Reading Time : 2min

Iamjustashells Hitmeloopmerevme Crackme Solution + Keygen


Difficulty: 1.4/6.0

Platform: Windows

Language: Assembler

Architecture: X86


Description by Author: My very first crackme. The algorithm should not be that hard. Please don't simply patch the binary but also write a keygen. I hope this is fun for some people


File Info

Archive Password is crackmes.one

After extracting file we get crackme.exe file

First of all lets check this file with DiE

1.1 FASM file is Detected

Lets launch it and write some random password code i.e “123” and see what we get

1.2 Program running
1.3 checked by inputting “123” as supposedly wrong answer and getting appropriate output

Checking Strings

1.4 strings visible so are not obfuscated or encrypted

Analysis

by opening the file with IDA we can see string references and Input output actions being performed.

dword_403000 is storing input for “favorite number” while
dword_403004 is storing input for “secret number”

sub_401000 is our validation function

2.1 image showing input variables and validation function

renamed variables fav_num(favorite number), sec_num(secret number)

2.2 variables after renaming

Checking Validation function sub_401000

401000 fav_num is stored in eax, and then at
401005 it is performing eax+eax (or fav_num*2)
401007 using fav_num value as a counter ecx

then loop begins
where it adds number 3 in eax for ecx times value (i.e fav_num*3)
an additional 3 will be added because the nature of this loop

so the formul becomes
secret_number = ((fav_num2)+(fav_num3))+3

we can simplify it
sec_num = (fav_num*5)+3

2.3 Validation Function

by following above formula
lets take 2 as our favorite number
so the secret number will be
sec_num = (2*5)+3
sec_num = 13

Lets Try this

2.4 working program with right answers

Voila it is working!

Keygen

here is python3 keygen for the program

# This program chooses random number between 0 and 858993458 and
# generate appropriate secret code and print them both
#
# The given crackme saves inputs in 4 byte memory locations
# as The program does not have any checking mechanism for incorrect inputs
# i.e characters, strings, negative numbers and input size limit
#
# This is the reason for choosing 858993458 as limit because this number creates
# secret number equals to 4294967293 which is equal to 0xFFFFFFFD that is
# 2 less than 4-byte limit for the secret number size in given program
# otherwise we will get incorrect numbers

# The Main Program begins here
import random

print("This program generate random favorite numbers"
    "and its relevent secret number")

quit = ""

while quit != "q":
    number = random.randint(0, 858993458)
    print(f"the favnum is: {number}")
    print(f"the secret number is: {(number*5)+3} \n")

    quit = input(f"write q to quit or just enter to generate again: ")