[keygenme] ESET Crackme...

[Teddy Rogers]

Your task is to retrieve data from a special application.

Answer has to be sent to contest@eset.sk. Prize and glory awaits so test your self and collect the prize!

ESET Crackme Contest Rules:

1. Contest Participants All participants of CONFidence conference held November 29 – 30, 2010 in Prague can enter the contest. No ESET employees will be admitted to participate.
   
2. Contest Organizers ESET, spol. s r.o. has the right to organize the contest as part of CONFidence conference, held November 29. – 30, 2010 in Prague based on agreement between the foundation Fundacja Wspierania Edukacji Informatycznej PROIDEA and ESET, spol. s r.o..
   
3. Contest Objective “ESET crackme” is a program that tests the ability and skills in reverse engineering. The objective of the contest is to arrive at the name and registration code embedded in the file.
   
4. Contest Prize The contest winner will receive hardware and software provided by ESET.
   
5. Contest Start The contest begins November 29th, 2010 at 14:00.
   
6. Contest End The contest will come to a close after the first submission of the correct solution, and will run no later than November 30th 2010, 17:00.
   
7. Contest Winner The winner will be the first entrant to send the correct name and registration code to contest@eset.sk
   
8. ‘Crack me’ Solution The contest results will be announced after the correct answer is sent to contest@eset.sk. The prize will be awarded after the announcement of results.
   

/>http://201002.confidence.org.pl/crack-me

Ted.

CrackMe.CONFidence.zip

Edited December 4, 2010 by Teddy Rogers
Edited topic title...

[EvOlUtIoN]

it has some crc featureas md5 etc...but i seen harder things in my life.

Edited November 30, 2010 by EvOlUtIoN

[Vovan666]

PasswordsPro module for brute CRC32
/>http://www.mediafire.com/?7dn1y4izwfpxfl5

00401535 MOV EBP,EAX<-(hash in eax)

brute charset "2WQKHTL3VJBYG6PZCM9AXF0UED5RS7N8"

P.S. - Teddy, it is not crackme it is keygenme(serialfind)

Sorry for my bad English...

Edited December 1, 2010 by Vovan666

[Teddy Rogers]

P.S. - Teddy, it is not crackme it is keygenme(serialfind)

Thanks, I have edited the topic title.

For those interested here is the solution: http://esec-lab.sogeti.com/dotclear/index.php?post/2010/12/01/ESET-CONFidence-2010-Crackme-WriteUp

