github.io/CyberChef/
0:00 Introduction
0:17 Summary
1:22 Download Crackme
3:53 Open Ghidra
6:23 Find Password in Hex
8:55 Use Cyberchef
10:02 Fix & Find ASCII Password
11:25 Outro
![[SCAM] I CAN'T BELIEVE HE'S DEAD | Fatal Crash Facebook Scam](https://images.videosashka.com/watch/yEuAolxdj0k)
