crackme_nop – Full Solution by alex_ls
Been inactive for quite a while, real life stuff made my life real busy. Finally a little break to update this dying blog.
Few things to update. First, I decided to move to another file hosting as the old file hosting been down for a long time. (and their promise to move to new server results in lost of all my uploaded files. -_-“) Now all the uploaded files is located in easy-share.com. Some files is lost, as I dont have a copy in my hard drive. If you are interested with that project, let me know. I might consider to recode the whole thing.
Okay back to the topic. Finally someone who is really good (or probably have to much time to kill, lol j/k) solved my first crackme.Here is a snip of his solution. (only the hash/algorithm part)
The generating key algorythm is very simple as it’s getting from the code above
Well, try it for example. Let’s our serial is 6 length “012345” (Numbers 0,1,2,3,4,5 – is variables just not the numbers) The last symbol in serial string is always 0Dh. Examine the last loop (i’ve took the DWORD’s in the reversing mode)
0123 XOR 0123 = 0000
0000 XOR 1234 = 1234
1234 XOR 2345 = 1^2 2^3 3^4 4^5
1^2 2^3 3^4 4^5 XOR 345D =1^2^3 2^3^4 3^4^5 4^5^0Dh
1^2^3 2^3^4 3^4^5 4^5^0Dh XOR 45D0 = 1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh
1^2^3^4 2^3^4^5 3^4^5^0Dh 4^5^0Dh XOR 5D00 = 1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh
1^2^3^4^5 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh XOR D000= 1^2^3^4^5^D 2^3^4^5^D 3^4^5^0Dh 4^5^0Dh
After the LOOP The last XOR must be 4d3e5732h
Well, take out some conclusions:
The variable 0 may be any char, because it’s not used in the loop, in my key generator it’s equal ‘a’!
The variable 1 =57 XOR 32h = 65h ‘e’
The variable 2 =57 XOR 3Eh = 69h ‘i’
The variable 3 =4D XOR 3Eh = 73h ‘s’
The last variables 4 and 5 may be compute randomly and correspond the condition 4 XOR 5 XOR Dh = 4Dh
That’s all! Detailed algo you can find in my key generator sources code.
See the zip file for full solution. (ignore false alarm by AV, if any)Greets, opcode0x90.
Solution by alex_ls