View Full Version : Selftest for Crackers
Kayaker
April 18th, 2002, 07:32
Hi All,
Man, it's so quiet in here lately you can hear the crickets! This is not cool...
Until something better comes up to cause a bit of discussion, I found this old crackme with 8 levels of challenge - and NO solutions. The harder levels should satisfy those who think they're pretty leeto, and I'm *hoping* the easier levels will actually generate some cries for help from the complete wet-behind-the-ears newbies who are taking their first steps in reversing.
Newcomers are always welcome, and this is the place to work on projects together, to learn and to ask questions without embarrassment or fear of ridicule, there are always plenty of people willing to help others here.
The crackme (168Kb) was written in Delphi, so experience can be gained in using DaFixer's DeDe Delphi disassembler (http://www.balbaro.com).
Also, another most favorite Delphi reversing tool of mine that might prove useful is D-Peeper, which will give you class information on the controls, which you can cross reference to the information from DeDe (http://batry.hypermart.net/D_Peeper.htm).
(Link seems slow, search for alternate d/l site)
Hopefully we can come up with 8 descriptive solutions to each challenge level (well, 7 really, the 8th is deemed impossible to solve), and finally lay this old crackme to rest
Good Luck.
Cheers,
Kayaker
CoDe_InSiDe
April 18th, 2002, 08:09
Hi Kayaker,
Hehe, it's indeed *very* quiet here
Maybe i should finally finish my CrackMe "Re-Move 2 - The Sequel" and then post it here as a project?

Just an idea.
First let's see how this project goes...
Cya...
CoDe_InSiDe
crUsAdEr
April 18th, 2002, 14:37
Hi,
Did not see this at first cos of Ryan's post.. i tot there wasnt anything new in this forum and did not feel like reading more abt CodeLock crap... so yeah just drop a note to say i am working on this... and bring this thread on top so everyone can notice and join in...
Yep... me on Easy level, wondering if there is a way beside bruteforcing which aint fun....
cheers,
Hoof Arted
April 19th, 2002, 20:42
It has been a while since I have posted messages here. I think that the RCE Academy is really taking off. There are many members and the challenges are very good.
I am not the experienced and the nice thing about the academy is that your progress is measured on some sort of chart. In this case, by score. Anyway, I am always keen to look at new crackmes.
Thanks
Hoof
crUsAdEr
April 24th, 2002, 02:50
Arghh....
Is anyone trying this crackme? with Dede finding the serial routine is nothing... this one is really abt crypto and such...
I am still stuck at easy level! Just wondering if the Hash can be reveresed? Or do i really have to bruteforce this?
Thanx for some helps and pointers...
Kayaker
April 25th, 2002, 05:01
Ouch! This one is hurting my brain...
The routine is apparent enough (crackme #3), but I'm not sure how you'd reverse it to find a valid s/n. The way I see it there are 2 loops. The outer one is called 10h times and doesn't do anything other than repeating the inner loop 10h times. The inner one is called the same number of times as there are characters in the s/n.
The inner one has 2 routines (and 2 checks), the 1st takes each character of your s/n and adds to it the position of the character, then summates them all and stores them in ESI. This is called 10h times. The final value of ESI is compared in
43B3FA CMP ESI,00003810
So if your s/n is '123' you get:
(Sigma [char + position]) * 10h
31h + 1 = 32h
32h + 2 = 34h
33h + 3 = 36h
-------------
ESI = 9C0h
I actually fluked into getting the right value for ESI (3810h) by using the password 'kayakeru'. The problem is this doesn't match the proper value of EBX in
43B402 CMP EBX,402A4FE7
You can see in the code below that the cumulative value of EBX is dependant on the current summation of ESI, an IDIV statement with the current position of the character being processed (in EDI), and the value of the remainder, if any, in EDX. This is the tricky part!
Plus, the EBX register can overflow in the line
43B3E3 ADD EBX,EBX
and actually reduce in value, making it even harder to follow the summation.
Code:
LOOP 1: ; n = 10h
LOOP 2: ; get s/n - called n = number of characters in s/n times
43B3CF CALL 0041AED4
43B3D4 MOV EAX,[EBP-10] ; s/n
43B3D7 MOVZX EAX,BYTE PTR [EDI+EAX-01] ; eax = character
43B3DC LEA EDX,[ESI+EDI] ; edi = position of character
43B3DF ADD EAX,EDX ; edx = previous summation
43B3E1 MOV ESI,EAX
; Above part of the loop takes each character in hex
; and adds to it its position in the s/n, summates
; with previous value and stores in ESI.
43B3E3 ADD EBX,EBX
43B3E5 XOR EBX,ESI
43B3E7 MOV EAX,ESI
43B3E9 CDQ
43B3EA IDIV EDI
43B3EC INC EDX
43B3ED ADD EBX,EDX
43B3EF INC EDI
43B3F0 DEC DWORD PTR [EBP-0C]
43B3F3 JNZ 0043B3C3 ; repeat # characters times
; JUMP TO LOOP 2
43B3F5 DEC DWORD PTR [EBP-08]
43B3F8 JNZ 0043B39E ; repeat 10h times
; JUMP TO LOOP 1
43B3FA CMP ESI,00003810 ; first check
43B400 JNZ 0043B40A
43B402 CMP EBX,402A4FE7 ; second check
43B408 JZ 0043B424
No solutions beyond this, just an analysis and a hope someone will see the light!
Cryptoconfused,
Kayaker
crUsAdEr
April 25th, 2002, 13:19
Yep Kayaker,
I am stuck at the same exact position!!!!
We need some crypto experienced reverser here!! :<
crUsAdEr
May 7th, 2002, 14:04
No crypto guru wanna help on this ???
At first glance it seems reversible but the more i went into this, the more ominous it looks!!! Maybe it is not really reversible... ???
Clandestiny
May 7th, 2002, 22:48
Quote:
Originally posted by crUsAdEr
No crypto guru wanna help on this ???
At first glance it seems reversible but the more i went into this, the more ominous it looks!!! Maybe it is not really reversible... ??? |
Hello mate
Ominous, heh, heh, I know what you mean

