r00t0 Posted August 24, 2017 Posted August 24, 2017 (edited) Difficulty : 8Language : C/C++Platform : Windows 32bitOS Version : Windows 7+Packer / Protector : UPX 3.91 Description : The goal is to write a keygen for it without patching the file. Key must have 5 characters. Screenshot : Download : keygenme.zip Edited August 24, 2017 by r00t0
SmilingWolf Posted August 25, 2017 Posted August 25, 2017 One correct key: ajjag Last letter appears to be unused, the sum of the indexes of the first 4 letters inside the alphabet abcdefghijklmnopqrtuvwxyz must equal the index of letter "t" inside said alphabet. In the serial above: a = 0 + j = 9 + j = 9 + a = 0 -> 18 Alpha[18] = t Serial check passed. How is this a difficulty 8 KeygenMe? Is that some kind of bait? Am I missing something? 2
r00t0 Posted August 25, 2017 Author Posted August 25, 2017 (edited) It's not a bait, maybe difficult is 2. And it's not one correct key. You correctly solved how to work algorithm. Good work. Edited August 25, 2017 by r00t0
Solution SmilingWolf Posted August 25, 2017 Solution Posted August 25, 2017 (edited) Yeah, I meant it as "one correct key (among the many possible ones)". Attached my keygen in python 2.7 Some more sample keys: cbdmn aaatj gaama In general anything that can be solved by hand like that shouldn't get a difficulty rating above 2. If I may and you're willing to, can I ask you now to explain how/why my keygen works? keygen.py Edited August 25, 2017 by SmilingWolf 1
r00t0 Posted August 25, 2017 Author Posted August 25, 2017 (edited) Keygen randomize 4 character from pattern (max array length / 3) from array and append to empty array, 5 character are randomized because is not used. I understood the question well ? There's my algorith to checking key Spoiler fgets(read,5,stdin); int key = 0; for (int i=0; i<5; i++) for (int j=0; j<25; j++) if (read[i] == array2[j]) key+=j; Edited August 25, 2017 by r00t0
SmilingWolf Posted August 25, 2017 Posted August 25, 2017 (edited) Yeah you got the question. I'm generating the first 3 characters randomly, making sure that the sum of their indexes doesn't exceed 18 by simply using indexes between 0 and 6 (len(alpha) - 1 = 18; 18 / 3 = 6). This way the worst case scenario is that I've got 6 + 6 + 6 = g + g + g. Then I'm subtrating from the max allowed index (18) the sum of the first three. This way, if the sum was 18 here I simpy get 0, which means "a" gets chosen as fourth letter. You said the serial should be 5 letters long, but there's actually no check on the serial's length. Moreover, fgets(char * str, int num, FILE * stream) only memorizes num - 1 entered characters and appends a null byte at the end, which means the last iteration of the loop always checks a null byte instead of a letter, so my keygen would do just as well generating only 4 letters. This totally slipped past me Edited August 26, 2017 by SmilingWolf 1 1
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now