astigmata's Bruteforceme#1_astigmata
| Download bruteforceme#1_astigmata.zip, 30 kb (password: crackmes.de) Browse contents of bruteforceme#1_astigmata.zip Hi crackers,
Difficulty: 2 - Needs a little brain (or luck) | Send a message to astigmata » View profile of astigmata » |
Solutions
Solution by andrewl.us, published 27. dec, 2008; download (340 kb), password: crackmes.de or browse.
andrewl.us has rated this crackme as awesome.
Discussion and comments
| Dahaka 25. Feb 2006 | holy smoke! you should be running on some super computer to go over bruteforcing some pass phrase with 100000000 loop! by 1583242846 possibility! |
|---|---|
| NexusC 25. Feb 2006 | hehe, would have been easier if we knew what range of chars to use ;) since " " - "~" is kinda heavy but can't be excluded if u wanna have 100% accuracy.. |
| HMX0101 25. Feb 2006 | i think that loops can be made for separately... |
| astigmata Author 25. Feb 2006 | there are only numbers in the good key 1,2,3,4,5,6,7,8,9,0 for the size of the key, check the algo :) |
| HMX0101 25. Feb 2006 | i need a number that parsed by the algorithm of the crackme has equal to 0D5446474h ? |
| NexusC 25. Feb 2006 | ok, thx :P that will reduce the needed time alot :P |
| astigmata Author 25. Feb 2006 | yes hmx0101, but you can't reverse it because you don't know value of ebx before the XOR that's why it's called brutforceme :D if you find without bruteforce, go buy a lottery ticket. |
| Rambo 25. Feb 2006 | hmm.. if we can find the value of CL then we can make keygen ;) but i don't have time to math ;) |
| Rambo 25. Feb 2006 | sorry. no keygen ,but brute algo |
| NexusC 25. Feb 2006 | lol, this might take a few weeks depending on the starting number in the key xD |
| HMX0101 25. Feb 2006 | that sounds easy :D |
| ~raj 27. Feb 2006 | Keycode is 8 digit no from 0000 0000 to 9999 9999. For each number it loops for 1 0000 0000 (5F5E100) times. for each iternation it takes around 70 seconds. So total time reqquired for brute force method will be: 1 0000 0000 * 1 0000 0000 * 70 = 700000000000000000 sec = 11666666666666666.67 min = 194444444444444.44 hr = 8101851851851.85 days = 22196854388.63 yrs !!!!! ;^*) What do you think ? |
| Rambo 27. Feb 2006 | each iteration 70 sec ???? |
| Kerberos 27. Feb 2006 | ~Raj: Whole serial check takes 5 seconds on my PDA so you really need new computer :) And if you're calculations are right for your computer, then you need to wait (100000000 * 70) seconds until your serial code is checked in this CME ... |
| NexusC 27. Feb 2006 | hehe, to know the starting number in the key would shorten the brute by a load of weeks on my comp ;) |
| astigmata Author 27. Feb 2006 | I say 3 years if you test every serial without found the correct one. but you are 6000 here, if someone makes a good bruteforce (like SETI@home lol), with many ranges, you ll be able to defeat this level1 crackme :D |
| ~raj 28. Feb 2006 | 70 sec time taken was for checking 100 numbers in loop ;-( mistake there So total time will some down by factor of 100 |
| NexusC 01. Mar 2006 | no matter how good brute u code i think ppl will skip this one coz it's just too time consuming to dedicate the computer resources for a lvl1 crackme ;) so a shorter key would have been better imho :) |
| costy 03. Mar 2006 | is it possible to do a bruteforcer changing to source code? |
| astigmata Author 04. Mar 2006 | to do a bruteforce, you need to add a loop, that's all |
| ManSun 26. Mar 2006 | Yes its very easy but... 1 cobmination / 1 second 8 digits password = 100000000 combinations = 100000000 sec = 1666666 min = 27777 hours = 1157 days = ~3,1 years :-D |
| Shism 27. Mar 2006 | Instead of doing that use random brutefoce |
| phueghy 27. Mar 2006 | But random BF does not increase the chance of finding the right key. And you have to make sure not to check some numbers twice. It would be easier if we knew the first one or to digits though :-) |
| Shism 29. Mar 2006 | It does increase the chance of finding the right key... |
| phueghy 29. Mar 2006 | Why? The Chance of finding the right key is 1:100000000, no matter if you are searching randomly or linear. It could just as well be 500000004 as it could be 81640724. |
| Shism 29. Mar 2006 | Why becuase chance you find the right key increases. Let's say the key is 17 chars long So you go in a linear form testing each combination. That's the way you want to do it. So you go through every combination of chars from the 1 char long length to 17 char long length. RBF tests every combination of keys randomly. So if lets say the key is 17 chars long, with linear bruteforce it would take forever, however the chances that a random bruteforce finds the key is much higher than linear bruteforce. Lets say the key is ^KC*.&>)D_?F)+"F(D* ... So the chances of linear bf finding they key can be stated. An estimate can be made. However,on random bruteforce an estimate can't be made. There is no chance for random bruteforce. The chances of finding the right key are 100% for both. Bruteforcing the key gaurentes finding the right key. Bruteforcing will increase your chances. |
