Welcome to the new Woodmann RCE Messageboards Regroupment
Please be patient while the rest of the site is restored.

To all Members of the old RCE Forums:
In order to log in, it will be necessary to reset your forum login password ("I forgot my password") using the original email address you registered with. You will be sent an email with a link to reset your password for that member account.

The old vBulletin forum was converted to phpBB format, requiring the passwords to be reset. If this is a problem for some because of a forgotten email address, please feel free to re-register with a new username. We are happy to welcome old and new members back to the forums! Thanks.

All new accounts are manually activated before you can post. Any questions can be PM'ed to Kayaker.

[keygen ME] Messy crypto

A classroom run by newbies for newbies. Gain valuable reversing experience & skills as we explain the in's and out's of RCE.
Locked
User avatar
Kurapica
Posts: 102
Joined: Wed Jun 11, 2008 5:14 pm
Location: JIT compiler

[keygen ME] Messy crypto

Post by Kurapica »

Hi

this is a new challenge, It's not hard but it's good for those who like

coding in .NET, will be a great fun for a cold winter night

patching is forbidden, only a valid keygen is accepted

Enjoy

http://www.4shared.com/file/WctnNsWI/challenge.html

link fixed ...
Life can only be understood backwards but It must be read forwards

http://board.b-at-s.info
http://portal.b-at-s.info/news.php
niaren
Member
Posts: 70
Joined: Thu Dec 10, 2009 3:16 pm

Post by niaren »

Seems somthing is wrong.
Getting the following message:
" 'KeygenME2011.rar' is unavailable. This file was deleted. "
Is it not possible to upload it directly here?
User avatar
Kurapica
Posts: 102
Joined: Wed Jun 11, 2008 5:14 pm
Location: JIT compiler

Post by Kurapica »

link fixed ... :yay:
Life can only be understood backwards but It must be read forwards

http://board.b-at-s.info
http://portal.b-at-s.info/news.php
niaren
Member
Posts: 70
Joined: Thu Dec 10, 2009 3:16 pm

Post by niaren »

Thanks posting the challenge here. I have been waiting for you to post a challenge ;) I completed my first .NET crackme not so long ago and I read your tutorials from here to do the necessary patching etc. Thanks mate :p

I don't know if this is a good enough solution, if not I will code the GUI later.

key1 = "abcd"
key2 = "efgh"
key3 = "ijkl"
key4 = "221750B8880CD15EB76499A4BBCDF96059545A37"

This is the code which needs to be packed into a GUI (I have not made a .NET GUI before so this will have to wait)

[SPOILER]

Code: Select all

using System;
using System.Collections.Generic;
using System.Linq;
using System.Windows.Forms;
using System.Reflection;
using System.Security.Cryptography;
using System.Text;

namespace WindowsFormsApplication1
{

    static class Program
    {
        /// <summary>
        /// The main entry point for the application.
        /// </summary>
        [STAThread]
        static void Main()
        {
            string finalValue = "v5.5.2";
            string Ve = "abcd";
            string We = "efgh";
            string Xe = "ijkl";
            string Ye;
            //GetFinalValue(ref finalValue);
            if ((Ve.Trim().Length != 0) && (We.Trim().Length != 0) && (Xe.Trim().Length != 0) ) 
            {
                Ye = ComputeKey(Ve + We + finalValue.Substring(0, 4), Xe);
                
            }

            Application.EnableVisualStyles();
            Application.SetCompatibleTextRenderingDefault(false);
            Application.Run(new Form1());
           
        }

        public static bool GetFinalValue(ref string finalValue)
        {
            try
            {
                Assembly assembly = Assembly.LoadFile(Application.StartupPath + @"\Alvas.Audio.dll");
                finalValue = "v" + assembly.GetName().Version.ToString().Substring(0, 5);
                return true;
            }
            catch (Exception)
            {
                return false;
            }
        }

        public static string ComputeKey(string A_0, string A_1)
        {
            HashFunc hashfunc = new HashFunc(A_0);
            return hashfunc.af(A_1 + "kurapica").ToUpper();
        }

