[KeyGenMe] Patience Is A Virtue by SK2K7

[ChOoKi]

Here is a recent challenge by SK2K7 that was posted at a friendly forum, permission to post here was given by author since I happen to be the tester , the good news is it's yet to be solved, the bad news is it has plenty of cryptos inside, hope you enjoy this one.

Patience_Is_A_Virtue.rar

[ChOoKi]

A valid combo if you happen to be the richest man in the world!

Name : Some Name
Code : 9A447E62A9433AA7CD7E4CD265E30925

Hope this helps

[atom0s]

Is there anyway to even tell if the data entered is valid? The supplied name/key you gave does nothing.

 

Edit: Nvm there is, a label will popup saying Nice Job. But the supplied key above does not work.

Edited June 5, 2013 by atom0s

[ChOoKi]

Anyone else having same issue/problem as atom0s?

[atom0s]

Some more info on the key you supplied above:

 

Expected memory compare: (Using Some Name)

00491FBC  80 26 17 20 9F 87 5A 47 40 4D 67 27 FB 9A 46 A2  €& Ÿ‡ZG@Mg'ûšF¢

 

Result from the key given:

00491FCC  DE 55 D6 69 E8 BD 15 8D E4 6C D4 5E 56 EE EA 01  ÞUÖiè½älÔ^Vîê

 

The memory compare fails entirely.

[PeterPunk]

On my computer:

00491FBC  51 D8 37 DE CB 2D 0E 2C 7D A2 91 7F 97 AA DC 1C  QØ7ÞË-,}¢‘—ªÜ

00491FCC  A8 9E AB EF 41 F1 70 52 F8 46 F6 07 D3 0C 36 F9  ¨ž«ïAñpRøFöÓ.6ù

 

Regards.

[ChOoKi]

Combo works just fine:

 

[PeterPunk]

Sorry ChOoKi,

 

not for me:

http://rghost.net/46580072

 

Regards.

[LordCoder]

I have the same problem as @atom0s

[ChOoKi]

To all with problem (above), "If this combo does not work for you then you are not the richest man in the world!^[1]" . Dig deeper.

1. Hint was already given twice before.

[PeterPunk]

00491FBC  8F F0 77 19 0A 2C 4A D0 99 53 CA 38 30 37 BC 33  ðw.,JЙSÊ807¼3

00491FCC  8F F0 77 19 0A 2C 4A D0 99 53 CA 38 30 37 BC 33  ðw.,JЙSÊ807¼3

 

Well, the 2nd richest man in the world

[ChOoKi]

..... is back on top of the world again. Or at least on top of the list of the world's richest people, where your net worth has to be well above $55 billion to be in the club.

May 17, 2013

Now that the combo is confirmed, roll up your sleeves, serious work is awaiting

Edited June 10, 2013 by ChOoKi

[PeterPunk]

Keygen and source code (masm32):

Keygen.rar

 

Regards.

[ChOoKi]

@PeterPunk: "Fantastic!" . Thank you very much for taking the time to solve this challenge

[ToMKoL]

I know it's old and already solved but here's my attempt with some words about how it was solved.

 

sk2k7 piav.zip

Edited September 4 by ToMKoL
fixed small bug with not initialized length of string in keygen

[jackyjask]

Great work and write-up!

I've a question regarding this piece of your work:

What tools/SW/techniques have you used to calculate it

[ToMKoL]

You can factor this modulus in any tool (msieve, keygener assistant, etc.). If You would like to try specialized attacks try this old tool by Black-Eye called RAT (RSA attacking toolkit).

RAT.v0.1f.zip

[ra1n]

4 hours ago, ToMKoL said:

You can factor this modulus in any tool (msieve, keygener assistant, etc.). If You would like to try specialized attacks try this old tool by Black-Eye called RAT (RSA attacking toolkit).

RAT.v0.1f.zip 60.05 kB · 6 downloads

Sorry if this sounds dumb, but are you suggesting that the crackme owner purposefully used a weak modulus to make the crack possible? Otherwise the task of factoring the large number would be virtually impossible, right?

[ToMKoL]

Using 128 bit modulus even 10 years ago wasn't big problem to factor. Author probably used such modulus because it has 56 msb set. This allows to skip check if N > M. It would be very rare case to not be able to find serial for given name.

[jackyjask]

How many bits is feasiable task in 2023?

say you have a couple of 16 core CPU and or 2-3 modern Nvidias

[ToMKoL]

Hard to say. Depends on hardware/software You have to solve given problem. If we would factor this modulus using old RSAtool it would take minute or two. If we use msieve on the same machine it takes seconds. Probably reasonable size for protection would be 2048 bits. But since we taking about crackme 512 bits should be enough to solve in reasonable time.