Results 1 to 5 of 5

Thread: Key generation

  1. #1

    Key generation

    Hey all! First post here and I've got a question. I recently cracked my very first crackme, well I didn't crack it but had to give it a correct username/password. However, I didn't get to the right result by the method I originally imagined I would have to go by. The algorithm that the username uses is simple,

    Code:
    xor edi, edi
    xor ebx, ebx
    for each letter in the string:
    mov ebx,[letter]
    imul edi, 0a
    add edi, [ebx-30]
    once done:
    xor edi,5678
    And the password algo is something very similar and simple as well. I imagined I would get an answer by backtracking through the equations, however this did not go well, and I basically had to try every letter combination to find a correct combination. And so my question, if backtracking was impossible (as in having to use a guess and check method) for such a simple algorithm, is the art of key generation really just the art of brute forcing? Is there a way I can find the input to equation 2 to give me the same output as equation 1, from the output of equation 1 without resorting to brute force?

    Well, Cheers all and happy holidays.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Well, there is no need to brute-force this at all.

    Assumed that the last operation (xor edi,5678) must yield zero, your pass/serial whatever would be 22136 (though there are others possible with so little information). The algorithm does the following: take numbers and concatenate them in the sequence they appear.
    More mathematically it does it like this: (x1 * 10 + x2) * 10 + x3) * 10 + x4) * 10 + x5 aso.
    If there are for instance eight numbers you can simplify this to: x1, x2x3x4x5x6x7x8 * 10^7 or more abstract: (x1,x2...xn) * 10^(n-1)
    Example: 2,2136 * 10^4 = 22136 with x1 = 2, x2 = 2, x3 = 1, x4 = 3 and x5 = 6
    So, now that you know your numbers are just concatenated you'll also see, that the result is xored with 0x5678 which is 22136(dec).
    That's it.

    Look at the algo:
    xor edi, edi <- zero edi
    xor ebx, ebx <- zero ebx

    mov ebx,[letter] <-after that ebx holds the hexvalue of the letter (for numbers this is 30 to 39 (0 - 9))
    imul edi, 0a <- result * 10(dec) - it's zero in the first run
    add edi, [ebx-30] <- add the original number to the result - for the number 5 this is 35 - 30 = 5 again

    xor edi,5678 <- xor the result with 0x5678 or 22136(dec)

    That was easy wasn't it?!

    Hope that helps.

    To answer your question: sometimes brute-force is the only way, but that's rare.
    There is no mightier weapon than pen and paper.

    Regards
    darkelf
    Last edited by Darkelf; December 16th, 2011 at 15:21. Reason: made it more readable
    I flout Chuck Norris, Spongebob barbecues underwater!

  3. #3
    To answer your question: sometimes brute-force is the only way, but that's rare.
    There is no mightier weapon than pen and paper.
    Indeed.

    Know your code.

    Woodmann
    Learn Or Die.

  4. #4
    I am very thankful for your simple and clear answer.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    You're welcome.
    I'm glad I could help you a bit on your way into the realm of RCE.
    Feel free to ask questions over and over again. It's the key for a better understanding.

    Regards
    I flout Chuck Norris, Spongebob barbecues underwater!

Similar Threads

  1. License generation WLSCGEN
    By calvin in forum The Newbie Forum
    Replies: 0
    Last Post: March 2nd, 2010, 04:38
  2. how does certificate generation work ?
    By p_2001 in forum The Newbie Forum
    Replies: 15
    Last Post: March 17th, 2009, 11:57
  3. keyfile generation in RaidenFTPD v2.2 build 688?
    By pReJkEr in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: February 8th, 2002, 18:38
  4. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 2
    Last Post: June 18th, 2001, 13:14
  5. FlexLM license generation
    By Killer_l00p in forum Malware Analysis and Unpacking Forum
    Replies: 0
    Last Post: June 15th, 2001, 05:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •