HN1 on 10:30 AM 05/05/2019: Name: Name any!
Found serial code: A10-57617274-686F67
Xor0 on 1:31 AM 05/06/2019: nice HN1, you got 1. Can you solve the other 6?
HN1 on 4:31 AM 05/07/2019: Xor0, yes!
pezi_pink on 5:06 PM 05/13/2019: I had a go at this and wrote some of it up here, thanks! http://pinksquirrellabs.com/blog/2019/05/08/reversing-xor0-crackme-1/
topside844 on 6:32 AM 05/14/2019: Wow, this was fun Xor0! Obviously, there's a different crack for each day of the week. Sunday's answer is provided by HN1.
Here is a working solution for Monday:
Username: MyUsername
Serial: A10-57617274-686F68
Keyfile: https://www.dropbox.com/s/u0fezx00msic0tw/xor0.rox?dl=0
The important parts of the keyfile are the following:
bytes[0-3] = LittleEndian(0xDEADC0DE)
bytes[4] = Username[4] ^ Serial[5] = 0x46
bytes[27-31] = 0xFACE0FB ^ (bytes[4] * SUM(bytes[5-31]))
As you can see, the sum of bytes 5-31 "SUM(bytes[5-31])" is used in the formula to create bytes 27-31. I therefor decided to create a "dummy sum" based on bytes[5-26] all being 0xFF while bytes[27-31] are 0x00. This "dummy sum" ends up being 0x16E9. Then, when I calculate the correct value for bytes[27-31], I then subtract values from bytes[27-31] so that the sum of bytes[5-31] still adds up to this "dummy sum" of 0x16E9.
Looking forward to diving into tomorrow's key.
topside844 on 7:36 AM 05/14/2019: Tuesday Solution:
Username: MyUsername
Serial: T10-1129
ifyGecko on 4:25 AM 05/16/2019: @topside844, your explanation for the Monday key has me lost. The way I am reading it face0fb0==(sum(byte[5-31])*byte[4])^dword[0x1000e39c]. dword[0x1000e39c] being the last 4 bytes of the file i.e byte[28]-byte[32]. I am not seeing how or why byte[4] is defined in terms of username[] and serial[] being xor'd together in your explanation or was this just an arbitrary decision? Could you or anyone chime in? My assembly skills are rather weak so I may just be lost in the woods and do not even know it.
ifyGecko on 4:26 AM 05/16/2019: Correct, i meant byte[27]-byte[31] as being the dword
ifyGecko on 6:01 AM 05/16/2019: disregard my entire question, I just can't do basic math. Thanks for the comment @topside844.
Zediken on 1:57 PM 05/16/2019: what is the password of the .rar file ? please..
Xor0 on 3:47 AM 05/20/2019: I'm glad you guys liked it. It was a lot of fun to code. Next one will not be as straight forward ;-)
LucaC on 12:41 PM 06/25/2019: Easy to crack, hard (for me at least) to create a Keygen!
(I see you're a fan of HASHEREZADE tho.)
HempDay420 on 9:35 PM 10/18/2019: can someone say me a solution how to crack it :) would be nice i tried make Breakpoint at MessageBoxW and gone back to return but only found a call ecx?
fondra on 2:36 PM 03/25/2020: @HempDay420 breakpoint on DLL load. once helper.dll is loaded navigate to the start of the .text section in the debugger memory map, breakpoint there.