Did you intentionally make it impossible to enter the correct data for calculating the hash from the console?
@miarey |
==> |
But we can patch the memory after reading the characters entered in the console into the intermediate buffer. Reading data into the intermediate buffer occurs here
.text:00000001400AE70E mov [rax+rcx], r9b // [rax+rcx] is a pointer at bufer
status: ok
code: NYITQLWNHU5P75J5RJQ7QJ3GRU6GK64NMMTTKYOMG6K24D2AYGHA |
==> |
result={0x0E,0x29,0x69,0x0A,0x5E} //correct data for hash |
==> |
If you try to restore the original data. You will see that this data includes non-printable characters. I.e. enter this data from the console will not work.
uint32_t target_hash = 0xFB59EA6E;
std::vector get_solve_bytes() {
std::vector result;
for(uint32_t h = target_hash; h; h = (h - h % 0x83) / 0x83)
result.insert(result.begin(), h % 0x83);
return result;
} |
==> |
.text:00000001400B2830 imul esi, 83h ; 'ѓ'
.text:00000001400B2836 movzx eax, byte ptr [rdx]
.text:00000001400B2839 add esi, eax
.text:00000001400B283B inc rdx
.text:00000001400B283E cmp rdx, r8
.text:00000001400B2841 jnz short loc_1400B2830
uint32_t calculate_hash(const char* str) {
uint32_t hash = 0;
const char* ptr = str;
while (*ptr) {
hash = hash * 0x83 + (uint8_t)*ptr;
ptr++;
}
return hash;
}
.text:00000001400B287B cmp [rbx+30h], ecx //Check hash |
==> |