| Shism 29. Mar 2006 | *Random bruteforcing will increase your chances of finding the right key |
| TDC[NL] 24. Apr 2006 | hint: EBX must be 85AE3E6C in hex at 00401070 after the loop :) maybe some guy can now do it? |
| Ox87k 24. Apr 2006 | ebx must be 85AE3E6C only if eax is 50EA5A18... or not? |
| BugHunter 24. Apr 2006 | to be honest, you have a point there, i'm trying 2 figure it out but i'm sleepy and thinking is hard now ^^ |
| BugHunter 24. Apr 2006 | yes you are right 0x87k! sorry for my wrong post :-D still trying to find a way to reverse hehe |
| BugHunter 24. Apr 2006 | i made some comments on my bruter source code, check it out: ;EAX must be 0xD5446474 at the end ;let's say EAX = 0x52212755 and EBX = 0x87654321 (xor EAX with 0xD5446474) ;then before the encryption algo you need to have valid numbers in ASCII ;hmmm, so lets initialize the registers and let's try to bruteforce a ;valid alpha numeric serial ;so EAX = random hex number, EBX = xor 0xD5446474 with the random EAX ;then do the loop ;now check if EBX is ALPHA NUMERIC maybe helps coding a bruter? i've coded one and it's now bruting :D |
| BugHunter 24. Apr 2006 | tip: if you dont brute with a random value, then increase by one a value each loop, but begin with 0x0000FFFF because if you XOR a dword with something lower than 0x00010000 than the upper characters will NEVER be alpha numeric, you could even research/think more about it and code a good bruter |
| BugHunter 25. Apr 2006 | any 1 tried yet? |
| SoN 25. Apr 2006 | I wrote a working brute forcer but the moderator says that the algo can be modified to run quicker. I'm not quite sure how yet but I'm looking at it. |
| indomit 25. Apr 2006 | TDC[NL], if ebx must be 85AE3E6C in hex at 00401070 after the loop, then when ecx=1000000-4, I cannot reverse this: MOV CL,AL RCR EAX,CL if after it code EAX=73AC9313 and EBX=22D0B21F, then all be fine in 3 full loops ;) But that is the question: EAX=? before this two operations? It can be reversed for CL=(from 00 to FF) |
| indomit 25. Apr 2006 | sorry... Last sentence: It can't be reversed... |
| costy 07. Jul 2008 | @moderators The possible keys are from 00000000 to 11111111. I made a keygen but I think that it will never find a solution becouse it takes a second to try a key. My bruteforcer is a self bruteforcer so i don't think it can be faster if i made another one. I tested it for a while. It makes its job but it's impossible to find a serial becouse it's slow. Can I send it as valid solution? I think that the algo can't be reversed. |
| sd333221 07. Jul 2008 | I will submit my solution in two years when my bruteforcer is done. Please wait xD |
| sd333221 07. Jul 2008 | My current bruteforcer takes 300ms per try :-( Way too much |
| TiGa 07. Jul 2008 | To be accepted, your bruteforcer has to find the serial in a reasonable amount of time. |
| sd333221 08. Jul 2008 | I just see that "00000001" is also accepted as an input, so there are more combinations |
| costy 08. Jul 2008 | Sorry I committed an error while writing "The possible keys are from 00000000 to 11111111". Infact their range is from 00000000 to 99999999. @sd333221 what computer do you have? mine has got a 1000 Mhz processor. I take a second to trying a serial. I selfbruted it. |
| saitob 08. Jul 2008 | Off Topic: Ohh costy, that's bad xD Why do you not upgrade your computer? I mean, the parts cost nothing now a days. You can get a compleatly new and super fast computer for some hundred dollars. On Topic: Crackme looks interesting, but i'll wait for a solution. |
| sd333221 08. Jul 2008 | Got a Dual Core 3 ghz |
| sd333221 08. Jul 2008 | costy how do you change the numbers? You have to change the strings. I don't understand why it is not possible to just reverse the algorithm like that: MOV EAX, 1; //LOOP CONTINUE: XCHG EBX,EDX SUB EBX,0x11223344 SUB EBX,EDX MOV CL,BL RCL EBX,CL DEC EAX; JNE CONTINUE; For me it works like for the first 2 steps, and then somehow the numbers are changing |
| costy 08. Jul 2008 | @saitob I'm poor :-( @sd333221 about the computer I'm poor :-( about the selfgen... In order to change the number... At the program start the string must be"00000000" MOV DWORD PTR DS:[404000],30303030 MOV DWORD PTR DS:[404004],30303030 JMP faster.00401010 the start each time it generates a new serial MOV EAX,faster.00404000 mov the string in eax INC BYTE PTR DS:[EAX] inc the first byte CMP BYTE PTR DS:[EAX],3A byte must be in the range 30 - 39 (ascii 30 = number zero ascii 39 = number nine) JNZ tothestartandtryit MOV BYTE PTR DS:[EAX],30 if byte > hex39 ... byte = 30 (number zero in ascii) INC EAX JMP inc_the_next_byte the selfgen tries 00000000 10000000 20000000 30000000 40000000 50000000 60000000 70000000 80000000 90000000 01000000 11000000 ..... 19000000 02000000 .... Anyway I can send you the exe. If you want |
