X-Treem's Communicate 1.0
| Download Communicate1_0.zip, 3 kb (password: crackmes.de) Browse contents of Communicate1_0.zip The target is keygening it or at least find out a working username and password. It requires some communication knowledge and a little bit of fantasy to workout...uhm..how can we call it?...ah yes!!..a key. Or shall we say..The Key.
Difficulty: 4 - Needs special knowledge | RatingVotes: 10 View profile of X-Treem » |
Solutions
There are no solutions to this crackme yet. Have you solved it? Please write a tutorial and submit it here!
Discussion and comments
| red477 18. Jul 2006 | Nice crackme...;) |
|---|---|
| EvOlUtIoN 18. Jul 2006 | Very difficult... any solution? |
| BoR0 19. Jul 2006 | I doubt this crackme is keygenable. It may contain just one valid key and one valid user I think. The main thing is, we have a 73-byte key (which is kind of a code cave). Now our username and password (xored and all that stuff by that nasty algorithm) should make the code cave return 0x180C in sum, AS WELL AS making the code-cave a bunch of set of instructions, which in my opinion is kind of impossible. I didn't find a message saying "Good job", or etc. So this means that we have to write ourself a code that does it all for us (in only 73 bytes)? I kindly ask the author to send me a message (hint me?) about this crackme. |
| X-Treem Author 19. Jul 2006 | if u dont know how to afford a simple cryptoanalysis stop trying with this keygenme. There was an old Spider crackme called Christmas that used same way protection and that one has been soluted this means it's not impossible. A xor B = C that means that any combination of A and B that gives out C are good. C is you cave and this means that not only 1 username and password are correct. 73bytes are enough for doing almost everything. The fact you cant find any good job message doesnt mean there is not. |
| hardcoder 22. Jul 2006 | This crackme should be rated more than 6, to hard to figure out what's happening, anybody out there for solution |
| zairon Moderator 22. Jul 2006 | Where are you stuck? What's the part you think it's hard? I think it's not so hard but if you guys have some problems I can think to raise the level up; I have only to know which are the problems :) |
| crp- 23. Jul 2006 | finding out whats happening is actually pretty straight forward. 0x49 bytes of ciphertext with an unknown 0xE byte key and an almost unknown plaintext is a bit more challenging :) |
| LAS3R 24. Jul 2006 | agree with zairon, it's not that hard, xor algo, seen worse, i would rate it 3-4 , but very entertaining crackme, ideas i never thougth of! Nice work! |
| ultrasound 24. Jul 2006 | i am stuck with same thing as you BoR0.. it seems if the 'sum(XORed_magic_bytes)!=0x180C' then the instruction 'retn' is written to pipefile and executed, else the 'XORed_magic_bytes' are executed themselves (as they are written to the pipefile before the XOR is reversed)... As BoR0 said, are we supposed to XOR this code until it is some valid code?? |
| nasa_t 25. Jul 2006 | Here,i have same problem with BoR0,ultrasound.It is easy to find how to make the crackme show you the encrypted good_boy message. I use general instructions such as:push ebp/mov ebp,esp at the beginning,and leave/retn 4 at the end to make the cryptoanalysis easier.But these instructions crashes themselves,coz the push ebp/mov ebp and leave/retn 4 should have indistinct xor key. After all,if we only ontain just several certain xor key,the job will be much more interesting.But I can't guess the tricky behind,and bruteforce would be impossible. Guys like LAS3R,if you find the backdoor or trick,please write tut,and we will appreciate you and X-Treem. BTW:data at 004030B6 may be C2 04 00,not C2 00 04,otherwise it will crash after input 0xE bytes name and serial. :) |
| Isaiah 25. Jul 2006 | I think the key like this ?? ?? ?? ?? ?? 7A EF ?? ?? 2D 98 D4 6B |
| Isaiah 25. Jul 2006 | I suppose the 73 bytes code begin with push ebp mov ebp,esp and end with: leave retn 4 I spend 10 hours to bruteforce the KEY.But False |
| crp- 25. Jul 2006 | > suppose the 73 bytes code begin with > push ebp > mov ebp,esp > and end with: > leave > retn 4 this is not possible since 0x5A ^ 0x00 != 0xC3 |
| crp- 25. Jul 2006 | oops.... 0x5A ^ 0x00 != 0xC2 of course |
| Isaiah 25. Jul 2006 | oh~.I'm wrong~~. is anybody find the Key? |
| BoR0 27. Jul 2006 | I passed the 180Ch sum check, hehe. But the program crashes now ;) szUser db "BoR0 loves you", 0 szPassword db 0F1h, 0BBh, 0A7h, 26h, 17h, 34h, 16h, 0ECh, 0DEh, 0AFh, 0DDh, 067h, 8Bh, 70h, 0 For full bruteforce code check out http://www.cyberspace.org/~tehmath/communicate.brute.asm |
