haiklr's M&M's Crackme
| Download mms-crkme_en.zip, 103 kb (password: crackmes.de) Browse contents of mms-crkme_en.zip A little serialme, very easy, only logic ! You must use your brain and find the good serial : no bruteforcing (it will be too simple) and no patching.
Difficulty: 2 - Needs a little brain (or luck) | RatingWaiting for at least 3 votes View profile of haiklr » |
Solutions
Solution by cyclops, published 07. sep, 2006; download (2 kb), password: crackmes.de or browse.
cyclops has rated this crackme as quite nice.
Discussion and comments
| AlexeyG 27. Aug 2006 | Is it actually possible without bruteforce? There is a routine that makes a number from the entered serial. Then this number is compared to the one we need in a "masked" form. We can find out what number we need to get, but if I got it right, then it's impossible to reverse the routine wich makes the number from entered serial. Basicly I want to know if it's allowed to bruteforce that given part. |
|---|---|
| Ox87k 27. Aug 2006 | i'm a little bit cofused! i find the right hex value to pass all checks but now i've to find the serial from this hex value.. i think isn't possibile without a bruteforce! |
| AlexeyG 27. Aug 2006 | Well. May be I dun get something, but here is what I have: ------------------------- ebx=0; ecx=0; for i=1 to length(serial) { bl=serial[i]; ebx=ebx rol 8; ecx+=ebx; } ------------------------- that's the "encryption" routine in a madeup language. What we can get from the crackme is ECX. But to reverse the encryption and get the serial we also need ebx. So I guess it's bruteforce-only. |
| HMX0101 27. Aug 2006 | I think the only solution for this is bruteforcing... Because for decrypt it the good value, you need ecx :( |
| The french beginner 27. Aug 2006 | no it doesn't! you can find a valid serial with your brain you have to think more ;) (tips : a 4 char serial works perfectly) |
| Shism 28. Aug 2006 | Is there more than 1 valid serial ? |
| Shism 28. Aug 2006 | ya a 4 char serial, but you really do need ecx..... |
| Shism 28. Aug 2006 | Here are the missing values, since he gave some of them.... even tho its just the masked values 38,X,44,X,46,X,X,46 We can't even solve for The x's because we don't know the original ECX |
| Shism 28. Aug 2006 | either give us a bigger hint... or let use bruteforce it.... or get the crackme deleted.. |
| AlexeyG 28. Aug 2006 | Shism, the hex value are solvable. There are some logical equations for each of them, wich can be solved in a sec. Thinking now... Yes pass will be 4 chars and will consis of values, from the magic key. That's it I think. Am I right? |
| AlexeyG 28. Aug 2006 | Nah, I'm wrong, but 1st char still must be 0x5F I think |
| haiklr Author 28. Aug 2006 | Yes, I'm sure it's possible without bruteforcing (there is one 4 chars serial possible). AlexeyG > You're right for the first char :] Good luck |
| AlexeyG 28. Aug 2006 | a = 5F a+b+c+d = D5 => d = 4 a+b+c = D1 => c = D1-80 = 51 a+b = 80 => b = 80-5F = 21 so pass is: 5F 21 51 04 ? |
| AlexeyG 28. Aug 2006 | Edit: I made a mistake - replace D5 with F5 and you get 24 instead of 4. So pass is _!Q$. Just I thought I remembered it right, and I didnt, sorry |
| Shism 28. Aug 2006 | How did you get a = 5F...., how did you get a+b+c+d = D5 ?.. how did you get all those values |
| Shism 28. Aug 2006 | I mean how did you get F5 |
| AlexeyG 28. Aug 2006 | Well lets see... 1st of all you need to get the magic key, wich you almost had: 38,X1,44,X2,46,X3,X4,46 each X is a solution of smal logical equations, you can solve them easily (for each of them there are 16 possible values). Then when you get them it will give you an ASCII string, wich represents a hex value. This is where 5F,F5,D1,80 come from. And the equation system I posted before (with a,b,c,d variables) comes from the "encryption" routine - just check out what each byte is equal to. Do it step by step on a piece of paper. Pass length 4 is smallest and easiest to solve. Basicly that's it I think |
| Shism 28. Aug 2006 | Ah so there is more than 1 solution |
| iLych 29. Aug 2006 | ALL solutions _!Q$ !>!Q$ "=!Q$ #<!Q$ $;!Q$ %:!Q$ &9!Q$ '8!Q$ (7!Q$ )6!Q$ *5!Q$ +4!Q$ ,3!Q$ -2!Q$ .1!Q$ /0!Q$ 0/!Q$ 1.!Q$ 2-!Q$ 3,!Q$ 4+!Q$ 5*!Q$ 6)!Q$ 7(!Q$ 8'!Q$ 9&!Q$ :%!Q$ ;$!Q$ <#!Q$ ="!Q$ |
| iLych 29. Aug 2006 | Remark: It was all PRINTABLE solutions. But programm will accept any solution which obey 3 terms: 1) last 3 symbols is '!' - 0x21, 'Q' - 0x51 and '$' - 0x24 2) sum of rest symbols is 0x5F 3) of cource, all symbols should be not equal to 0x00 PS: Sorry for my english :S |
| haiklr Author 07. Sep 2006 | Thanks for your solution, cyclops :] |
| Noteworthy 09. Aug 2013 | Cracked, thanks haiklr for this crackme. |
| evaboy 09. Aug 2013 | @Noteworthy, please post your detailed solution tutorial. |
| arlkers 07. Aug 2014 | / / assuming the 4 digit, 1234 / / 4 logical circulation after: //00003100 //00313200 //31323300 //32333431, adding up to 2 non zero / / by 80D1F55F, thrust is: 5F (80-5F) (D1-80) (F5-D1)::"_!Q$" // Hypothesis 5 digit, 12345 / / 5 logical circulation after: //00003100 //00313200 //31323300 //32333431 //33343532, adding up to 2 non zero / / by 80D1F55F, thrust for: (5F-x) x (80-5F) (D1-80) (F5-D1) (x>=20): "??!Q$" / / to the characters from the keyboard input ASCII code for a minimum of 20h (space), // 5f/3=1f, non input character. max 5 bit ALL solutions _!Q$ ?!Q$ !>!Q$ "=!Q$ #<!Q$ $;!Q$ %:!Q$ &9!Q$ '8!Q$ (7!Q$ )6!Q$ *5!Q$ +4!Q$ ,3!Q$ -2!Q$ .1!Q$ /0!Q$ 0/!Q$ 1.!Q$ 2-!Q$ 3,!Q$ 4+!Q$ 5*!Q$ 6)!Q$ 7(!Q$ 8'!Q$ 9&!Q$ :%!Q$ ;$!Q$ <#!Q$ ="!Q$ |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.