Jump to content
View in the app

A better way to browse. Learn more.

Tuts 4 You

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Featured Replies

Posted

Difficulty: 1 (Easy)
Language: Assembler
Platform: Windows x32/x64
OS Version: Windows  XP,  Win7, Win8, Win 8.1, Win10
Packer / Protector : none

Description :

Hello, guys, this is my introduction KeygenMe challenge.

It is pretty simple and straightforward.

The only solution is a working keygen.

Patching is not allowed.

Screenshot :

screenshot.JPG.3d14f4c8aa512bdeb636c5d46330594c.JPG

 

Have fun!

 

Regards

defc0n/2k17

RCE#1.zip

Solved by SmilingWolf

Go to solution
Spoiler

brownfox.png.4a3010ea9da51ed63ac8bf1aff22671c.png

 

  • Author
10 hours ago, Hero said:
  Hide contents

brownfox.png.4a3010ea9da51ed63ac8bf1aff22671c.png

 

Write a short tutorial if possible and a keygen! Good work Hero!! 

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good :D

Edited by GautamGreat

  • Author
3 hours ago, GautamGreat said:

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good :D

15

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

16 minutes ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

Maybe some good reverser then me wil solve it easily. 

Can you give some hints?

Edited by GautamGreat

3 hours ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

<deleted>

Edited by VirtualPuppet

  • Solution

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
bug.png.604f8088f3ae8c7c5cc60338b11ccb6d.png The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

genok.png.1c851f4787e8f4ed81072090966342e8.png

keygen.py

Edited by SmilingWolf

a24bb42f9f9f0eebe94942368ee08202.png

 

Here's the code :)

https://pastebin.com/14wTsc43

Edited by VirtualPuppet

  • Author
3 hours ago, SmilingWolf said:

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
bug.png.604f8088f3ae8c7c5cc60338b11ccb6d.png The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

genok.png.1c851f4787e8f4ed81072090966342e8.png

keygen.py

Thanks for pointing out. Your keygen is perfectly acceptable given the nature of the bug in my code. Good work!!! 

Create an account or sign in to comment

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.