Results 1 to 6 of 6

Thread: Simple Math Problem

  1. #1

    Simple Math Problem

    Which i can't seem to figure out....

    Hi all, so i am taking a look at a program and the registration routine is very simple but i can't seem to figure out 1 math problem, i just can't wrap my head around it so maybe anybody here can shed some light on it.

    Code:
    int iCheckCode(unsigned int iParamA, unsigned int iParamB, unsigned int iParamC)
    {
    
                int a = _SomeFunction(iParamB, iParamB);
                int b = _SomeFunction(iParamA, iParamB);
                int b2 = _SomeFunction(b, b);
                int b3 = _SomeFunction(b, b2);
                int result = _SomeFunction(a, b3);
                
    }
    
    unsigned int _SomeFunction(unsigned int arg1, unsigned int arg2)
            {
    
                unsigned int loc8;
    	    unsigned int p = 1145225233;
                unsigned int loc1 = arg1 >> 16;
                unsigned int loc2 = arg1 & 65535;
                unsigned int loc3 = arg2 >> 16;
                unsigned int loc4 = arg2 & 65535;
                unsigned int loc5 = loc1 * loc3 % p;
    	    unsigned  int loc6 = (loc1 * loc4 % p + loc2 * loc3 % p) % p;
                unsigned int loc7 = loc2 * loc4 % p;
                loc8 = 0;
                while (loc8 < 32) 
                {
                    loc5 = (loc5 + loc5) % p;
                    ++loc8;
                }
                loc8 = 0;
                while (loc8 < 16) 
                {
                    loc6 = (loc6 + loc6) % p;
                    ++loc8;
                }
                return (loc7 + (loc5 + loc6) % p) % p;
            }
    So the program generates a random number and makes a internet check with this number and the server replies with another number.

    then the function is called iCheckCode(sentMsg, ReciviedMsg, 0);

    then it checks if iCheckCode is correct.

    I have a valid key so i am not looking to crack the program, just interested to see how its working, i checked the replies a few times and the result is always 35.

    iCheckCode(731125647,1065029583,0) == 35
    iCheckCode(720425132,1059830289,0) == 35
    iCheckCode(22698512, 849307505) == 35

    etc.

    but i just cant figure out what the math is doing to make it work in the other direction and why its always coming out at 35, that's what i would like to learn and understand, if anybody with a bit of knowledge could help that would be great.

    Thanks for your time.
    Last edited by Bobber; April 29th, 2012 at 12:06.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    Suggestions:

    Instead of using decimal constants and variables use their hex equivalent. Then operations start making more sense.

    Do a walk-through with explicit hex numbers, that are easily recognizable:


    Code:
    unsigned int _SomeFunction(unsigned int arg1, unsigned int arg2)  // arg1 = DEADB074;    arg2 = BABED011;
            {
    
                unsigned int loc8;
    	    unsigned int p = 1145225233;  // p == 4442C011;
                unsigned int loc1 = arg1 >> 16;     // loc1 == DEAD  the upper 2 bytes of arg1
                unsigned int loc2 = arg1 & 65535;  // loc2 ==B07A  the lower 2 bytes of arg1
                unsigned int loc3 = arg2 >> 16;    // loc3  == BABE   the upper 2 bytes of arg2
                unsigned int loc4 = arg2 & 65535;  // loc4 ==D011  the lower 2 bytes of arg2
                unsigned int loc5 = loc1 * loc3 % p;
    	    unsigned  int loc6 = (loc1 * loc4 % p + loc2 * loc3 % p) % p;
                unsigned int loc7 = loc2 * loc4 % p;
                loc8 = 0;

    And so on, doing it by hand, with an hex calculator. Much better, make an excel sheet using the hex operation capabilities of the software. Mathematica or MatLab could work, but have a much steeper learning curve.

    You will see the internal mechanics.

  3. #3
    Thanks its a great idea, but i have been through it a few times with them also and i just can't seem to grasp what its doing, i can't help but think that its just performing some simple math functions that i can't put my finger on.

    I reversed the random number generator to see where the sentMsg is generated and i got the following.

    Code:
    unsigned int p = 1145225233; // Same as in the other function
    unsigned int sentMSG = p + rand() * (0 - p);
    so i cant help but think that its just 1 big math problem and its using this P as a special number.

    Thanks for your time.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Super Moderator
    Join Date
    Dec 2004
    Posts
    1,456
    Blog Entries
    15
    well from the info you gave and the algo you provided i dont think 35 could result
    you must have the algo wrong

    i just wrapped your algo into main() and ran it

    result
    Code:
     
    
    
    lets try running this crap
    foo is coming back as 2eaac626   
    foo is coming back as d1ca85f
    foo is coming back as 15c30ef
    Press any key to continue . . .
    Code:
    int _tmain(int argc, _TCHAR* argv[])
    {
    	int foo;
    	printf("lets try running this crap\n");
    	foo = iCheckCode(731125647,1065029583,0);
    	printf("foo is coming back as %x\n",foo);
    	foo = iCheckCode(720425132,1059830289,0);
    	printf("foo is coming back as %x\n",foo);
    	foo = iCheckCode(22698512, 849307505,0);
    	printf("foo is coming back as %x\n",foo);
    	return 0;
    }
    locals

    Code:
    		iParamA	0x2b94178f	unsigned int
    		iParamB	0x3f7b0fcf	unsigned int
    		iParamC	0x00000000	unsigned int
    		result	0x2eaac626	int
    		b3	0x0dfa3f7b	int
    		b	0x2900cff4	int
    		b2	0x0b5c9d05	int
    		a	0x096d1598	int

  5. #5
    Quote Originally Posted by blabberer View Post
    well from the info you gave and the algo you provided i dont think 35 could result
    you must have the algo wrong

    i just wrapped your algo into main() and ran it

    result
    you are totally right sir, sorry. Double checking i wrote 1 function here from my head and messed it up, the correction should be:

    Code:
      int result = _SomeFunction(iParamB, b3);
    
    change to
    
    int result = _SomeFunction(a, b3);
    Sorry for the mistake.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    Still looking for a bit of help on this if anybody can.

    I understand that the function is somehow always getting the remainder of the division of P but i am not much further yet.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Simple MD5Hash utility
    By giv in forum Tools of Our Trade (TOT) Messageboard
    Replies: 0
    Last Post: March 7th, 2013, 15:10
  2. Simple relocation parser to start.
    By BanMe in forum The Newbie Forum
    Replies: 22
    Last Post: January 26th, 2011, 22:22
  3. Simple UAC-related question
    By Maximus in forum The Newbie Forum
    Replies: 7
    Last Post: November 16th, 2010, 17:38
  4. The Simple Client :}... very basic..
    By BanMe in forum Advanced Reversing and Programming
    Replies: 0
    Last Post: June 14th, 2009, 20:42

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •