Kostya's Easy Math Quest
| Download MathQuest.zip, 5 kb (password: crackmes.de) Browse contents of MathQuest.zip Easy Math Quest (EMQ) is more easier than previous.
Difficulty: 3 - Getting harder | RatingWaiting for at least 3 votes View profile of Kostya » |
Solutions
Solution by ratsoul, published 19. apr, 2007; download (5 kb), password: crackmes.de or browse.
ratsoul has not rated this crackme yet.
Discussion and comments
| pseudonym 01. Apr 2007 | Well I'm pretty sure I understand at least the first password algo - but without a supercomputer, I ain't gonna even try bruting it; but I can't see any other way? Have I missed something? |
|---|---|
| Kostya Author 01. Apr 2007 | Dunno about the supercomputer, but to solve this one i used my old computer: 700MHz (256MB memory). That's it. So u missed something. Dunno what. But i can say that it is easy to solve but not to brute. The first pass maybe u can brute but the second one is impossible to brute. So i recommend u to look through the code and to sinlge out the main algo. Just imagine what these all instructions looks like. So, there is another way (without bruting). And btw, it's maybe not level 2, it's just my opinion. It is a bit higher (maybe yes or maybe no). :)) |
| pseudonym 07. Apr 2007 | To me the first algo looks something like: (A1*a)+(A2*b)+...+(A9*i) = K Where A(x) = Constant values (hardcoded) K = constant value (hardcoded) a,b,c... = values to discover - which will be ascii char codes. Maybe my maths isn't good enough to work out a simple solution... |
| bundy 07. Apr 2007 | Actually, you wrote here only a small part of the first algo. There are some more similar parts (with different A(x) and K's). After you write those under what you already have ... |
| Kostya Author 08. Apr 2007 | What bugs? Have u found the last pass? |
| ratsoul 17. Apr 2007 | Nice crackme... but solved :) |
| Kostya Author 19. Apr 2007 | Good work ratsoul, next crackme wouldn't be so easy, I swear! :) |
| bundy 20. Apr 2007 | Really good work ratsoul. If I wouldn't be as lazy as I am, I would write a solution as well. As I understood the code the procedure 3 you mention is a in-place base64decode function (a very nice one [the range checking is awesome]). Next thing is the procedure 4 - I called it simply convert. If the base64 decoded string starts with $, x or X a hex conversion starts. So there are 4 direct passwords for 3rd editbox: $5ADFA680 = JDVBREZBNjgw x5ADFA680 = eDVBREZBNjgw X5ADFA680 = WDVBREZBNjgw 1524606592 = MTUyNDYwNjU5Mg== Waiting for another math crackme ;) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.