tcn30's Crackme 3
| Download Crackme3.zip, 63 kb (password: crackmes.de) Browse contents of Crackme3.zip Type in the correct username and password. No patching allowed.
Difficulty: 3 - Getting harder | Send a message to tcn30 » View profile of tcn30 » |
Solutions
Solution by main, published 01. nov, 2008; download (1284 kb), password: crackmes.de or browse.
main has rated this crackme as quite nice.
Discussion and comments
| soychino 25. Dec 2007 | richard peugeot because decode and encode are reversible so it's simply a md5 encryption |
|---|---|
| tcn30 Author 25. Dec 2007 | there is another username and password as well. |
| soychino 25. Dec 2007 | are the md5s of username and serial as follows? 5532EA1121C4C3C8ACEC7f1D378A3F76 67F3A873D1F7CECA8C3C4C1211AE2355 |
| tcn30 Author 25. Dec 2007 | Yes thats the MD5 username and pass. But there is also another username and pass that uses a different encryption technique. |
| m@rio_crk 25. Dec 2007 | OK one pair of solution is: 6AE199A93C381BF6D5DE27491139D3F9 9F6CF82DEB99289E14AEA9DCC24E54CB (which is solved by soychino) and the second pair: 67F3A873D1F7CECA8C3C4C1211AE2355 23EB5D0DDB99AF268BC17C9A63D32AD5 that one is harder. I tried standard english dictionary attack and bruteforce with 0-9 charset, no result.. (Celeron M 1,6 Mhz ;P ) |
| tcn30 Author 25. Dec 2007 | Not sure where you got that 2nd pair from as thats simply incorrect. |
| soychino 26. Dec 2007 | the first condition has been worked out ,as to the second i think the condition is decrypt(1p9vPg/XRe.......,ABDF743.....)=decrypt(encrypt(md5(serial),ABDF743.....),ABDF743.....) so we can assume encrypt(md5(serial),ABDF743.....)=1p9vPg/XRe.......,thus md5(serial)=decrypt(1p9vPg/XRe.......,ABDF743.....),there is also a similar equation of the username,but it there seems no solution, am i wrong ? ps: the encryption consists of rijindael and base64,right? |
| tcn30 Author 26. Dec 2007 | The tutorial submitted by synak is far from complete. It only shows how to find the 1st username & pass so that tut is invalid. |
| m@rio_crk 26. Dec 2007 | soychino: Little mistake here: md5(serial)=decrypt(1p9vPg/XRe.......,ABDF743.....) NOT serial, but name: md5(name)=decrypt(1p9vPg/XRe.......,ABDF743.....) and so: md5(name)=67F3A873D1F7CECA8C3C4C1211AE2355 and for md5(serial) = 23EB5D0DDB99AF268BC17C9A63D32AD5 I checked this couple of times now, it must be right, but this also needs to be bruteforced.. |
| tcn30 Author 27. Dec 2007 | I think you must have the first crackme i submitted, it has been updated since then. |
| tcn30 Author 27. Dec 2007 | 1p9vPg/XReKyDADJx7O1juK6KwsNneaLV+iztkVVjptfLHbxO+suSRX8V/lZ+ZJ3 8+k/OamDIWXKRS7UrbAfiizNVwtnb3+WNSzdENYNaWNQp4uCP1NbjLAzIAf2eKJq Thats the 2nd encrypted username and password. |
| MACH4 06. May 2008 | tcn30, Are you expecting us to Bruteforce this? it would take years! Are there any clues? Perhaps the first char of name! What dictionary are we using? Is the serial numeric, alphnumeric etc? Need some guidance because I can't see a way of reversing the algo! MACH4 |
| main 20. Oct 2008 | Can you say the length of user name and password? Then we know if bruteforcing is an option. |
| main 20. Oct 2008 | I found the special username and password :) Both username and password are 7 characters. So, bruteforceable for you who want to try! |
| main 20. Oct 2008 | I saw someone already found that. The second username is Santa101, but I have not found the second password. |
| main 20. Oct 2008 | The second password is Xmas909 :P |
| tcn30 Author 28. Oct 2008 | congrats, a solution would be nice :) |
| main 28. Oct 2008 | Actually, I don´t know if my solution is a "real" solution, but, well, I solved it, so maybe I could post solution then :) |
| tcn30 Author 29. Oct 2008 | Well you managed to find the username and password. Just tell us all how u did it. I`d like to know myself :) |
| main 30. Oct 2008 | I wrote long comment about how I solved it, but it got deleted by moderators... I can post short solution later if no one else does it. |
| tcn30 Author 01. Nov 2008 | Excellent solution main, i really am impressed. Some of you guys really are very very clever. Well done! |
| main 01. Nov 2008 | Thanks :). Good work yourself! |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.