After revert C code in IDA, we have the following functions sub_4013D and sub_401362
int __usercall sub_40134D(int a1 ) {
return MessageBoxA(*(HWND *)(a1 + 8), "Buen Trabajo, felicitaciones!! ", "Muy Bien!!", 0x30u);
}
int __usercall sub_401362(int a1 ) {
MessageBeep(0);
return MessageBoxA(*(HWND *)(a1 + 8), "Intentalo de nuevo ", "Muy mal ", 0x30u);
}
Below, we have the function who computes the algorithm to validate our input, algorithm use 2 internals functions sub_4013C2 and sub_4013D2
void __usercall sub_4013C2(int a1) {
int v1; // ebx@1
int v2; // edi@1
v2 = 0;
v1 = 0;
while ( *(_BYTE *)a1 ) {
LOBYTE(v1) = *(_BYTE *)a1;
v2 += v1;
++a1;
}
}
This function compute the sum of the char one by one.
int __usercall sub_40137E(int a1 , int a2 , int a3) {
int v3; // esi@1
char v4; // al@2
v3 = a3;
while ( 1 ) {
v4 = *(_BYTE *)v3;
if ( !*(_BYTE *)v3 ) {
sub_4013C2(a3);
return a2 ^ 0x5678;
}
if ( (unsigned __int8)v4 <>= 0x5Au )
sub_4013D2(v4, v3++);
else
++v3;
}
return MessageBoxA(*(HWND *)(a1 + 8), "Intentalo de nuevo ", "Muy mal ", 0x30u);
}
This function insure input in Nombre label is between letter "A" chr(0x41) and "Z" chr(0x5A).
char __usercall sub_4013D2(char a1 , int a2 ) {
char result; // al@1
result = a1 - 32;
*(_BYTE *)a2 = result;
return result;
}
This function substracts - 32 to the character a1, it's a letter capital transformation !
Finally, a keygen can be generated using the following python code:
In [1]: ((ord("s")-32+ord("b")-32+ord("z")-32) ^ 0x5678 ) ^ 0x1234
Out[1]: 17571
* Nombre sbz
* Serie 17571
Also for the Nombre nibbles, we have this Serie:
In [3]: ((ord("n")-32+ord("i")-32+ord("b")-32+ord("b")-32+ord("l")-32+ord("e")-32+ord("s")-32) ^ 0x5678 ) ^ 0x1234
Out[3]: 17843
Thanks ekoparty and ESET for this one.
Big up to my mentor because he pwn it in 2"13 minutes, you know you rocks :)
Hey Sofian, could you delay this post just a few days, so we can use it in a fairly manner for our ekoparty challenge in Argentina?? Thank you in advance!
ReplyDelete