Xor0's xor0_crackme_1



9:53 PM 05/01/2019




helper.dll MD5 - 55B4C36AE11AE887514FEF98012DD4E8 WhichKeyIsIt.exe MD5 - CBF9019FAA580D7203493862AA420CF5 My first crackme!! I hope you enjoy it!

HN1 on 10:30 AM 05/05/2019: Name: Name any! Found serial code: A10-57617274-686F67

Xor0 on 1:31 AM 05/06/2019: nice HN1, you got 1. Can you solve the other 6?

HN1 on 4:31 AM 05/07/2019: Xor0, yes!

pezi_pink on 5:06 PM 05/13/2019: I had a go at this and wrote some of it up here, thanks!

topside844 on 6:32 AM 05/14/2019: Wow, this was fun Xor0! Obviously, there's a different crack for each day of the week. Sunday's answer is provided by HN1. Here is a working solution for Monday: Username: MyUsername Serial: A10-57617274-686F68 Keyfile: The important parts of the keyfile are the following: bytes[0-3] = LittleEndian(0xDEADC0DE) bytes[4] = Username[4] ^ Serial[5] = 0x46 bytes[27-31] = 0xFACE0FB ^ (bytes[4] * SUM(bytes[5-31])) As you can see, the sum of bytes 5-31 "SUM(bytes[5-31])" is used in the formula to create bytes 27-31. I therefor decided to create a "dummy sum" based on bytes[5-26] all being 0xFF while bytes[27-31] are 0x00. This "dummy sum" ends up being 0x16E9. Then, when I calculate the correct value for bytes[27-31], I then subtract values from bytes[27-31] so that the sum of bytes[5-31] still adds up to this "dummy sum" of 0x16E9. Looking forward to diving into tomorrow's key.

topside844 on 7:36 AM 05/14/2019: Tuesday Solution: Username: MyUsername Serial: T10-1129

ifyGecko on 4:25 AM 05/16/2019: @topside844, your explanation for the Monday key has me lost. The way I am reading it face0fb0==(sum(byte[5-31])*byte[4])^dword[0x1000e39c]. dword[0x1000e39c] being the last 4 bytes of the file i.e byte[28]-byte[32]. I am not seeing how or why byte[4] is defined in terms of username[] and serial[] being xor'd together in your explanation or was this just an arbitrary decision? Could you or anyone chime in? My assembly skills are rather weak so I may just be lost in the woods and do not even know it.

ifyGecko on 4:26 AM 05/16/2019: Correct, i meant byte[27]-byte[31] as being the dword

ifyGecko on 6:01 AM 05/16/2019: disregard my entire question, I just can't do basic math. Thanks for the comment @topside844.

Zediken on 1:57 PM 05/16/2019: what is the password of the .rar file ? please..

Xor0 on 3:47 AM 05/20/2019: I'm glad you guys liked it. It was a lot of fun to code. Next one will not be as straight forward ;-)