I had a look at it too and have yet to devise a solution. It does *appear* reversible... I don't know much about crypto, but I think most "irreversible" algorithms use some kind of randomization functions. There is no randomization here and the arithmetic is simple addition, logical xor, and division. Surely it must be reversible (I can hope

) One thing that makes this difficult is the fact that its more of a "set theory" problem. I'm almost certain you'll never retrieve a *specific* key from that hash value... Rather there will be a set of keys that satisfies the 2 conditions / compares. I've tried a couple of approaches, but my math background does not include any set theory / crypto, so I'm pretty lost
Would love for the input of a guru... I'm very curious if this is as reversible as my instinct tells me
Cheers,
Clandestiny
I knew I've seen it somewhere so i did some research...
http://archive.yates2k.net/E_bliss/sols/selftest-lu48.zip
Hope I didn't spoil your fun.
/GoZ
Clandestiny
May 11th, 2002, 00:30
Quote:
Originally posted by GoZ
I knew I've seen it somewhere so i did some research...
http://archive.yates2k.net/E_bliss/sols/selftest-lu48.zip
Hope I didn't spoil your fun.
/GoZ |
GoZ:
Nope, you didn't spoil my fun. I've played for a while with that algorithm for part 3 and finally concluded that it is irreversible... "Easy" my a**! LOL. Patching it is a joke, but actually trying to reverse that sucker is not a joy

Thanks for putting my mind to rest on this one... I guess brute force is the only way after all.
Kayaker:
LOL, I got a little distracted on this one in case you're wondering where that updated vxd is

Putting up exception handlers and error checking is booring me to death

Now that GoZ has put my mind to rest from this little distraction, I've got no excuse but to get back to work
Cheers,
Clandestiny
crUsAdEr
May 13th, 2002, 10:36
Yo,
Geez, i guess bruteforcing is the only way out... :<... boring crypto stuff if it is just bruteforcing.... Kayaker, guess this project is over and done with heh :>...
Yeah, i had this nagging feeling that it is reversible somehow still but then i am way too inexperienced to tell and i shant provide Clandestiny an excuse to stop him from moving his lazy bum and get some vxd done :>>...
Thanx Goz, for sharing... maybe i should start trying bruteforcing approach instead of trying to avoid it all the time....
regards,
crUsAdEr
Sphinx
May 20th, 2002, 15:02
hi all,
yes i`ve not been here for a while but i`m back had to register again, dunno why.
i started the self test and did the first two crackmes, not to hard.
but the easy one with the password and hash algo is little bit tricky. I don`t see a way to reverse it yet.
Kayaker posted the algo. but finding that wasn`t hard program has nice structure

