HMX0101's Newbie Challenge #1
| Download NC1.zip, 206 kb (password: crackmes.de) Browse contents of NC1.zip Newbie Challenge #1 by HMX0101
Difficulty: 1 - Very easy, for newbies | Send a message to HMX0101 » View profile of HMX0101 » |
Solutions
Solution by SK2K7, published 22. aug, 2008; download (3 kb), password: crackmes.de or browse.
SK2K7 has rated this crackme as awesome.
Discussion and comments
| hackereha 16. Aug 2008 | lol it's hard a bit:P i cant find the last char of serial yet but i will:P |
|---|---|
| Drakenza 16. Aug 2008 | It's quite hard :D I reversed the first check very easily, put it in equation form, solved for the 1st char of the S/N, and got it. However, when I input that character, it changes...? As far as I can tell it's related to the call to 453AC8, which I'm looking at and can't for the life of me understand. From pure observation it looks like 15 is added to the 1st char of the S/N, but only in some cases (for some reason a string like "7xx" doesn't get changed). I don't think it's a bug, more likely I'm missing something. |
| SK2K7 16. Aug 2008 | Hehe, nice one HMX0101 |
| hackereha 16. Aug 2008 | @Drakenza yea i realized that too it just adds it to letters i think:) |
| Ramirez 16. Aug 2008 | Hmm, i can pass all checks but checksum ... |
| MACH4 16. Aug 2008 | It's not hard! Just been too many rediculously easy ones lately! |
| Drakenza 16. Aug 2008 | @hackereha: yeah, it seems to add 15, but only in some cases :S (I figured out the 1st char and subtracted 15 from it, but when I put that in the serial it doesn't change). I've been stepping through that massive series of calls over and over but I have no idea what it's doing :D |
| br0ken 16. Aug 2008 | Any hints regarding the checksum? I can't seem to get past it :( |
| w00b 17. Aug 2008 | i'm guessing the checksum would have to do with the casing of the letters.. i could be wrong though |
| Zaphod 18. Aug 2008 | It was easy to find the correct serial using some analysis and a little bit of trial and error. But that is not a solution, of course, since any trial and error can be considered bruteforcing. Which is strictly forbidden :) A complete analysis is going to take some time... |
| w00b 18. Aug 2008 | The rules make it tough :) I coded an app to figure out the possibilities but I think that would be brute forcing so I can't submit a solution :) |
| HMX0101 Author 18. Aug 2008 | Damn.. maybe for the next one, i should lower the level a bit :P One question for the people who tried it and still don't get it: Do you think patching or bruteforcing is always the good/only choice? The algo in the crackme is perfectly reverseable, just need to try harder and use the grey-matter in your brain :D I just made this one, because i was sick of see some level1 crackme which don't learn you some reversing skills which you need for harder ones :) Regards! |
| Drakenza 18. Aug 2008 | @HMX0101: No, I think we've just had it too easy for too long ;). I prefer algorithms that are reversible rather than the ones you have to patch or bruteforce (you learn a lot more anyway). |
| SK2K7 18. Aug 2008 | Yes, it is full reversible, it can be solved with pen paper and calculator. |
| hackereha 21. Aug 2008 | so where's your solutions O.o? |
| SK2K7 21. Aug 2008 | Sorry, i never send solutions, but here is a little hint for you: ((39AB xor 12) AND FF) xor FF = 46 => 'F' now depending on case if result is capital or not it chooses an array which is the same as the letters of alphabet letters of your keyboard. Now count from 'Q' till 'F' -start at 0- so it is 13 till 'F' Now take normal alphabet table 'A..Z' start at 1 count 13 and you get first letter of the serial => 'M' Regards |
| br0ken 21. Aug 2008 | Umm, you're making it complicated. ((num XOR 0xFF) XOR 0x12) = 0xAB num = ((0xAB XOR 0x12) XOR 0xFF) = 4D = M |
| SK2K7 21. Aug 2008 | mm, yeah sounds my is a complicated (i was never good at math) But, as long as at the end comes the same result out, who cares ;) |
| Drakenza 22. Aug 2008 | Why do you have to start from A..Z and count 13 rather than start from 'F' and count 13? I guess I read the disassembly incorrectly... |
| br0ken 22. Aug 2008 | num = ((0xAB XOR 0x12) XOR 0xFF) = 46 = F The calculation produces 0x46 = F instead of M (sorry about that!) Cme seems adds/subtracts a certain depending on the letter entered. (trace CALL NC1.00453AC8) A + 22 = W B + 03 = E C + 15 = R D + 8 = L .. M - 7 = F I bruted a little to find out which char produces F. (sorry!) From the above table it's M. |
| HMX0101 Author 22. Aug 2008 | @hint: substitution cipher...:) |
| SK2K7 22. Aug 2008 | HMX0101, pm'd you my Pen and Paper solution ;) |
| HMX0101 Author 22. Aug 2008 | Nice sol, SK2k7 ;) You've submitted it?.. maybe can help some people around there =D |
| br0ken 22. Aug 2008 | woot! Solved it. The pwd has a lot Mass. Hehe ;) Won't submit a soln because i used a little amount of bruting, which of course makes my soln invalid. I'm looking forward to see a soln with 0% bruting. |
| SK2K7 22. Aug 2008 | Yeah, submitted i'll hope it will be accepted ;) |
| apuromafo 23. Aug 2008 | nice work :) @SK2K7 and nice challenge @hmx0101 |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.