Jump to content
Tuts 4 You

Crackme Baby


Igor
Go to solution Solved by kao,

Recommended Posts

Language : Assembly
Platform :  Windows x32/x64
OS Version :  Windows 7, 8, 10
Packer / Protector : None

Description :

Found this one while cleaning my box, can you find the key?

Screenshot :

im1.jpg.01550fb1d55470da0dc6549b2728bd78.jpg

Rule  : Tell us  how you cracked it.

Baby Crackme #1.exe

Link to comment
Share on other sites

  • Solution

That is most likely not your crackme. But what the hell.. :)

 

Load it in IDA, decompile serial check and it will look like this:

      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...

There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:

Spoiler

12388079866699041114210001802

 

Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked.. :D

 

  • Like 3
Link to comment
Share on other sites

7 hours ago, kao said:

That is most likely not your crackme. But what the hell.. :)

 

Load it in IDA, decompile serial check and it will look like this:


      if ( ++idx >= 29 )
      {
        if ( count_of_sevens == 1 && String[6] == '7' )
        {
          v5 = (unsigned __int8)entered_key[0];
          if ( entered_key[0] )
          {
            LOBYTE(v5) = entered_key[4];
            if ( v5 )
            {
              LOBYTE(v5) = entered_key[8];
              if ( v5 )
              {
                LOBYTE(v5) = entered_key[12];
                if ( v5 )
                {
                  LOBYTE(v5) = entered_key[16];
                  if ( v5 )
                  {
                    LOBYTE(v5) = entered_key[21];
                    if ( v5 )
                    {
                      part1 = getintfromkey(0, 4, 0);
                      part2 = getintfromkey(0, 4, v6);
                      part3 = getintfromkey(0, 4, v7);
                      part4 = getintfromkey(0, 4, v8);
                      part5 = getintfromkey(0, 5, v9);
                      part6 = getintfromkey(0, 8, v10);

                      v11 = part1 * (unsigned __int8)entered_key[7];
                      v12 = part1 * (unsigned __int8)entered_key[6];
                      v13 = part1 * (unsigned __int8)entered_key[4];
                      if ( v11 == part5
                        && v12 == part3
                        && !(part1 * (unsigned __int8)entered_key[5])
                        && v13 == part4
                        && 1000 * v13 + 10 * v12 + v11 == part6 )
                      {
                          ...show good boy message...

There are some checks for specific character values:
* char 6 must be "7", there may not be any other "7" in the key;
* char 5 must be "0";
* chars 4,8,12,16,21 may not be "0";

Key is split into in several parts:

part1 = first 4 chars
part3 = chars 8..11
part4 = chars12..15
part5 = chars16..20
part6 = chars21..28

Then it does some simple multiplication and checks the result.

At this point you have 2 options:
- make a tool that will randomly choose part1 and chars 4 and 7, do the multiplication to calculate parts 3, 4, 5, 6 and see if it passes all checks.
- remember math lessons from school and figure out the only possible combination that will pass all checks.

First one is much faster, second one will be .. challenging.

Either way, you should arrive at the only possible solution:

  Reveal hidden contents


12388079866699041114210001802

 

Well, in fact, there is infinite number of valid keys. You can append random characters to the key above, they are not checked.. :D

 

Yeah I tried to figure out a math formula to solve the system but it didn't pan out. Then I thought about your second option but since it would involve some brute force I gave up

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...