#!/usr/bin/env python# confidence 2010 crackme - keygen
# jb@security-labs.orgimport sys
from Crypto.Util import number # sorry you'll have to install pycrypto
from Crypto.Hash import MD5
import random
from struct import pack, unpackcrc32_table = [0] * 256
crc32_reverse = [0] * 256def build_crc_tables():
	for i in range(256):
		fwd = i
		rev = i << 24
		for j in range(8, 0, -1):
			# build normal table
			if (fwd & 1) == 1:
				fwd = (fwd >> 1) ^ 0xedb88320
			else:
				fwd >>= 1
			crc32_table[i] = fwd
			# build reverse table =)
			if rev & 0x80000000 == 0x80000000:
				rev = ((rev ^ 0xedb88320) << 1) | 1
			else:
				rev <<= 1
			crc32_reverse[i] = revdef dlog_solve_rho(q, r, n, p):
	# Pollard's rho algorithm
	# find x such as q^x = r mod p, with q of order n
	# adapted in python from miracl code
	x = y = 1
	ay = by = 0
	rr = 1	while 1:
		x = y
		ax = ay
		bx = by
		rr *= 2		for i in xrange(rr):
			# random mapping, 3 paths
			if y < p / 3:
				y = y * q % p
				ay = (ay + 1) % n
			elif y < 2 * p / 3:
				y = y * y % p
				ay = 2 * ay % n
				by = 2 * by % n
			else:
				y = y * r % p
				by = (by + 1) % n
			if x == y:
				break
		if x == y:
			return ((ax - ay) % n) * (number.inverse(by - bx, n)) % ndef pohlig_hellman(g, y, p, n, factors):
	# horrible code
	xi = []
	for f in factors:
		gamma = 1
		l = 0
		x = 0		
		alpha = pow(g, n / f[0], p)		
		for i in range(f[1]):
			if i != 0:
				gamma = (gamma * pow(g, l * pow(f[0], i-1), p)) % p			
			beta = pow(y * number.inverse(gamma, p), n / pow(f[0], i+1), p)
			l = dlog_solve_rho(alpha, beta, f[0], p)
			x += l * pow(f[0], i)
		xi.append(x)
	x = 0
	# chinese remainder theorem, not really optimized =)
	for i in range(len(factors)):
		ni = n / pow(factors[i][0], factors[i][1])
		x += xi[i] * ni * number.inverse(ni, pow(factors[i][0], factors[i][1]))
		x %= n
	return xdef crc32forge3(wanted_crc):
	charset = '2WQKHTL3VJBYG6PZCM9AXF0UED5RS7N8'	start_value = 0x45534554 ^ 0xffffffff # ESET
	while 1:
		# generate random string of 4 chars		
		s = ''.join(charset[random.randint(0, 31)] for i in range(4))		crc = start_value		
		for i in range(4):
			crc = (crc >> 8) ^ crc32_table[(crc ^ ord(s[i])) & 0xff]		s += pack('<L', crc)
		crc = wanted_crc ^ 0xffffffff		for i in range(7, 3, -1):
			crc = (crc << 8) ^ crc32_reverse[crc >> 24] ^ ord(s[i])
			crc &= 0xffffffff		s2 = s[:4] + pack('<L', crc)		# check if added bytes are in the charset
		# else same player play again
		valid = True
		for i in range(4):			
			if charset.find(xxx((crc >> (8 * i)) & 0xff)) == -1:
				valid = False
				continue		if valid == True:
			return s2def string_to_int64(s):
	l = unpack('<LLLL', s)
	value = ((l[1] ^ l[3]) << 32) | (l[0] ^ l[2])
	return value & 0x7fffffffffffffffdef decimal_encode(n):	
	charset = 'QA9532BJNP' # btc stuff
	s = ''	for i in range(20):
		s = charset[n % 10] + s
		n /= 10
	return sdef hash_to_string(hash):
	out = ''
	for i in range(16):
		out += xxx(ord('a') + (ord(hash[i]) % 26))
	return outdef x65599(s):
	hash = 0
	s2 = s.upper()
	for i in range(len(s2)):
		c = ord(s2[i])
		hash = (hash * 65599) & 0xffffffff
		hash = (hash + c) & 0xffffffff
	return hashdef keygen(username):
	if len(username) < 4:
		print 'Invalid name'
		return	build_crc_tables()	# elgamal parameters	
	p = 18446744073709461511L
	g = 3
	y = 0x5353453233444f4e
	x = 7123850746259367287L
	# factors. p-1 = 2 * 3**2 * 5 * 7 * ...
	factors = [[2, 1], [3, 2], [5, 1], [7, 1], [11, 1], [13, 1], [3797, 1], [42701, 1], [1262887, 1]]	md_name = MD5.new(username).digest()
	hash_str = hash_to_string(md_name)
	hash_value = x65599(hash_str)	while 1:
		# crap crap crap...
		# r is random value, with r=g^k mod p
		# we need to bruteforce r such as gcd(k, p-1) == 1 else k has no inverse
		s2 = crc32forge3(hash_value)
		md2 = MD5.new(s2).digest()
		r = string_to_int64(md2)
		k = pohlig_hellman(g, r, p, p-1, factors)
		if number.GCD(k, p-1) == 1:
			break	h = string_to_int64(md_name)
	s = ((h - x * r) % (p-1))
	s = s * number.inverse(k, p-1) % (p-1)
	print 'Serial: %s-%s' % (s2, decimal_encode(s))
if __name__ == '__main__':
	if len(sys.argv) != 2:
		print "Usage: %s <name>" % sys.argv[0]
	else:
		keygen(sys.argv[1])

Python keygen is attached below...

Ted.

confidence2010-keygen.zip