Crackme Baby

[Igor]

Language : Assembly
Platform :  Windows x32/x64
OS Version :  Windows 7, 8, 10
Packer / Protector : None

Description :

Found this one while cleaning my box, can you find the key?

Screenshot :

Rule  : Tell us  how you cracked it.

Baby Crackme #1.exe

[kao]

That is most likely not your crackme. But what the hell..

 

Load it in IDA, decompile serial check and it will look like this:

      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...

There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:

Spoiler

12388079866699041114210001802

 

Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked..

 

[Igor]

7 hours ago, kao said:

That is most likely not your crackme. But what the hell..

 

Load it in IDA, decompile serial check and it will look like this:

      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...

There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:

  Reveal hidden contents

12388079866699041114210001802

 

Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked..

 

Yeah I tried to figure out a math formula to solve the system but it didn't pan out. Then I thought about your second option but since it would involve some brute force I gave up