Hi All
Here we are going to see another challenge from Crackmes.one for this challenge i say it's a mathematical funny :
You can get the executable file of the challenge(crackmes.de's ksydfius_128 by ksydfius) from this link : http://crackmes.one/crackme/5ab77f6633c5d40ad448cbce
the challenge give you basic interface with one button for checking your input :
in PEstudio i can see :
This file is compiled in 32bit cpu and .net is used so let s de-compile in DNspy :
so we can notice clearly two important functions Hehe and button1_click let s dive deep in the code :
this part it take you input calculate the length and then create an array with some hardened value in program
The second part it s a loop that take four character from your input and then it will be as an argument for Hehe function :
This function is simply take four character if your input is under four it will add "\0" character as chunk then the string is converted to an array of char and the every character is processed in the loop so the final returned result of this function will be like that :
Num=((char0*256 + char1)*256+char2)*256+char3
the result Num is just the hexadecimal value of the four character of str
Nice some mathematics hhhhh
After this step Num value will be added just to the first value in the hardened array then all the value of this array will be multiplied to your input length in the second iteration it will be added to the second value of the same array and sooo on
in Mathematics description the hardened array will be like that :
v0=(arrayV0+num0)*L
v1=((arrayV1*L)+num1)*L
v2=((arrayV2*L*L)+num2)*L
v3=((arrayV3*L*L*L)+num3)*L
L = is the length of your string
in this scenario 12<L<17 character and L is an integer
Nice i hope it s clear so the last part :
It just take every value in the array and convert it to hexadecimal string and add it to variable text2
which must equal "ffffffffffffffffffffffffffffffff" 32 F yes
in this enigma we have many unknown value the first one is the length of the string that we must respect (their s no mathematical solution for this equation) but i have guessed that it will be 15 character from the result value that must be "FFFFFFFF" in each stage
Each value in the array after all operation must be FFFFFFFF
(DON'T forget that Num in every stage is just the hexadecimal value of our input)
So for the first iteration we have to look now for the num value Length =F
FFFFFFFF/F=11111111 then i have to add 1 for signed value so it will be 111111111
and then i have to subtract the initial value of the array
111111111 - 12345678 = FEDCBA99
this is the first winning value : Num0=FEDCBA99
with same manner we are going to look for other values
in this stage
FFFFFFFF/F=11111111 then i have to add 1 for signed value so it will be 111111111h
(98badcfe *f)=8F2F2F2E2 => F2F2F2E2
Num1= 111111111h -(F2F2F2E2)
Num1=1E1E1E2F
we have to repeat the same step for num2 and num3
f00dbeef*f=E10CE3001 => 10CE3001
10CE3001*f=FC14D00F
Num2= 111111111h -(FC14D00F)
Num2=14FC4102
For Num3 :
c0ffeebf*f=B4EFEFD31 => 4EFEFD31
4EFEFD31*f= 4A0F0D5DF => A0F0D5DF
A0F0D5DF *f=96E1C8811 => 6E1C8811
Num3= 111111111h -(6E1C8811)
Num3=A2F48900
so the hexadecimal presentation of the winning string is :
FEDCBA991E1E1E2F14FC4102A2F48900
if you try to convert to ascii many character are not printable :
I hope it was very clear for you and don't hesitate to let s me a comment or question if you want
See you next time in new Reverse engineering challenge
Kind regards
Abdel
OffensiveNoob