| HMX0101 08. Jul 2008 | I'm bruting it over a Athlon 2ghz.. after 9hours it have made 1ABA5h checks... so some calcs with i've made: 9h-----1ABA5h 24h----x x=(24*1ABA5h)/9=6AE94h 1 day = 6AE94h 2 day = D5D28h 3 day = 140BBCh ... 5888 days = 99AF4C00h /* aprox. 99999999h 1yr-----365days x-------5888days x=1yr*5888days/365days=16years so, i think i'll leave this one :D good luck, guys ;) |
| costy 08. Jul 2008 | @moderators Could this crackme can considered impossible to solve? And if it's impossible could be deleted?? |
| p1nasIAT 19. Aug 2008 | @costy This is very possible to solve in a short time by brute-forcing. All you need to do is think out of the box, literally. I solved this one yesterday. I'll write a solution if I find the time, soon. |
| ARCHANGEL 20. Aug 2008 | @p1nasIAT It would be interesting to see the result of your bruting... We'll wait. |
| andrewl.us Moderator 20. Aug 2008 | @p1nasIAT I'm both skeptical and excited of your claim. Post or message me the DWORD :) |
| sd333221 28. Oct 2008 | 15 years and 36 days remaining until I got this one |
| Ox87k 28. Oct 2008 | @sd333221: AHAHAHAHAHA, LOL! :) |
| main 30. Oct 2008 | Thanks p1nasIAT for the "out of the box" thinking, I may be on to something. Just have to learn some stuff first! Tip: You really have to think different. Think of all the ways the components in your computer can do computing :) |
| main 30. Oct 2008 | Too bad I don´t have the components needed to solve it :( |
| main 31. Oct 2008 | If I don´t get the components I need, this will take at leat 1.5 year with my computer. Even if I use all of my computers this will take a bit over 180 days... Of course... We could split this crackme up in parts? There are 818 (round = 800) downloads.... I have working bruteforcer, so if half of us = 400 goes from 99999999 to 00000000 and the other half does do opposite, then we could solve this in 1 min. Like this: Computer 1 starts from 0000 0000 Computer 2 starts from 0000 0000 + amount_of_work_done_by_one_computer * current_num_of_computers ... Computer 401 starts from 9999 9999 Computer 402 starts from 9999 9999 - amount_of_work_done_by_one_computer * current_num_of_computers If amount_of_work_done_by_one_computer is the amount of work a computer can do :), then we could solve this very fast. There are 10^8 passwords to try. Each password takes (depending of implementation and computer), say 0.5 seconds to try (we can try 2 passwords / second). Then If we have 800 computers and this task is distributed equally, we can solve this with 100% accuracy in about 17 hours (maybe less because of my calculations). Is this a possible solution (besides the solution to have special components to solve it)? |
| main 31. Oct 2008 | "we could solve this in 1 min", ok maybe a bit exaggerated, but I was a bit excited. :P |
| main 01. Nov 2008 | Maybe we should write some all-round brute-forcing client that could be used for different tasks? Then we could solve quite many tasks that seem unsolvable. It´s all about computing power. You could have a system where there are code to be executed located in some database, or dll:s that where downloaded or whatever (I´m just thinking here) and put in a queue and then equally distributed over the clients as I was talking about above. A system where every other computer is allotted (is that the correct word?) a piece of work and if it is done processing, it request another piece and so on. It could be quite powerful. What do you think? |
| andrewl.us Moderator 01. Nov 2008 | Nice idea! http://www.distributed.net/ |
| user2k 01. Nov 2008 | heh, seti-like project started because of bruteforce-me, nice idea :) |
| main 02. Nov 2008 | Interesting link andrewl.us! @user2k yeah, it´s maybe a bit too much work just because of this one, but what the h-ll, once you´ve written a client (or use some already existing) it could be fun :) And also, there are quite some users registered here on crackmes.de, if we got people engaged in this stuff it would be great! We could solve alot of things together! |
| andrewl.us Moderator 17. Dec 2008 | A Christmas gift for crackmes.de; the key should be found by December 25th at the latest. You can view the live status of the key searching at http://andrewl.us/astigmata (assuming a valid key actually exists, that they key really does consist only of decimal digits, and that nothing environmental like loss of power or computer bursting into flames occurs) |
| cyclops Moderator 21. Dec 2008 | @Andrew: Damn! You(you're PC) is working hard on it :) Great initiative to solve a single crackme! Lotta respect 4 you :) |
| andrewl.us Moderator 24. Dec 2008 | KEY: 76449502 Thanks cyclops :) Wanted to hold off reply until this thing actually worked. Was starting to have doubts :/ |
| xylitol 27. Dec 2008 | wow nice work andrewl.us ! |
| aout 27. Dec 2008 | Awesome solution, really made my day :D |
| simonzack Moderator 12. Jan 2009 | that was totally awesome god what a fast pc too |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.