Crack the code and get a job working for GCHQ...

/>http://www.canyoucrackit.co.uk/

Ted.

what am i missing here? Any hint?

{
char result = 0; printf("%d %X:\n",num,key);
for (BYTE i = 0xA0; i < 0xFF; i++)
{
result = i ^ key; if (result >= 0x30 && result < 0x7B)
{
printf("%c ",result);
}
} printf("\n\n");
}
void hackit()
{ DWORD _EAX = 0;
DWORD _EBX = 0;
DWORD _EDX = 0;
DWORD _ECX = 4;
BYTE temp = 0; unsigned char table[] = {0xEF ,0x0A ,0x1B ,0xDD ,0x31 ,0xA6 ,0x02 ,0x15 ,0x3F ,0x1A ,0xAE ,0x7B ,0xE5 ,0x36 ,0x6B ,0x0B ,0x57 ,0x26 ,0x30 ,0xB8 ,0xD9 ,0x28 ,0x24 ,0x64 ,0x0E ,0x42 ,0x4A ,0xB5 ,0xB0 ,0xA3 ,0xB3 ,0x0D,
0x01 ,0x93 ,0x4B ,0x69 ,0x81 ,0x38 ,0x6D ,0x27 ,0x03 ,0x9B ,0xFC ,0x67 ,0x5C ,0x60 ,0xE6 ,0x84 ,0xA0 ,0xD4 ,0x1E ,0xCA ,0xE7 ,0x04 ,0x98 ,0x52 ,0x51 ,0x75 ,0x35 ,0x39 ,0xBA ,0xE0 ,0xEB ,0x83,
0x8D ,0xBD ,0x65 ,0x70 ,0x74 ,0x53 ,0x66 ,0x18 ,0x76 ,0x4F ,0x5F ,0x48 ,0x61 ,0x07 ,0xC9 ,0xCF ,0x17 ,0xF9 ,0x40 ,0x5A ,0x78 ,0x1F ,0x68 ,0x06 ,0x34 ,0xB6 ,0xA8 ,0x21 ,0xBF ,0xEC ,0xB4 ,0xC8,
0x7E ,0xC3 ,0xE1 ,0x9C ,0x55 ,0xD3 ,0x2E ,0xF4 ,0x82 ,0x49 ,0xC0 ,0x4E ,0xB7 ,0x2C ,0x73 ,0xE4 ,0xE8 ,0x91 ,0xAD ,0x5B ,0x50 ,0x77 ,0x7C ,0x20 ,0x9D ,0x08 ,0xAA ,0x63 ,0xFE ,0xB1 ,0xDC ,0xF0,
0x45 ,0x8A ,0x0F ,0x85 ,0xF8 ,0xBE ,0xD8 ,0xA5 ,0x05 ,0x3A ,0xB9 ,0xCB ,0xF5 ,0x54 ,0x2D ,0x1D ,0xC5 ,0x37 ,0x25 ,0x4C ,0xDB ,0x97 ,0xD7 ,0xAF ,0x41 ,0x6C ,0x92 ,0x44 ,0x8E ,0x99 ,0x62 ,0x10,
0x0C ,0x87 ,0x4D ,0xCC ,0xF6 ,0x7A ,0xE3 ,0xE9 ,0x6A ,0x6E ,0xB2 ,0x16 ,0x8C ,0x90 ,0x22 ,0x5E ,0xFA ,0x09 ,0x00 ,0xBB ,0xF7 ,0xD1 ,0x89 ,0xD2 ,0xD6 ,0x80 ,0x86 ,0x29 ,0x95 ,0x33 ,0xC2 ,0x59,
0xBC ,0x94 ,0x8B ,0x8F ,0x23 ,0x11 ,0xAB ,0x19 ,0xD5 ,0x12 ,0xE2 ,0xFF ,0x43 ,0xC7 ,0x88 ,0xC1 ,0xCD ,0xFD ,0x79 ,0x2A ,0xEE ,0xDE ,0x71 ,0xED ,0xF1 ,0x9F ,0x96 ,0xF2 ,0xEA ,0xFB ,0xDA ,0x3B,
0x6F ,0xDF ,0x47 ,0x2B ,0x3E ,0xC4 ,0x46 ,0x14 ,0x9E ,0xA1 ,0x58 ,0xAC ,0xA7 ,0x7F ,0x7D ,0x32 ,0x1C ,0x5D ,0x2F ,0xA4 ,0x13 ,0xCE ,0xA9 ,0xD0 ,0xF3 ,0x56 ,0xA2 ,0xC6 ,0x3D ,0x3C ,0x9A ,0x72};
do
{
_EAX++;
_EAX &= 0xFF; //AL _EBX += table[_EAX];
_EBX &= 0xFF; //BL _EDX = table[_EAX]; temp = table[_EBX]; _EDX += (temp << 8); //MOV DH,BYTE PTR DS:[ESI+EBX] table[_EAX] = ((_EDX >> 8) & 0xFF); //MOV BYTE PTR DS:[ESI+EAX],DH
table[_EBX] = (_EDX & 0xFF); //MOV BYTE PTR DS:[ESI+EBX],DL _EDX = (((_EDX & 0xFF) + ((_EDX >> 8) & 0xFF)) & 0xFF); _EBX = table[_EDX];
//_EDX = *pKey; //*pKey = (*pKey ^ table[_EDX]); bruteKey(_EAX,table[_EDX]); //pKey++;
} while (_EAX <= 10);}

