Posted August 28, 20178 yr Difficulty: 1 (Easy)Language: AssemblerPlatform: Windows x32/x64OS Version: Windows XP, Win7, Win8, Win 8.1, Win10Packer / Protector : none Description : Hello, guys, this is my introduction KeygenMe challenge. It is pretty simple and straightforward. The only solution is a working keygen. Patching is not allowed. Screenshot : Have fun! Regards defc0n/2k17 RCE#1.zip
August 29, 20178 yr Author 10 hours ago, Hero said: Hide contents Write a short tutorial if possible and a keygen! Good work Hero!!
August 29, 20178 yr I give it a try. 1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message. So simply I brutoforced the serial number. Name : GautamGreat Key : 29D3C18E Ps : my English is not good Edited August 29, 20178 yr by GautamGreat
August 29, 20178 yr Author 3 hours ago, GautamGreat said: I give it a try. 1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message. So simply I brutoforced the serial number. Name : GautamGreat Key : 29D3C18E Ps : my English is not good 15 The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.
August 29, 20178 yr 16 minutes ago, defc0n said: The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it. Maybe some good reverser then me wil solve it easily. Can you give some hints? Edited August 29, 20178 yr by GautamGreat
August 29, 20178 yr 3 hours ago, defc0n said: The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it. <deleted> Edited August 29, 20178 yr by VirtualPuppet
August 29, 20178 yr Solution The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example. The input serial is the first string shown, the transposed serial is the second Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases) keygen.py Edited August 29, 20178 yr by SmilingWolf
August 29, 20178 yr Here's the code https://pastebin.com/14wTsc43 Edited August 29, 20178 yr by VirtualPuppet
August 29, 20178 yr Author 3 hours ago, SmilingWolf said: The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example. The input serial is the first string shown, the transposed serial is the second Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases) keygen.py Thanks for pointing out. Your keygen is perfectly acceptable given the nature of the bug in my code. Good work!!!
Create an account or sign in to comment