Wednesday, May 29, 2013

pCTF 2011 : Mission 6 - Fun with Numb3rs (100 Points)

pCTF 2011 : Mission 6 - Fun with Numb3rs (100 Points)

Hints given to us:
Uh oh… This door is protected with number scroll authenticator. There's "powered by .NETv4" sign.
Find out the combination and get the key!

These are the original files:
D573190633309f8a930bccbd199a16a4564c35fb.zip
Readme_Fun_with_Numb3rs.txt

Recommended Tools:
Reflector Decompiler (http://www.reflector.net/); Decompile .net
Use SandBoxie (http://www.sandboxie.com/) to siam the 30 days trial

Key Logic behind cracking the mission:
if ((((((num + num4) - num2) + ((num * num) * num2)) - num3) == ((num2 * ((num3 * 0x22) + (num5 - num))) + 0x1d40)) && (num > 0x4d))

Brute force the logic:
for(int a = 78; a <= 255; a++){     for(int b = 0; b <= 255; b++){         for(int c = 0; c <= 255; c++){             if((a + b*c) - b + ((a*a*b) - c) == (b * ((c * 34) + ((3*a) - a)))+ 7488){                 System.out.println("a : " + a);                 System.out.println("b : " + b);                 System.out.println("c : " + c);             }         }     } }



Answer:
You will get the following results.
a : 89
b : 144
c : 233

Making use of the numbers
Since we got the 3 numbers, let's use it on the binary by adjusting the sliders like this.



After adjusting the sliders, you will get this messagebox, which is the key. :D



I have also attached the source code for the brute-force application.
File:Crack.java


cheers
Elucidator

No comments:

Post a Comment