Saturday, June 1, 2013 - Easy Keygen (100pts)

You can register and download this file here.
Alternatively, i've uploaded a copy of it here:

Given Hints:
ReversingKr KeygenMe

Find the Name when the Serial is 5B134977135E7D13

Required Tools:

Initial Analysis:
Let's load the binary with IDA Pro.
You will see something like the image below.

It seems to me that the username is 8 characters and there is an int array containing 16,32 & 48.
Let's move further down the CFG (Control-Flow Graph) and analyse further and we get something like this.

It's probably clearer now that every character in the user's supplied username is being XOR-ed with the int array.
Since the given hints is to find the Name when the Serial is 5B134977135E7D13 and we know that every character is being XOR-ed with the int array.
Let's XOR-ed back the given serial to find the username.

From the information which we have gathered so far. Our pseudo code will look something like this.
int iNum[3] = {16,32,48};
int iCounter = 0;
int i=0;
char dest[3];
char *szSerial = "5B134977135E7D13";
char *szUserName;

szUserName = (char*)calloc(9,sizeof(char));
for( i=0; i<strlen(szSerial); iCounter++, i+=2 ){
if( iCounter==3 ){
iCounter = 0;
strncpy_s( dest, _countof(dest), &szSerial[i], 2);
dest[2] = '\0';
sprintf_s(szUserName, 9,"%s%c", szUserName, strtol(dest, NULL, 16)^iNum[iCounter]);
printf("Original username: %s\n", szUserName);

Eventually, you will see what is the original username that will match 5B134977135E7D13 is "K3yg3nm3"

I hope that it's a simple to understand solution.


No comments:

Post a Comment