qpt^J's Keygenme 6
| Download keygenme.zip, 68 kb (password: crackmes.de) Browse contents of keygenme.zip Hello, this is my 6th keygenme
Difficulty: 4 - Needs special knowledge | Send a message to qpt^J » View profile of qpt^J » |
Solutions
Solution by hound, published 13. may, 2010; download (82 kb), password: crackmes.de or browse.
hound has rated this crackme as awesome.
Discussion and comments
| KKR_WE_RULE 03. May 2010 | Hmm.. Appears to be ECC.. Will try to solve.. :) |
|---|---|
| qpt^J Author 04. May 2010 | Yea, man, you got it Good luck in solving :) |
| Xspider 05. May 2010 | why KANAL doesn't find it find just CRC32!! |
| qpt^J Author 06. May 2010 | Kanal wont help you too much. You need to apply IDA signatures for miracl |
| KKR_WE_RULE 06. May 2010 | I used Olly to figure out what it was. I kinda suck with IDA :p But as my luck would have it, till that day, I've not got a single spare hour to try to solve it :( I guess I'll have to wait for the week end :) |
| KKR_WE_RULE 06. May 2010 | Ok.. I got 5 mins & was looking at the routine. Chksum of name, check serial for $2D & after this suddenly the kgm terminated. is it any Anti-debugging crap or is it my crappy netbook ? |
| qpt^J Author 06. May 2010 | There is no antidbg tricks. Maybe your input or serial base is invalid |
| Numernia Moderator 06. May 2010 | this keygenme is extremely straightforward. its nice to not have to deal with FGint though... |
| KKR_WE_RULE 06. May 2010 | Yea, as far as my reading goes, it genning is actually signing. Key = Sign(Crc(name)). May be there are other custom hashes used, but didn't did that deep yet. I am running short of time :( |
| qpt^J Author 06. May 2010 | I dont used any hashing in keygenme. only crc checksum Keygenme dont have any obfuscations and tricks. Just a simple keygenme :) You need only to understand whats going on in it, and you can easily keygen it Good luck :p |
| KKR_WE_RULE 06. May 2010 | yea, thats why why i said 'Maybe'. Good 2 hear that there arn't any other than crc32. Then thats the way to gen it :) I'll try to submit a soln, of I get time :) |
| hound 11. May 2010 | So far I have the problem defined as: s1 = first section of serial. s2 = second section of serial. c = CRC32 of name. s2_inv = inverse of s2 (mod 398B47BC33879) r1 = (c * s2_inv) (mod 398B47BC33879) r2 = (s1 * s2_inv) (mod 398B47BC33879) P1 and P2 are defined points on an elliptic curve. P3 = r1*P1 + r2*P2. Serial is valid if the x-coordinate of P3 is equal to s1. However, I am now in a bit of a pickle on how to actually find a solution to this. Any suggestions :( ? |
| cyclops Moderator 11. May 2010 | You know its ECC, and from the two parts of the serial, you can deduce it as some kind of signature scheme. Try to find some basic ECC signature schemes ;) |
| hound 11. May 2010 | Thanks cyclops! Those last little keywords have brought up a wealth of information on google. I had a basic understanding of ECC and how to solve the DLP using the baby-step giant-step algorithm, but that is about it. Cheers! |
| hound 11. May 2010 | Wow. Turns out the first ECC signature algorithm I stumble upon is exactly what I need ;). I hadn't looked at signature schemes over EC fields before, so this has definitely been a helpful crackme in terms of learning! Will definitely write up a solution. |
| hound 11. May 2010 | Hmm I think I spoke to soon. As KKR_WE_RULE said, the solution to this is the signing process (for ECDSA). However, won't this require recovering the signing key s, where it is defined: P2 = s*P1? I.e. solving the DLP ...? |
| hound 11. May 2010 | Finally solved. This has been a very nice introduction into ECDSA, as "simple" as it is :). |
| qpt^J Author 11. May 2010 | wow, I don't think that this keygenme will be so interesting for people :) thanks for solving, hound, hope you enjoyed it ;) |
| Xspider 11. May 2010 | @gpt^J: why it is not O_o anyway it is SO interesting for me :D @hound: waiting ya solution! |
| Coderess 13. May 2010 | Awesome keygenme :) |
| Xspider 13. May 2010 | thank's mate for ya solution :D |
| andrewl.us Moderator 13. May 2010 | well done, hound! :) congrats |
| qpt^J Author 14. May 2010 | thanks for nice solution, hound ;) |
