downloadbrowsebundy's keygenme #2

Download bundy_kgme2.zip, 57 kb (password: crackmes.de)
Browse contents of bundy_kgme2.zip

Hello and welcome to my keygenme #2.

Your task is to try to write a keygen.

Well, actually you don't really have to. Just find the key for my name and you
will be able to get into the 7z file with it - where the source of this
keygenme is, and also my own keygen (as a proof it DOES have a solution).

Then you should write a tutorial explaining what is going on in this keygenme,
so others could learn some "simple?" tricks too :)

You may have some problems with the protection envelope I put on the keygenme.
It was tested on WinXP only and I don't think it will work on others.
As it is my own work I think it's OK to include it.

Hint: It doesn't have any anti-attach routines ;)

Reward offered: If you will be able to get manually to the OEP and say me
how you did it, I will send you my protection app, if you still want it
[with ALL the bugs, of course ;) ]

Difficulty: 5/10 ?

Regards,
bundy

Difficulty: 5 - Professional problem to solve
Platform: Windows 2000/XP only
Language: C/C++

Published: 02. Mar, 2007
Downloads: 469

Rating

Waiting for at least 3 votes
(we have only 2).

Rate this crackme:

Send a message to bundy »

View profile of bundy »

Solutions

Solution by eraser, published 13. aug, 2009; download (17 kb), password: crackmes.de or browse.

eraser has rated this crackme as quite nice.

Submit your solution »

Discussion and comments

bundy
Author
27. Apr 2007		Hmm, almost two months after posting and no response yet. Maybe my protector (or chosen tricks) is too difficult ?! (which would be really a surprise ;) )
To help you a little further I give you OEP RVA: 0000310B.
As I said ... no anti-attach .. so give it a try.
Kostya
18. Sep 2007		It`s not so hard to unpack this about 5 minutes...

But it is really hard to keygen it..
Hm.. The algo is really huge...

Have no ideas :/
Kostya
19. Sep 2007		Here is the tutorial on how to unpack it:
http://blognow.com.au/kostya/73592/Unpacking_the_bundy039s_keygenme_2.html

There are 3 filez: pdf, unacpked & plugin for Olly..
bundy
Author
21. Sep 2007		I never wrote it would be easy ;)
Here's another hint: Don't concentrate on the first calculations. Have a look at the serial format verification and the conditions which needs to be fulfilled to have a correct serial. There's a mathematical relation between these numbers.
bundy
Author
24. Feb 2009		The previous note (deleted) contained an outdated link to my protector. Here's a new upload (still the same file):

http://rapidshare.com/files/202050185/buc04.zip

In case you have any comments/suggestions/bug reports regarding my protector send me a PM or post a topic in forum.
Anything similar found here will be removed from this page, as it doesn't have anything to do with the keygenme itself.
eraser
21. Jul 2009		Hi bundy, your keygenme is not a trivial math problem. But this keygenme is finally solved. As a proof here is the 7z content:

[kgme2kg_src]
[kgme2_src]

We have also a tutorial (in SK language). If you want it we can submit it here or send it to you privately.

Let us know. Thx.

Btw. you can find the right key in the memory, is it a bug or was it an intention?


eraser & goober
andrewl.us
Moderator
21. Jul 2009		eraser:

is there no chance for translation? we would love to have the solution posted! :)
bundy
Author
28. Jul 2009		Hi eraser,

finally someone! It would be great if you could submit it here too. I'm quite sure the rest of the people will be glad to see the description.

About the right key in the memory - there was no other way to validate the correct serial (the correct serial was the optimal solution to the ... problem calculated by means of ...). I leave it blank for now ;)
Numernia
Moderator
30. Jul 2009		This keygenme is very interesting, I have tried solving it for some time but with no success. Would be interesting to see your solution eraser & goober. Thank you
simonzack
Moderator
01. Aug 2009		yeah, me too
however I found a bug(?) in this:
negative numbers are allowed, e.g. -4294967295-
however this would generate infinite pass
I have not figured out what the second proc does
does this involve any maths in abstract algebra, etc.?
I just like to know, cause if it does, I have not enough maths knowledge to solve it :p
bundy
Author
01. Aug 2009		I've had a look on the parsing serial method once again (after all these years ;) and it might be that there could be problem with parsing of negative values.
However, as I see it, it shouldn't affect anything. And you shouldn't be able to exploit that to get a valid serial. But you're welcome to proof me wrong ;)

Nope, there is no abstract algebra present. Just addition and multiplication (and division and subtraction in the helper method). Modulo was used just to truncate the variables to not overflow in the later multiplications.
eraser
13. Aug 2009		The solution was uploaded... enjoy.
andrewl.us
Moderator
13. Aug 2009		approved, solution is somewhat meager, will let bundy decide if it is satisfactory
bundy
Author
13. Aug 2009		First of all thanks to eraser & goober for a solution.
Everyone could have a look inside the archive with the provided key to see what exactly was going on.

The main problem presented with this keygenme was to solve transportation problem. There are 4 customers (with theirs demands on goods) and 5 supply depots (providing them). Between each of them there is a path and the transportation cost on that path per one item. The problem is in minimizing costs and/or maximizing profit.
The first number of the serial was the optimal solution, following with number of goods moved from depots to customers.

In general any transportation problem has multiple solutions, but only few of the are optimal. To have unique serial I had to calculate the optimal solution.
In general such transportation are calculated with some optimization algorithms such as simplex (remember the hint from description - "simple?" tricks :) ).

The obvious problem for me was how to decoy the calculation of the simplex. If I would use just a simple simplex - the solution would be provided really quickly as the validation would directly calculate the results.
My approach was to create a dual problem to the original problem and calculate the optimum with dual simplex. The calculation was used just to get the optimum value (the first part of the serial).
The generation of the problem guaranteed that there would always be a solution and it would be integers only.

I assumed that people would don't really care about the huge calculations and just concentrate on the serial validation. There were just 10 equations to solve ;)

According to solvers the right key can be found in memory. Well, it was just side effect :(. If you would just have looked on the outcome of the dual simplex, you wouldn't see them. Unfortunately, they are probably part of the immediate matrices used in calculation (if I only could have made that as a black box :) ). If you would have the results of the dual simplex, you could still calculate complementary variables to get the optimal solution of the original problem.

There are more optimization problems besides transportation problem and I might have look on them again to write another interesting (I hope) keygenme as this one has been defeated.
br0ken
14. Aug 2009		wow, transportation problem in a kgme! what next? travelling salesman? assignment problem? nice :D

You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.