cyclops's Dongle Me
| Download Dongle_Me_-_Cyc.zip, 105 kb (password: crackmes.de) Browse contents of Dongle_Me_-_Cyc.zip Dongle Me By Cyclops
Difficulty: 5 - Professional problem to solve | RatingWaiting for at least 3 votes View profile of cyclops » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| Xspider 27. Apr 2010 | nice one from ya cyclops :D i guess this is the 1st crackme which uses dongle in crackmes.de !!? |
|---|---|
| EvOlUtIoN 28. Apr 2010 | Interesting one, what a keygen means exactly in this case? |
| cyclops Moderator 28. Apr 2010 | There are some calculations which makes the dongle *verified*. You have to reverse that part for the keygen(keygen is 2nd part, for first part you have to make a dongle). |
| Coderess 28. Apr 2010 | I think that good idea |
| Numernia Moderator 28. Apr 2010 | very good one! |
| Hack_ThE_PaRaDiSe 28. Apr 2010 | I would like to see a solution of this one, since I have no dongle experience. Im more interested in the coding part regarding the emulator. |
| qpt^J 04. May 2010 | well, i have analized crypto part of this crackme i found that crackme uses ECNR and i have a few questions as r=G*rnd+m (mod q) and v must equal to message in ECNR, how to sign r for user name if v^EA3AB084510=m (mod q) where m = Crc (user name), or i am doing something wrong.. and how much time needs for solving ECDLP ? |
| xylitol 05. May 2010 | Like HTP, waiting for a solution This one seem great :) |
| cyclops Moderator 06. May 2010 | @qpt^J: 40% of queries I cant understand..sorry! ECNR -> Correct r=G*rnd+m (mod q) -> Correct how much time needs for solving ECDLP ? Pretty long time, until and unless you find an easier way (plz, dont patch!). PM me if you need further help with ECNR:) |
| _ghandi_ 06. May 2010 | I thought i'd see what was involved in writing a virtual device driver, but now that i see this has an ECDLP factor, i'm not going to try because i don't know the first thing about solving ECDLP. Congrats on writing a nice crackme though Cyclops! |
| divinomas 21. May 2010 | Interesting crackme, cyclops. It seems lots of PS3 could help solve this ECNR. ;) |
| cyclops Moderator 21. May 2010 | Yes, divinomas! around 200 iirc ;) |
| Hack_ThE_PaRaDiSe 24. Feb 2011 | I havent seen any solution so far, so I decided to take a look at it. I noticed that it starts by enumerating the devices, and each time it manages to get a valid handle calls the HidD_GetAttributes function where there is a call to the DeviceIoControl win API: 73561ABA 52 PUSH EDX 73561ABB 51 PUSH ECX 73561ABC 51 PUSH ECX 73561ABD 68 A8010B00 PUSH 0B01A8 73561AC2 50 PUSH EAX 73561AC3 FF15 24105673 CALL DWORD PTR DS:[<&KERNEL32.DeviceI>; kernel32.DeviceIoControl I took a look at the control codes in the MSDN but i did not find anyone matching B01A8, and unless I missed something think I tried them all to see the corresponding constant. Any tips? |
| KKR_WE_RULE 24. Feb 2011 | Seen the ECNR part aswell, but I have only one PS3 ;p Cyclops, Numernia, qpt^J : can ya send some 199 more ps3(s) to my address ;p (kinda 199 div 3) ;p |
| cyclops Moderator 02. Mar 2011 | @HTP: HidD_GetAttributes is a standard API. Instead of going into its details, try to understand why/for what it is used. That will be a much better approach :) @KKR: people who have 200+ PS3s already done it, ask em :P |
| josh 06. Mar 2012 | Maybe there is a solution for crypto-dummies and non-gamers! The crc is the weak link (together with the sloppy report length checking...) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.