Crackme Baby

May 24, 2019

Language : Assembly
Platform : Windows x32/x64
OS Version : Windows 7, 8, 10
Packer / Protector : None

Description :

Found this one while cleaning my box, can you find the key?

Screenshot :

Rule : Tell us how you cracked it.

Baby Crackme #1.exe

May 24, 2019

That is most likely not your crackme. But what the hell..

Load it in IDA, decompile serial check and it will look like this:

      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...

There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:

Spoiler


12388079866699041114210001802

Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked..

May 24, 2019

7 hours ago, kao said:
That is most likely not your crackme. But what the hell..

Load it in IDA, decompile serial check and it will look like this:
      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...
There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:
Reveal hidden contents
12388079866699041114210001802
Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked..

Yeah I tried to figure out a math formula to solve the system but it didn't pan out. Then I thought about your second option but since it would involve some brute force I gave up

Sign In

Crackme Baby

Recommended Posts

Igor

kao

Igor

Create an account or sign in to comment

Create an account

Sign in

Community

Search