RCE#1

[defc0n]

Difficulty: 1 (Easy)
Language: Assembler
Platform: Windows x32/x64
OS Version: Windows  XP,  Win7, Win8, Win 8.1, Win10
Packer / Protector : none

Description :

Hello, guys, this is my introduction KeygenMe challenge.

It is pretty simple and straightforward.

The only solution is a working keygen.

Patching is not allowed.

Screenshot :

 

Have fun!

 

Regards

defc0n/2k17

RCE#1.zip

[Hero]

Spoiler

 

[defc0n]

10 hours ago, Hero said:

  Hide contents

 

Write a short tutorial if possible and a keygen! Good work Hero!! 

[GautamGreat]

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good

Edited August 29, 2017 by GautamGreat

[defc0n]

3 hours ago, GautamGreat said:

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good

15

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

[GautamGreat]

16 minutes ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

Maybe some good reverser then me wil solve it easily. 

Can you give some hints?

Edited August 29, 2017 by GautamGreat

[VirtualPuppet]

3 hours ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

<deleted>

Edited August 29, 2017 by VirtualPuppet

[SmilingWolf]

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

keygen.py

Edited August 29, 2017 by SmilingWolf

[VirtualPuppet]

 

Here's the code

https://pastebin.com/14wTsc43

Edited August 29, 2017 by VirtualPuppet

[defc0n]

3 hours ago, SmilingWolf said:

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

keygen.py

Thanks for pointing out. Your keygen is perfectly acceptable given the nature of the bug in my code. Good work!!!