| crp- 27. Jul 2006 | you found just 1 of billions of keys that yiels to correct checksum. i think the correct way to solve this is to "guess" some code bytes right, and work from that, however that might take a long time... |
| Isaiah 27. Jul 2006 | the each byte of the KEY must between 0 to 0x7F |
| crp- 27. Jul 2006 | there seem to be no keys that consist only of 00-7F bytes and produce a correct checksum |
| Isaiah 27. Jul 2006 | oh,but the key generate by XOR opration between name and password.so the each byte of KEY must between 0x7F. I get some hint from author he say the plaintext like this: .Code ... ret 4 szGoodjobMsg db dup(?) |
| crp- 27. Jul 2006 | > oh,but the key generate by XOR opration between name and > password.so the each byte of KEY must between 0x7F. hmm, only if name and password also only consist of 0x00-0x7F |
| X-Treem Author 27. Jul 2006 | as i told in pm to someone else... Isaiah assumption are right and the code is really simple so assuming first three bytes of code (means last three bytes of the key) is really simple, i can suggest MB_OK maybe someone understand with the last three bytes of key then is simple to find text and rest of key. |
| crp- 27. Jul 2006 | if Isaiah assumptions are right then its impossible to solve as there are no keys (with every byte in the 0-0x7F range) that produce plaintext with a checksum of 0x180C. |
| Isaiah 28. Jul 2006 | The first byte of code isn't decrypted by the last three byte of Key.It's decrypted by the sixth,seventh and eighth byte of the Key |
| crp- 28. Jul 2006 | > It's decrypted by the sixth,seventh and eighth byte of the Key are we trying to solve different crackmes ? ;) |
| BoR0 29. Jul 2006 | This might come handy. #include <stdio.h> int main() { int k,x; for (x=13,k=72;k>=0;k--,x--) { if (x<0) x=13; printf("key[%d] = szuser[%d] ^ szpass[%d]\n", k, x, x); } return 0; } |
| Isaiah 29. Jul 2006 | I made a mistake~.I thought the key length is 13,but it's 14 |
| ultrasound 29. Jul 2006 | the problem i am having with this is that you cant assume the last byte of the code is the last byte that will be executed.. the 'retn 4' mnemonic could be anywhere in the bytes, not specifically 70->73.. the only thing you can be sure of is that it starts at the start, which you would assume, as above, starts with: push ebp mov ebp, esp but the hex for this is 55, 8B, EC, which would require the last three bytes of the key to be 00, 7A, EF.. but as Isaiah has said, you cant produce EF by XORing characters (normal characters) which would be your name/serial... so if this isnt the starting code, then what could it be !!? |
| BoR0 29. Jul 2006 | This type of code/encryption is very useful, and can save lots of needed information. Hmm... maybe I will write a file encrypter soon.. |
| X-Treem Author 29. Jul 2006 | lol ok ok my mistake :) i was taloking about Isaiah assumption about code (kindly hinted). dont pay attention that serial will never be a text string, there could be any char from 0 to 255, the routine is really a shit, the keygenme goal is to let you crack you brain to find how serial and pass are checked and find out encripted "good job" routine code. So do not focalize on how could be serial appearance. |
| jE! 29. Jul 2006 | hey, author, as i understood, in PASSWORD box we need to put non english letters?? if so, then this is incorrect crackme IMHO |
| LAS3R 30. Jul 2006 | jE! a hint "copy and paste" ;) |
| BoR0 30. Jul 2006 | This one is really nice, but still I doubt it's a keygenme. More like a crackme. |
| X-Treem Author 30. Jul 2006 | lol it's a keygenme :) hard thing is finding key, not algo :) crackmes.de moderator has been given a valid username and serial to test functionality. LAS3R is right, copy and paste :) so stop crying about appearance, apply on method. |
| jE! 30. Jul 2006 | it is incorrect:) :)from where copy?? in edit box expected to put printable inglizh chars 20h-7Fh; Otherwise use HEX input, then convert... so is in all normal crackmes, if you look.. |
| X-Treem Author 31. Jul 2006 | ... i repeat, if you are able find the Key used to encrypt code using brain well,otherwise do not try. |
| ixiodor 27. Dec 2010 | Dear Friends,after 8 hour i have cracked this crackme ^^ It's really simple guys! Tomorrow i make a tutorial. |
| ixiodor 27. Dec 2010 | P.S no Needs special knowledge. Only a low level programmation skill (XOR Foundament) and brain.(I coded 2 programs for do this). |
| ixiodor 04. Jan 2011 | Solution (Italian): http://quequero.org/Soluzione_Communicate_1.0 |
| X-Treem Author 05. Jan 2011 | I checked it and this was the solution i was expecting. Great job ixiodor |
You may leave your comment, thoughts and discuss this crackme with other reversers here.
Acting childish will not be tolerated.
HTML and such will be left as-is, so don't try.