Jump to content
Tuts 4 You
  • 0
defc0n

RCE#1

Rate this question

Question

defc0n

Difficulty: 1 (Easy)
Language: Assembler
Platform: Windows x32/x64
OS Version: Windows  XP,  Win7, Win8, Win 8.1, Win10
Packer / Protector : none

Description :

Hello, guys, this is my introduction KeygenMe challenge.

It is pretty simple and straightforward.

The only solution is a working keygen.

Patching is not allowed.

Screenshot :

screenshot.JPG.3d14f4c8aa512bdeb636c5d46330594c.JPG

 

Have fun!

 

Regards

defc0n/2k17

RCE#1.zip

  • Like 1

Share this post


Link to post

10 answers to this question

Recommended Posts

  • 1
SmilingWolf

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
bug.png.604f8088f3ae8c7c5cc60338b11ccb6d.png The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

genok.png.1c851f4787e8f4ed81072090966342e8.png

keygen.py

Edited by SmilingWolf (see edit history)
  • Thanks 2

Share this post


Link to post
  • 1
Hero
Spoiler

brownfox.png.4a3010ea9da51ed63ac8bf1aff22671c.png

 

  • Like 2

Share this post


Link to post
  • 0
defc0n
10 hours ago, Hero said:
  Hide contents

brownfox.png.4a3010ea9da51ed63ac8bf1aff22671c.png

 

Write a short tutorial if possible and a keygen! Good work Hero!! 

Share this post


Link to post
  • 0
GautamGreat

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good :D

Edited by GautamGreat (see edit history)
  • Like 2

Share this post


Link to post
  • 0
defc0n
3 hours ago, GautamGreat said:

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number. 

Name : GautamGreat

Key : 29D3C18E

 

Ps : my English is not good :D

15

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

Share this post


Link to post
  • 0
GautamGreat
16 minutes ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

Maybe some good reverser then me wil solve it easily. 

Can you give some hints?

Edited by GautamGreat (see edit history)

Share this post


Link to post
  • 0
VirtualPuppet
3 hours ago, defc0n said:

 

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

 

<deleted>

Edited by VirtualPuppet (see edit history)

Share this post


Link to post
  • 0
defc0n
3 hours ago, SmilingWolf said:

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
bug.png.604f8088f3ae8c7c5cc60338b11ccb6d.png The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

genok.png.1c851f4787e8f4ed81072090966342e8.png

keygen.py

Thanks for pointing out. Your keygen is perfectly acceptable given the nature of the bug in my code. Good work!!! 

Share this post


Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...