. understanding what is happening is not hard either but to reverse start with esi 3810h and ebx.. and then go back to password is.
making esi 3810 is not so hard cuz you can take hex value of char *10h+10h. this is value of char in algo but for each extra char in password you have to add another 10h.
getting a lot of combo`s to get 3810h but the problem is the math that produces the ebx value, don`t have a short cut yet.
so brute forcing it
l8er Sphinx
mike
May 21st, 2002, 19:36
Hi, all! I was gone for a week and missed the request for crypto folks to look at this. I went to download the program, but the site is down.
Anyway, from what I got out of the code snippet Kayaker posted, getting the ESI value is easy.
Does anyone remember the story about Gauss as a kid? His teacher wanted to give the class some busy work and told them to add up all the numbers from 1 to 100. Gauss noticed that 1 + 100 = 2 + 99 = 3 + 98 = ... = 101, and that paired up like this, there would be 50 terms, so the answer was 50*101 = 5050. His teacher was annoyed that he solved the problem so quickly.
Anyway, here, we're also adding up the numbers from 1 to n, the length of the serial. So we have n*(n+1)/2.
We're also adding up the ASCII values of the characters in the serial. Printable characters (excluding space) are in the range 33-126, so we have another term 33*n.
Now we have n numbers between 0 and 93 to deal with. The minimum value for this term is 0 and the max is 93*n.
All in all, we have n*(n+1)/2 + 33*n + (a number between 0 and 93*n).
We can solve for the longest and shortest serial number possible. The sum is repeated 0x10 times and is checked against 0x3810, so we have to have the serial number sum once to 0x381.
0x381 = 897 = n*(n+1)/2 + 33*n
n=20.5, round down to 20
897 = n*(n+1)/2 + 33*n + 93*n
n=6.9, round up to 7
Ideally, we'd like a large range of passwords with a single length to sum to 897. Remember that we can get new passwords that sum up the same if we can increment some character and decrement another. The easiest way to do that is to have half of the word filled with 93's and the other half filled with 0's. So we want to find n such that
n/2*93 + n/2*0 = 897 - n*(n+1)/2 - 33*n.
Turns out that the solution to that is n=10.52, so let's pick n=11.
897 - 11*12/2 - 33*11 = 468
468 = 93*5 + 3
which means we have 5 93's, a 3, and the rest zeros. Very close to what we wanted. We add our base value of 33 to get the ascii codes and get our base password:
~~~~~$!!!!!
Here's the part that makes this elegant: we interpret the characters ! through ~ as "digits" in base 94. Now we can try every number between 0 and 94^5 - 1, express it in base 94, add the respective digits to the ! chacters, and subtract them from the ~ characters.
For example, the next few passwords look like this:
~~~~}$!!!!"
~~~~|$!!!!#
~~~~{$!!!!$
~~~~z$!!!!%
~~~~y$!!!!&
~~~~x$!!!!'
An example in base 10 would look something like this:
99999300000
99998300001
99997300002
99996300003
Since 94^5 is about 1.7 * 2^32, we expect that we can find an 11-digit serial whose EBX value is correct. Trying all 94^5 ought to take less than an hour on a decent PC.
Sphinx
May 28th, 2002, 08:32
he mike that is a nice way to approch this problem, haven`t thought of it.
This is how i started to generate the value for esi, (put them somewhere and later calc ebx for them).
i coded the same loop that Kayaker posted, with some textfields
for password, esi value and ebx value.
I started with 1 char and looked @ esi, after a few tries you see how you get this value, just the char value * 10h, for the first char you have to add another 10h, for a password with 2 length
you cal char(value) *10h for each char in the password. but you have to add now 30h( 10h for first char and 20h for second)
ect. for longer passwords.
if you have this you can now easy calc. how long password must be with a sertain character set. i use 20h to 7eh but you can take only the numbers or letters or both.
maybe this helps
Lord8Bit
July 29th, 2002, 01:06
Hello everybody.
I am the dude that originally released the "crackme" this thread focuses on. I am happy to see at least someone(s) had fun
attacking it. Great work everybody !
Its now so old that its no longer "fun" to withhold information.
Ask your questions .. if any
All source (delphi) and all passwords can now be considered public. Just ask for it ..
Passwords :
Very Very Easy : button
Very easy : LordByte in 1998, 51652596
Easy : firmware
Not Entirely Easy : shortwave
Somewhat Harder : 86257479
Hard :
1 2 3 4 5 6 7 8 9 10 11 12 13
A X X X X X
B X X X X X X
C X X X X X
Very Hard : The eagle has landed
Very Very Hard : Told you, unable to do a key for myself :-)
Anyone interested in a new 8 level crackme ?
If so, I do have some wicked ideas
Best regards
LordByte
Lord8Bit
July 29th, 2002, 01:09
Sorry about the "Hard" one in previous message ..
It got formatted out of shape :-)
Real Solution is :
1 2 3 4 5 6 7 8 9 10 11 12 13
A X X X X X
B X X X X X X
C X X X X X
Best regards
LordByte
Lord8Bit
July 29th, 2002, 01:11
Ok, it seems its the board formatting the "Hard" one,
as it was submitted correctly.
And as that level is allready solved .. who cares ?
LordByte
Woodmann
July 29th, 2002, 01:27
Hi Lord 8,
Please, by all means, start a new thread with your new crackme
Peace, Woodmann
user14
August 2nd, 2002, 22:02
About a year ago, I cooked up an idea about a radical new registration scheme involving a locked/limited/castrated program, which would be unlocked by means of a front-end in the program to a back-end CGI script hosted on a secure server.
Originally, the program was to have protected/locked functions which could be unlocked by a seperate "unlocking program", provided that correct information was provided to the CGI registration script, through the front-end in the program. Those "protected sections" of the program would be stored as an RSA-encrypted text string in the program. If the registration info was correct, then the CGI script would then send a packet back to the program, the contents of which would be the decryption key for the protected sections of the program. The unlocking program would then go to work decrypting the text resource and patching the program.
All was going well until I realized that I was too lame a programmer to make such a scheme work.
Maybe this is too elaborate an idea for level 8 of the crackme, but I think it's an idea worth considering.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.