Language : C/C++
Platform : Windows x32
OS Version : ( Windows 7,10)
Packer / Protector : None

Description :

Goal : Find correct key.

Enter key in textbox and click OK button then you see result . 

Screenshot :

crackme_release.exe

Very nice crackme Salin!

Noticed couple of things and gave it a try,its using a recrusive function that looked like Fbonacci but with a twist - when n equals 8 it returns the first character of my input XORed with 0x78 instead of the normal Fibonacci value.

Code computes fib(14) and compares it against specific values in a switch statement. I knew standard fib(14) is 377 which equals 0x179. Working backwards since fib(8) gets replaced with char[0] ^ 0x78 , i needed to figure out what value makes the sequance land on 377.

Turns out fib(8) needs to be 21 for this to work. So char[0] ^ 0x78 = 21 which means char[0] = 21 ^ 0x78 = 0x6D = 'm'

There's a loop that validates characters 3 through 9 using a table at byte_411BFC.

The validation formula :

fib(i+8) - fib(i+6) == byte_411BFC[i] ^ char[3+i]

Just rearranged it to solve for each character and u get : a, m, b, i, q, u, e.

Now characters 1 and 2 were trickier. Character 1 determines a value dl through another Fibonacci call and character 2 gets XORed with that. There's a secondary check involving fib(17) that needs to equal 1597.

After some trial and error found that char[1] = 'o' gives the right Fibonacci value, and char[2] = 'z' satisfies the XOR constraint.

And if we finally put it all together we get a valid serial for this amazing crackme which is :

mozambique

I ran it through checksum calculation and got 0x12D4.

Some code where it compares :

0040134B | 893D 20434100 | mov dword ptr ds:[414320],edi |

00401351 | 81FF D4120000 | cmp edi,12D4 |