void bruteKey(int num, BYTE key)

I don't have British nationality, so I will never get this job. Still a funny challenge.

Edited December 1, 201113 yr by Aguila

Part 1 you use the shellcode given to decrypt the base64 encrypted string in the header of the PNG file. that takes you here:

http://www.canyoucrackit.co.uk/15b436de1f9107f3778aad525e5d0b20.js

You have to write a VM and execute it. It will print another HTTP get that takes you here:
/>http://www.canyoucrackit.co.uk/da75370fe15c4148bd4ceec861fbdaa5.exe

Disassembling that now...

Part 1 you use the shellcode given to decrypt the base64 encrypted string in the header of the PNG file. that takes you here:

how did you find out that the picture is a part of the hackit? This sucks

how did you find out that the picture is a part of the hackit? This sucks Posted Image

hehe, why else would they put it up as a pic, not plain text?

But yeah, i fell for the trap too...spent like 30 minutes trying to think of a way to somehow bruteforce the data.

But then i remembered this from another challenge...eset i think it was...guess this is the "use all the information you have" part.

too little, too late

would've taken me years to figure that one out. Guess I'm not UK spy material :v

Edited December 1, 201113 yr by Killboy

Someone figured it out. The keyword is:

Pr0t3ct!on#cyber_security@12*12.2011+

/>http://volatile-minds.blogspot.com/2011/11/can-you-crack-it-nope-i-tried-though.html

00401167  |. 817D C8 676368>CMP DWORD PTR SS:[EBP-38],71686367
0040116E  |. 75 5F		  JNZ SHORT keygen.004011CF

Check for gchq... rest of string have to figure out. Guess you have to bruteforce it. Comes out to

0028CCB0 67 63 68 71 63 79 62 65 gchqcybe

0028CCB8 72 77 69 6E rwin

Note I did not do the bruteforcing.

Edited December 1, 201113 yr by rendari

Stuck on this URL. Tried entering DWORD constants provided throughout the problems:
/>http://canyoucrackit.co.uk/hqDTK7b8K2rvw/afc2bfa3/d2ab1f05/da13f110/key.txt

No luck...

3 Russians and a Hungarian originally cracked it on IRC..I think some people ripped their work..

It's just a layered puzzle, no decent obfusc or code-flow tricks. The Russians even did keygens..

Was playing with this last week and got to the same place rendari did.

cyberwin is bruteforceable Unix(DES) as it truncates to 8 chars by design. Took me a minute with a dictionary attack.

Havent yet been bothered to trawl through the other challenges to find 3 random dwords for bytes 12-24 though of the license.

Not sure what the Russians keygenned? :S The final half of license.txt can be random chars to pass the exe tests, but not to get the key file so keygenning that is pointless

Edited December 2, 201113 yr by Loki

http://www.canyoucrackit.co.uk/hqDTK7b8K2rvw/a3bfc2af/d2ab1f05/da13f110/key.txt

You just have to keep inputting combinations of the 3 dwords until you find this and it works. Really ****ing stupid.

Well, that's the end of this challenge.

-rendari

meh, stupid. So the first one is the dword that is jumped at the beginning of stage 1 (I tried this but got the endians wrong) and the second two are the firmware dwords from the VM.

Meh, glad i didnt waste hours trying to work that out. Thanks for posting the link rendari. Was interesting to know at least

Edited December 5, 201113 yr by Loki

Solution Can You Crack It by asOlOt (CrackSLatinoS)

http://www.mediafire.com/?r9ffea84fc5n2x4

Language: Spanish (You can use google translate texts)