| tamaroth Moderator 13. Jan 2011 | I decided it's about time to get my head around ECC, so I grabbed this crackme and tried to crack it. But for some reason my code is unable to generate the proper values and i do not know why: 1. crc of the name is correct 2. private key i found was exactly the same as the one in the solution (although slightly different job file) 3. i implemented an ECDSA verification in C++ with your curve parameters, and for my numbers everything's verified, but it still doesn't work with your kgme. The only difference i noticed was the usage of divide in my code (that's how i found it in papers, wiki and in miracl sources) Any tips? if you want/need i can show you my code, just let me know ;p |
| qpt^J Author 13. Jan 2011 | the miracl lib, which i've used in it, was from some old versions, wheres some bugs in ecc functions. I noticed this only when i've used same lib in making keygen for one commercial software. And maybe you're using old version too? so it's not your fault ;) |
| qpt^J Author 13. Jan 2011 | ah, and please pm me your code also :) |
| tamaroth Moderator 13. Jan 2011 | Code is basically ripped from miracl, using 5.2 if i remember correctly. I'll drop you the code tommorow :) |
| KKR_WE_RULE 15. Jan 2011 | Why this kgm made my life difficult ? Well here is why : 1) Miracl Library : When I saw function names like 'mad' , I was like - "Are these Shamus guys nuts ??" then thanks to documentation I was able to go through royal Shamus crap :) 2) ECDLP : I made a job file for kgm & & used Mr.Haandi's Creation. But what the heck, it was running for eternity.My fault i mistyped the 'a' param. But after rectifying that, I got the K(private key) = 0 . Now I was like, wtf!! Then on experimenting a bit, with the job file & then a half an hour intermission of a film that qpt was watching yesterday, he was talking to me. He solv'd the ecdlp using my job file. Then I realised that the factor count was creating the prob. Infact there are two factors : '5' & another big one. but when the factor count is 2 & the '5' is included in the factor, private key is 0. But if the factor count was & 5 was excluded from the factor list, we get a private key . I still dont understand why!! Now writing the gen was not the prob.. Wrote a genner in less than 5 mins & amazingly to my surprise, it works!! If some one takes some pain in explaining the factor problem, I'll be greatful to him :) Regards KKR |
| tamaroth Moderator 15. Jan 2011 | I was using Mr. Haandi's ECDLP solver 0.2 with this job file: GF := GF(1012325832444403); E := EllipticCurve([GF|-3,876059939881460]); G := E![472617234852198,294947133781418]; K := E![563102923360204,103148785834121]; /* FactorCount:=2; 5; 202465173611749; */ This took just couple of seconds on my machine, result is this: Elliptic Curve defined by y^2 = x^3 + -3*x + 876059939881460 over GF(1012325832444403) k*G=K G=[472617234852198,294947133781418] K=[563102923360204,103148785834121] Order(K)=5*202465173611749 Initializing rho solver k*G=K G=[530546720178592,121972385715163] K=[36345436447195,851565637956894] Starting thread 0 Starting thread 1 Starting thread 2 Starting thread 3 Time for 10000000 steps: 936 Time 1310ms; Steps: 14791488; Points: 883 k=134338524339855 Found k=741734045175102; time=1326ms So on my end everything works as it should. qpt^J: i've send you link to my code via pm ;-) |
| KKR_WE_RULE 16. Jan 2011 | Dunno whats wrong with my machine. Job that gave k = 0; GF := GF(1012325832444403); E := EllipticCurve([GF|-3,876059939881460]); G := E![472617234852198,294947133781418]; K := E![563102923360204,103148785834121]; /* FactorCount:=2; 5; 1012325868058745; */ Now Change Factor count to 1 & remove the '5' from the factor list. Now k = 741734045175102; Here is the job which gives k = 741734045175102; GF := GF(1012325832444403); E := EllipticCurve([GF|-3,876059939881460]); G := E![472617234852198,294947133781418]; K := E![563102923360204,103148785834121]; /* FactorCount:=1; 1012325868058745; */ Can any1 explain the reason for this ? |
| andrewl.us Moderator 16. Jan 2011 | KKR: check your curve order factors sage: E=EllipticCurve(GF(1012325832444403),[0,0,0,-3,876059939881460]) sage: E.order() 1012325868058745 sage: factor(1012325868058745) 5 * 202465173611749 |
| tamaroth Moderator 16. Jan 2011 | OK, i have solved it finally. tamaroth 379897EA7254B-37ED198B7FF3C I've learned quite a lot about ECC and ECDSA while having trouble with this particular crackme. I'm still not quite sure what was wrong previously, because i have spend a lot of time modifying my code and i don't really know what was wrong back then, but now it's working. Thanks a lot for this awesome introduction into ECC ;-) (and you hound too for guidance with your code and solution) |
| KKR_WE_RULE 17. Jan 2011 | hehe, congratz tamaroth :) Now give HappyTown26 a try :) |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.