PDA

View Full Version : Simple Math Problem


Bobber
April 28th, 2012, 12:52
Which i can't seem to figure out....

Hi all, so i am taking a look at a program and the registration routine is very simple but i can't seem to figure out 1 math problem, i just can't wrap my head around it so maybe anybody here can shed some light on it.

Code:

int iCheckCode(unsigned int iParamA, unsigned int iParamB, unsigned int iParamC)
{

int a = _SomeFunction(iParamB, iParamB);
int b = _SomeFunction(iParamA, iParamB);
int b2 = _SomeFunction(b, b);
int b3 = _SomeFunction(b, b2);
int result = _SomeFunction(a, b3);

}

unsigned int _SomeFunction(unsigned int arg1, unsigned int arg2)
{

unsigned int loc8;
unsigned int p = 1145225233;
unsigned int loc1 = arg1 >> 16;
unsigned int loc2 = arg1 & 65535;
unsigned int loc3 = arg2 >> 16;
unsigned int loc4 = arg2 & 65535;
unsigned int loc5 = loc1 * loc3 % p;
unsigned int loc6 = (loc1 * loc4 % p + loc2 * loc3 % p) % p;
unsigned int loc7 = loc2 * loc4 % p;
loc8 = 0;
while (loc8 < 32)
{
loc5 = (loc5 + loc5) % p;
++loc8;
}
loc8 = 0;
while (loc8 < 16)
{
loc6 = (loc6 + loc6) % p;
++loc8;
}
return (loc7 + (loc5 + loc6) % p) % p;
}


So the program generates a random number and makes a internet check with this number and the server replies with another number.

then the function is called iCheckCode(sentMsg, ReciviedMsg, 0);

then it checks if iCheckCode is correct.

I have a valid key so i am not looking to crack the program, just interested to see how its working, i checked the replies a few times and the result is always 35.

iCheckCode(731125647,1065029583,0) == 35
iCheckCode(720425132,1059830289,0) == 35
iCheckCode(22698512, 849307505) == 35

etc.

but i just cant figure out what the math is doing to make it work in the other direction and why its always coming out at 35, that's what i would like to learn and understand, if anybody with a bit of knowledge could help that would be great.

Thanks for your time.

naides
April 28th, 2012, 19:09
Suggestions:

Instead of using decimal constants and variables use their hex equivalent. Then operations start making more sense.

Do a walk-through with explicit hex numbers, that are easily recognizable:


Code:
unsigned int _SomeFunction(unsigned int arg1, unsigned int arg2) // arg1 = DEADB074; arg2 = BABED011;
{

unsigned int loc8;
unsigned int p = 1145225233; // p == 4442C011;
unsigned int loc1 = arg1 >> 16; // loc1 == DEAD the upper 2 bytes of arg1
unsigned int loc2 = arg1 & 65535; // loc2 ==B07A the lower 2 bytes of arg1
unsigned int loc3 = arg2 >> 16; // loc3 == BABE the upper 2 bytes of arg2
unsigned int loc4 = arg2 & 65535; // loc4 ==D011 the lower 2 bytes of arg2
unsigned int loc5 = loc1 * loc3 % p;
unsigned int loc6 = (loc1 * loc4 % p + loc2 * loc3 % p) % p;
unsigned int loc7 = loc2 * loc4 % p;
loc8 = 0;



And so on, doing it by hand, with an hex calculator. Much better, make an excel sheet using the hex operation capabilities of the software. Mathematica or MatLab could work, but have a much steeper learning curve.

You will see the internal mechanics.

Bobber
April 29th, 2012, 09:53
Thanks its a great idea, but i have been through it a few times with them also and i just can't seem to grasp what its doing, i can't help but think that its just performing some simple math functions that i can't put my finger on.

I reversed the random number generator to see where the sentMsg is generated and i got the following.

Code:

unsigned int p = 1145225233; // Same as in the other function
unsigned int sentMSG = p + rand() * (0 - p);


so i cant help but think that its just 1 big math problem and its using this P as a special number.

Thanks for your time.

blabberer
April 29th, 2012, 10:32
well from the info you gave and the algo you provided i dont think 35 could result
you must have the algo wrong

i just wrapped your algo into main() and ran it

result
Code:



lets try running this crap
foo is coming back as 2eaac626
foo is coming back as d1ca85f
foo is coming back as 15c30ef
Press any key to continue . . .



Code:

int _tmain(int argc, _TCHAR* argv[])
{
int foo;
printf("lets try running this crap\n";
foo = iCheckCode(731125647,1065029583,0);
printf("foo is coming back as %x\n",foo);
foo = iCheckCode(720425132,1059830289,0);
printf("foo is coming back as %x\n",foo);
foo = iCheckCode(22698512, 849307505,0);
printf("foo is coming back as %x\n",foo);
return 0;
}


locals

Code:

iParamA 0x2b94178f unsigned int
iParamB 0x3f7b0fcf unsigned int
iParamC 0x00000000 unsigned int
result 0x2eaac626 int
b3 0x0dfa3f7b int
b 0x2900cff4 int
b2 0x0b5c9d05 int
a 0x096d1598 int

Bobber
April 29th, 2012, 12:09
Quote:
[Originally Posted by blabberer;92420]well from the info you gave and the algo you provided i dont think 35 could result
you must have the algo wrong

i just wrapped your algo into main() and ran it

result


you are totally right sir, sorry. Double checking i wrote 1 function here from my head and messed it up, the correction should be:

Code:

int result = _SomeFunction(iParamB, b3);

change to

int result = _SomeFunction(a, b3);


Sorry for the mistake.

Bobber
May 1st, 2012, 07:07
Still looking for a bit of help on this if anybody can.

I understand that the function is somehow always getting the remainder of the division of P but i am not much further yet.