Tuts 4 You

# RCE#1

Go to solution Solved by SmilingWolf,

## Recommended Posts

Difficulty: 1 (Easy)
Language: Assembler
Platform: Windows x32/x64
OS Version: Windows  XP,  Win7, Win8, Win 8.1, Win10
Packer / Protector : none

Description :

Hello, guys, this is my introduction KeygenMe challenge.

It is pretty simple and straightforward.

The only solution is a working keygen.

Patching is not allowed.

Screenshot :

Have fun!

Regards

defc0n/2k17

RCE#1.zip

• 1

Spoiler

• 2
##### Share on other sites

10 hours ago, Hero said:
Hide contents

Write a short tutorial if possible and a keygen! Good work Hero!!

##### Share on other sites

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number.

Name : GautamGreat

Key : 29D3C18E

Ps : my English is not good

Edited by GautamGreat
• 2
##### Share on other sites

3 hours ago, GautamGreat said:

I give it a try.

1. It use a procedure to xor name. It takes on byte of name and xor it with 0xDEADB00B and add it to ecx and then ror 0xDEADB00B with 0x8. This loop end when all character in name is xored. Later it change some alphabets from A to F in serial number and again a procedure generate a serial number encryption. If this encryption and our name xored dword will same then we will get the good boy message.

So simply I brutoforced the serial number.

Name : GautamGreat

Key : 29D3C18E

Ps : my English is not good

15

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

##### Share on other sites

16 minutes ago, defc0n said:

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

Maybe some good reverser then me wil solve it easily.

Can you give some hints?

Edited by GautamGreat
##### Share on other sites

3 hours ago, defc0n said:

The algorithm is perfectly reversible. It's ok that you chose to brute-force, but it can be solved without bruting it.

<deleted>

Edited by VirtualPuppet
##### Share on other sites

• Solution

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

Edited by SmilingWolf
• 2
##### Share on other sites

Here's the code

Edited by VirtualPuppet
• 2
##### Share on other sites

3 hours ago, SmilingWolf said:

The KeygenMe has got a bug: any name giving a "checksum" with an A in it will be impossible to keygen. There's a bug in the routine transposing the serial's letters which causes both A and F to be transposed to D. You can trigger the bug with OP's nick (defc0n) for example.
The input serial is the first string shown, the transposed serial is the second

Anyway, python keygen attached (please note it doesn't take into account any of the above. It simply generates "wrong" serials in such cases)

Thanks for pointing out. Your keygen is perfectly acceptable given the nature of the bug in my code. Good work!!!