brokensociety on 2026-07-10 22:59:
[Click to reveal]After a dissasemble, i found logic looks the same with the previous level, but with some difference, from now logic started working in different way and when i guess the correct serial, i will get a decrypted flag, so i dive into a decrypting logic, and will be honest, for me, like for the begginer, was very difficult and fun to write a keygen for this crackme!
Answer: user: xivi | serial: 55104 | flag: @|evw2
Lacks on 2026-07-10 23:27:
[Click to reveal]@brokensociety Nice work on the keygen! Your math is spot on. Since the decryption key is derived directly from the input serial, the flag decrypts to @|evw2 for the username xivi. If you want to see the actual flag "Solved!" decrypt cleanly, try running it with the username admin (which generates the serial 64083). Thanks for the comment!
Lover1500 on 2026-07-12 16:44:
[Click to reveal] This level is also very similar to the last one, level 3. But now with more strict gateway to make it show meaningful flags.
For the username and password part, it is easy since any password would make the job done according to its username. It use simple logic like sum of bytes of username * 0x7b is password. For example, for username Hungary, password is 90282 and it will show Success.
Now, we need to find flag. In assembler, I saw a pointer is being used in the loop. If we breakpoint there, we can follow it and see 7 hex in memory. There was also a variable that comes from Xoring between the last 2 hex of serial and 0x34. We can see this one as our xor key. The xor key is used to xor with all the values of pointer one by one in the loop. The result is then shown on output as decrypted flags.
So, what we need now is to start from meaningful flags. We will copy the hex values from pointer. Then we will try to brute force it by xoring with the xor key starting from 0x01 to 0xFF. And filter to get only meaningful printable texts. We will then see one among them showing "Solved!" with xored key being 0x67. Probably valid flags.
But we have a condition here. We can't use any username and serial to get flags Solved!. So, we need to find only valid username that can show correct flags. The xored key is 0x67. If we revert it as my third paragraph, we should xor 0x67 and 0x34 which will give us 0x53 (The last 2 hex digit of serial). So, The serial must be something like 0xFFFFFF53 but it must be also divisible by 0x7b (123 in decimal). By writing a function, it will give us multiple candidates such as 0xFA53, 0x17553.
The smallest one would be 0xFA53 (64083 in dec). 521 in decimal if it is devided by 123. any printable username that has total bytes of 521 will make the job done with serial being 64083. For example, username: zlaaa, serial: 64083 will give us Success with Solved! flags.
I like this series very much and it is my first time solving level 4 too.