Jump to content
sulea

reverseme

By sulea, in Challenges (CTF)

Recommended Posts

giv Newbie

giv

Posted
Posted

Trebuie sa fii familiarizat cu programarea in ASM altfel portarea va fi destul de greoaie si multe comenzi nu pot fi portate in VB spre exemplu ca sa scrii o solutie automata.

CPU DisasmAddress Hex dump Command Comments

00401443 |. 0FBF05 409040 MOVSX EAX,WORD PTR DS:[crkme.409040]

0040144A |. 99 CDQ

0040144B |. B9 0A000000 MOV ECX,0A

00401450 |. F7F9 IDIV ECX

00401452 |. 66:8915 10904 MOV WORD PTR DS:[crkme.409010],DX

00401459 |. 0FBF0D 409040 MOVSX ECX,WORD PTR DS:[crkme.409040]

00401460 |. B8 67666666 MOV EAX,66666667

00401465 |. F7E9 IMUL ECX

00401467 |. 89C8 MOV EAX,ECX

00401469 |. C1FA 02 SAR EDX,2

0040146C |. C1E8 1F SHR EAX,1F

0040146F |. 01C2 ADD EDX,EAX

00401471 |. 66:8915 40904 MOV WORD PTR DS:[crkme.409040],DX

00401478 |. 0FBF05 409040 MOVSX EAX,WORD PTR DS:[crkme.409040]

0040147F |. 99 CDQ

00401480 |. B9 0A000000 MOV ECX,0A

00401485 |. F7F9 IDIV ECX

00401487 |. 66:8915 00904 MOV WORD PTR DS:[crkme.409000],DX

0040148E |. 0FBF0D 409040 MOVSX ECX,WORD PTR DS:[crkme.409040]

00401495 |. B8 67666666 MOV EAX,66666667

0040149A |. F7E9 IMUL ECX

0040149C |. 89C8 MOV EAX,ECX

0040149E |. C1FA 02 SAR EDX,2

004014A1 |. C1E8 1F SHR EAX,1F

004014A4 |. 01C2 ADD EDX,EAX

004014A6 |. 66:8915 40904 MOV WORD PTR DS:[crkme.409040],DX

004014AD |. 0FBF05 409040 MOVSX EAX,WORD PTR DS:[crkme.409040]

004014B4 |. 99 CDQ

004014B5 |. B9 0A000000 MOV ECX,0A

004014BA |. F7F9 IDIV ECX

004014BC |. 66:8915 20904 MOV WORD PTR DS:[crkme.409020],DX

004014C3 |. 0FBF0D 409040 MOVSX ECX,WORD PTR DS:[crkme.409040]

004014CA |. B8 67666666 MOV EAX,66666667

004014CF |. F7E9 IMUL ECX

004014D1 |. 89C8 MOV EAX,ECX

004014D3 |. C1FA 02 SAR EDX,2

004014D6 |. C1E8 1F SHR EAX,1F

004014D9 |. 01C2 ADD EDX,EAX

004014DB |. 66:8915 40904 MOV WORD PTR DS:[crkme.409040],DX

004014E2 |. 0FBF05 409040 MOVSX EAX,WORD PTR DS:[crkme.409040]

004014E9 |. 99 CDQ

004014EA |. B9 0A000000 MOV ECX,0A

004014EF |. F7F9 IDIV ECX

004014F1 |. 66:8915 30904 MOV WORD PTR DS:[crkme.409030],DX

004014F8 |> 66:A1 1090400 MOV AX,WORD PTR DS:[crkme.409010] ; loc_4014F8

004014FE |. 66:3D 0300 CMP AX,3

Usr6 Newbie

Usr6

Posted
Posted

Multumesc,

Am primit acordul lui @sulea pentru a face publica metoda prin care am gasit solutia. Desi este un challenge de reverse engineering poate fi rezolvat si prin metode care nu au nimic in comun cu RCE, eu am creat un script in python care gaseste solutia prin brute force

from subprocess import *
for i in range (0,1000000):
    p = Popen("crackme.exe", stdin=PIPE, stdout=PIPE)
    p.stdin.write(str(i)+ "\n")
    print i,
    if p.stdout.read() != "nr=":
        break
Solutii identificate:

9360 19360 29360
74896 84896 94896 
140432 150432 160432 
205968 215968 225968
271504 281504 291504 
337040 347040 357040 
402576 412576 422576



			
		


		
			

				
					
						

	
	
		

			
				
				

					
				

			
			
			
		

	


					
				
				
			

		

		
			

		
	


	
    


	



					
				
					
					
					






					
				
			
			



		

	


	
	

	
		
		

			
				
				

	
		

			
Join the conversation

			

	
				
					You can post now and register later.
				
				If you have an account, sign in now to post with your account.
				
			

	
		

	




	
	
		
	
		
	
		
	
	
		
		
	
	

		

		


	
		Guest
	


		

			
				
					
				
					
						
    
							
  • 
								


	
	
	
	

								
							
    • 
						

					
				
					
				
			
			
				
					
						
							
						
						



    

		
		

			
		

		
			
 Reply to this topic...

		
		

			

				
					×
					  Pasted as rich text.   Paste as plain text instead
				
			

		

		

			

				  Only 75 emoji are allowed.
			

		

		

			

				×
				  Your link has been automatically embedded.   Display as a link instead
			

		

		

			

			

		

		

			

				×
				  Your previous content has been restored.   Clear editor
			

		

		

			

				×
				  You cannot paste images directly. Upload or insert images from URL.
			

		

		
	

		
	

	

	

		

			×
			
		

		

	



						
					
				
					
				
					
				
			
			
    
				
					
						
					
						
					
						
							
  • 
								


    
	

    

								
							
    • 
						
					
				
				
					
  • 

	

    • 
				
			

		

	



			
		

	

	
		

			


		

		

			



		

	







	

		
			
				Go to topic listing
			
		
	

	




	

	

	


	

	




								


							

							


						

					

					
				

				

				

			

		

		
		


	×
	

		

			

			

				

					
				


			

			
		

	






	×
	

		

			
    
				
  • Create New...
    •