    }

    internal class HashFunc
    {
        // Fields
        private int Ge;
        private int He;
        private int Ie;
        private int Je;
        private string Ke;
        private string Le;
        private string Me;
        private string Ne;
        private string Oe;
        private string Pe;
        private string Qe;
        private string[] Re = new string[0x62];

        // Methods
        private string e7(string text, int index)
        {
            return text.Substring(0, index);
        }

        private string e8(string text, int index)
        {
            return text.Substring(text.Length - index);
        }

        private string e9(string A_0)
        {
            MD5CryptoServiceProvider provider = new MD5CryptoServiceProvider();
            UTF8Encoding encoding = new UTF8Encoding();
            string str = "";
            foreach (byte num in provider.ComputeHash(encoding.GetBytes(A_0)))
            {
                str = str + num.ToString();
            }
            return str;
        }

        public string af(string A_0)
        {
            try
            {
                SHA1 sha = SHA1.Create();
                sha.ComputeHash(Encoding.UTF8.GetBytes(A_0));
                string str = "";
                for (int i = 0; i < sha.Hash.Length; i++)
                {
                    str = str + sha.Hash[i].ToString("X2");
                }
                return str;
            }
            catch (Exception)
            {
            }
            return "";
        }

        public HashFunc(string A_0)
        {
            this.Ne = this.e9("dwgxhQIeLxUA" + A_0 + "B4dHHhd");
            this.Ke = "8x3p5BeabcdfghijklmnoqrstuvwyzACDEFGHIJKLMNOPQRSTUVWXYZ1246790";
            int index = 0;
            this.Ie = this.Ke.Length;
            this.Re[0] = this.Ke;
            int num2 = this.Ie;
            for (int i = 1; i <= num2; i++)
            {
                this.Le = this.e7(this.Re[index], 1);
                this.Me = this.e8(this.Re[index], this.Ie - 1);
                this.Re[i] = this.Me + this.Le;
                index++;
            }
        }
    }
}
[/SPOILER]
User avatar
Kurapica
Posts: 102
Joined: Wed Jun 11, 2008 5:14 pm
Location: JIT compiler

Post by Kurapica »

your key seems correct but I need the keygen in any language

posting your code like this will spoil the fun for the other members :(
Life can only be understood backwards but It must be read forwards

http://board.b-at-s.info
http://portal.b-at-s.info/news.php
nick_name

Keygen written in Python

Post by nick_name »

Quick Summary:

* Values in 1st and 2nd text-box does not matter even though their MD5 digest is generated with some other texts concatenated. I think it's a detour to distract.
* Serial is the SHA-1 digest of the value in 3rd text-box as in the following Python snippet.

Keygen written in Python:

[SPOILER]

Code: Select all

#!/usr/bin/env python

import hashlib
import sys

if len(sys.argv) == 1:
        msg = "3333"
else:
        msg = sys.argv[1]

sha = hashlib.sha1()
sha.update(msg+"kurapica")

print "[*] 3rd textbox = ", msg
print "[*] 4th textbox = ", sha.hexdigest().upper()
[/SPOILER]

Image
niaren
Member
Posts: 70
Joined: Thu Dec 10, 2009 3:16 pm

Post by niaren »

Can't beat that keygen :)

Anyway, made a lame .NET keygen and a keygen with some very cool graphics (kurapica will probably agree ;) , unfortunately I couldn't make the key4 edit box readonly)

Just for fun I tried to download kurapica's dotNET DeObfuscator from here http://portal.b-at-s.info/download.php?view.38
Used it with default settings on the keygen but the output won't run. Just thought I'd mention it.
Btw what is that tool doing to the audio?

[ATTACH]2398[/ATTACH]
[ATTACH]2399[/ATTACH]
Attachments
DotNetKeyGen.zip
(4.95 KiB) Downloaded 107 times
coolgen.zip
(394.11 KiB) Downloaded 111 times
User avatar
Kurapica
Posts: 102
Joined: Wed Jun 11, 2008 5:14 pm
Location: JIT compiler

Post by Kurapica »

your solution is correct

well done

that deobfuscator tool output is just for analysis and won't run

that audio DLL plays audio files ! but not used in my keygenme

just a trick
Life can only be understood backwards but It must be read forwards

http://board.b-at-s.info
http://portal.b-at-s.info/news.php
Locked